Chrome Data Collection Class Action Revived on Appeal

Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

Chrome Data Collection Class Action Revived on Appeal

The 9th Circuit Court of Appeals reversed a district court dismissal of a class action case against Google alleging that Google Chrome sent personal information to Google whenever users exchanged communication with any website that included Google “surveillance source code.” The district court had granted summary judgment to Google based on Google’s assertion that users had consented to such data collection through Google’s general Privacy Policy, a new account creation agreement, and a push down banner that Google had shown to account holders. However, the 9th Circuit reversed that decision, remanding the case back to the district court to determine whether a reasonable user would understand Google’s various privacy policies and terms and think that they were consenting to the data collection. 

TAKEAWAY

This case demonstrates the importance of not just implementing consent banners and privacy policies as a checkbox exercise, but rather tailoring privacy consents and disclosures to the sophistication of the specific user audience at issue to ensure they can actually understand what they are consenting to. One quote from the case is particularly insightful on this point: “Whether a ‘reasonable’ user of Google’s computer software at issue in this case consented to a particular data collection practice is not to be determined by attributing to that user the skill of an experienced business lawyer or someone who is able to easily ferret through a labyrinth of legal jargon to understand what he or she is consenting to. Instead, a determination of what a ‘reasonable’ user would have understood must take into account the level of sophistication attributable to the general public, which uses Google’s services.”

Customize user privacy experiences and consent banners to comply with global regulations while optimizing for your business goals with Sourcepoint Dialogue consent management platform (CMP)

California Bill Mandating Browser Support of Opt-out Signals Is Amended

California AB 3048, which would require browsers and mobile operating systems to include a setting enabling users to send opt-out preference signals to websites and applications they interact with, has been amended by the Senate to, among other changes, set an effective date of January 1, 2026. The amendment also added a definition of “Opt-out preference signal,” specifically, “a signal that complies with this title and that communicates the consumer’s choice to opt out of the sale and sharing of the consumer’s personal information or to limit the use of the consumer’s sensitive personal information.”

NEXT STEPS

The amended bill has been ordered to a second reading in the Senate. If it passes the Senate, the amendment will still need to be approved by the House (which already passed the bill before it was amended). The California legislative session closes August 31, so any movement on this bill will need to happen in the coming days. The governor would then have until September 30 to sign or veto the legislation if it passes before the end of August.

Download Sourcepoint’s sensitive data guide to learn how different states define sensitive information, understand enforcement mechanisms, and discover best practices for processing sensitive data.

Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.