Google is currently embroiled in a class-action-style lawsuit in the Netherlands, with accusations of breaching European privacy laws at its core. The lawsuit, filed by two non-profit organizations, The Foundation for the Protection of Privacy Interests (FPPI) and the Dutch Consumers’ Association, alleges that Google has violated European Union data protection regulations by tracking and profiling consumers without their consent. The plaintiffs are not only demanding that Google ceases its tracking and profiling practices but are also seeking compensation for what they refer to as “large-scale privacy violations.”
Over 82,000 consumers have joined this legal action since it was initially announced in May.
According to the claimants, Google’s actions are in contravention of Dutch and European privacy legislation. They contend that Google collects vast amounts of users’ online behavior and location data through its services and products without providing adequate information or obtaining proper consent. Google allegedly shares this data, which includes sensitive personal information such as health, ethnicity, and political preferences, with numerous third parties via its online advertising platform. Research indicates that European residents’ internet activity and locations are exposed to online ad auctions almost 380 times a day on average.
The lawsuit not only seeks compensation for affected individuals but also demands structural changes within Google to prevent further privacy violations. The claimants argue that Google’s current practices effectively turn users into products while generating billions in advertising revenue annually.
This lawsuit, which operates on a ‘no win, no fee’ basis, remains open for sign-ups. Consumers who have used Google’s products or services in the Netherlands since March 1, 2012, are eligible to join this collective legal action.
Notably, the Netherlands adapted its class-action regime early on to align with a new EU directive on representative actions, which allows qualified entities like consumer rights groups to file collective actions on behalf of consumers. These new procedural rules have been in effect since June 25.
Additionally, a ruling by the Court of Justice of the EU in May clarified that there is no threshold of seriousness for non-material harm in privacy damages claims. This means that claims can be brought for emotional distress stemming from breaches of the EU’s General Data Protection Regulation (GDPR) or other privacy laws.
In response to this legal action, Ada van der Veer, Chairman of the FPPI, emphasized Google’s continuous monitoring practices. She highlighted how Google collects data, even through third-party cookies, effectively enabling the monitoring of users’ internet behavior across websites and apps, even when users are not actively engaging with Google’s products or services.
While Ireland’s Data Protection Commission has been investigating various aspects of Google’s business for GDPR compliance, no decisions have been issued to date. This has spurred consumer rights groups to pursue litigation, given the availability of ‘no win, no fee’ funding models. In this case, the litigation is funded by the law firm Lieff Cabraser Heimann & Bernstein.
Google’s adtech practices have faced scrutiny, with research revealing extensive data sharing in real-time bidding ad auctions. Google has been exploring alternative ad targeting methods, such as the “Privacy Sandbox,” aimed at shifting away from third-party cookies for tracking. However, concerns remain about the level of user data tracking involved in this approach. Google has also faced criticism for pushing the Privacy Sandbox onto Chrome users without an affirmative opt-in.
Notably, the Dutch Consumers’ Association previously won a privacy lawsuit against Meta, the parent company of Facebook, also funded by Lieff Cabraser Heimann & Bernstein, which resulted in a declaration that Meta lacked a lawful basis for processing local users’ data for ad targeting.