Written by Jake Romero
If you were on Google’s home page yesterday at the office, you probably spent more time than you care to admit playing the “help the letter ‘g’ hit the piñata” game that Google created for its 15th birthday.
For Google, that might be a welcome distraction from very bad news it received from the Northern District of California. U.S. District Court Judge Lucy Koh denied in part Google’s motion to dismiss a 2010 claim in which users accuse Google of violating various state and federal laws by scanning the content of user emails for purposes of creating user profiles and directing targeted advertising, thus allowing a putative class action suit against the search (and everything else online) giant to proceed.
Judge Koh’s order (full text can be found here), is significant in its handling of a number of Google’s arguments, but the rejection of a particular line of argument is understandably receiving much of the attention. In its Motion to Dismiss, Google argued that its practice of scanning emails is not a violation of the Federal Wiretap Act because, among other reasons, Gmail users and non-Gmail users have consented to the interception of emails. Google’s consent argument was two-fold. First, it argued that Gmail users had “expressly consented” to having their emails scanned by agreeing to its Terms of Service and Privacy Policies, which every Gmail users is required to do. Second, it argued that non-Gmail users have “impliedly consented” to the practice by sending an email to a Gmail user, because at that time those non-users understood how Gmail services operate.
Judge Koh rejected both of Google’s consent arguments, holding that the Court “cannot conclude that any party – Gmail users or non-Gmail users – has consented to Google’s reading of email for the purposes of creating user profiles or providing targeted advertising.” The Court dug into the multiple iterations of Google’s Terms of Service and Privacy Policies that have been in place since 2007, and found that the policies did not explicitly notify users that Google would intercept emails for the purposes or creating user profiles and targeting advertisements. The Court discussed a number of sections of Google’s policies where users allegedly consented to the practice of scanning emails for advertising purposes, and in each case found that the policies either described a different purpose for scanning emails (such as filtering out objectionable content) or were unclear when describing what kind of information would be intercepted (using descriptions like “information stored on the Services” or “information you provide”). The Court further held that Google’s current policies (which were put in place on March 1, 2012) are equally ineffective at establishing consent. Finally, the Court rejected the argument that non-Gmail users had impliedly consented to the interception of emails, noting that accepting Google’s theory of implied consent would “eviscerate” laws prohibiting interception of communications.