Insights
Publications

A Roadmap to Litigating Privacy Claims? A Look at a Recent Order From the Google Assistant Privacy Litigation

May 27, 2020 Blog

As privacy-related litigation continues to heat up, Judge Beth Freeman (ND Cal.) recently laid out in In re Google Assistant Privacy Litigation (Case No. 19-cv-04286)[1] a potential roadmap for surviving or winning a motion to dismiss on privacy-related causes of action. 

The consolidated lawsuit against Google alleges violations on twelve counts, all relating to the Google Assistant product – a voice-activated technology used in mobile and home devices that listens for “hotwords” in order to carry out user commands. This case is an important one to watch and should be broadly instructive as many companies, big and small, are and have been hard at work on voice-activated technologies (compare, for instance, to Amazon’s Alexa, Apple’s Siri, and countless speech recognition start-ups around the world). Huge numbers of households and individuals currently have these devices in their homes and/or on their person at all times.

Plaintiffs allege that while devices with Google Assistant await user commands, short audio recordings are constantly made and continuously overwritten. This litigation is based almost entirely on a VRT NWS news article published in 2019 claiming that Google stores and analyzes the short pieces of audio recorded before the hotwords are said in order to improve the software’s accuracy.

This case involves five named plaintiffs residing in New York and California. Plaintiffs allege privacy or privacy-type violations under federal and California state laws including the federal Wiretap Act, California Invasion of Privacy Act, intrusion upon seclusion under California common law, invasion of privacy in violation of Article I, Section 1 of the California Constitution, violation of California Unfair Competition Law § 17200, and various breach of contract and warranty claims relating to Google’s applicable privacy policy.

Google’s motion to dismiss sought dismissal of all but one count (for declaratory judgment). With some minor exceptions, Judge Freeman granted dismissal with leave to amend on the eleven counts on which Google moved. 

With respect to the Stored Communications Act (SCA), which is modeled on the common law of trespass, Judge Freeman held that the plaintiffs had not yet pled a claim for unlawful access, but had pled sufficiently on an unlawful disclosure theory. As to the unlawful access prong, Judge Freeman observed that the Ninth Circuit has failed to provide guidance on the meaning of “facility” under the SCA (to succeed, the plaintiff must show the defendant gained unauthorized access to a “facility” where it accessed electronic communication in “electronic storage”). The court laid out the limited Ninth Circuit precedent on the meaning of a “facility” under the SCA, expressing skepticism that plaintiffs would be able to plead facts sufficient to show that their Google Assistant devices constitute “facilities.” In denying Google’s motion to dismiss on the unlawful disclosure theory, the court pointed in part to what it characterized as vague language in Google’s privacy policy, and found plaintiffs had adequately pled unlawful disclosure based upon the allegations of “disclosure of audio and transcripts to subcontractors for analysis ‘to improve the functionality’ of the Google Assistant.”

As to the counts for the common law tort of intrusion upon seclusion and invasion of privacy under California Constitution, Article 1, Section 1, the court noted that the sources of these two privacy protections are closely related, dismissing the claims with leave to amend. Both claims essentially require the existence of an expectation of privacy, and an intrusion into that private space. Here, the plaintiffs have alleged that the “false accept” recordings constitute such an intrusion, alleging that short audio recordings are constantly made and continuously overwritten while the devices await user commands. But the court observed that the plaintiffs’ failure to allege sufficient information to show that recorded conversations were had under circumstances that would give rise to a reasonable expectation of privacy was “fatal” to these claims at this stage. At the same time, however, the court noted that a reasonable person could find the alleged conduct to be “highly offensive,” one of the prongs required to meet the legal standard for intrusion upon seclusion, and warned that courts have found surreptitious recordings can constitute “an actionable intrusion,” and that these circumstances may be more akin to surreptitious recording cases than to browsing history cases . While the court found the pleadings deficient on reasonable expectation of privacy, it noted that if the pleadings were cured to address that deficiency, whether or not the conduct was “offensive,” would not likely be resolvable on a future motion to dismiss.

Plaintiffs also sought relief under California’s UCL Sec. 17200 alleging economic injury due to overpayment for their Google Assistant devices. As an initial matter, because not all plaintiffs alleged payment for any such device, their claims were dismissed with leave to amend. 17200 claims may be brought under the unlawful, fraudulent, and/or unfair prongs of the UCL. The unlawful prong failed as it was based on the other asserted counts which the court had already dismissed without prejudice. The court dismissed the fraudulent prong for plaintiffs’ failure to identify any misrepresentations or omissions with the particularity required by Rule 9(b)’s heightened pleading standards. Finally, the court dismissed plaintiffs’ UCL claim under the unfair prong, noting that plaintiffs have failed to allege any harm to competition or incipient violation of the antitrust laws as Cel-Tech Commc’ns, Inc. v. Los Angeles Cellular Tel. Co., 20 Cal. 4th 163 (1999) requires. Here, the court noted Google’s objection that “considering the substantial benefit the Google Assistant provides to consumers, Plaintiffs ‘cannot reasonably allege’ that the utility of their Google Assistant Enabled Devices is outweighed by the ‘occasional error’ of false accepts.” The court also warned that invasion of privacy is a harm that is difficult to quantify, and that it would not be possible to determine as a matter of law that the utility of the Google Assistant product outweighs the harm from the false accepts. The court then granted dismissal, warning plaintiffs to properly plead “harm to the alleged victim” to meet the requirements of the “unfair” prong.

The roadmap Judge Freeman laid out on many of these claims can provide valuable guidance to assessing the strength of possible privacy claims, and the ability to defeat claims at the motion to dismiss stage, for plaintiffs and defendants alike. Given the popularity of and innovation in the voice recognition technology space, this case is certainly one to watch.


[1] This is a consolidation of cases Kumandan, et al. v. Google LLC and Galvan, et al. v. Google LLC.

Firm Highlights

Publication

Signatures Submitted for Inclusion of New California Privacy Law on November Ballot

Californians for Consumer Privacy has announced that it has secured and submitted enough signatures to qualify its California Privacy Rights Act (“CPRA”) for inclusion on California’s November 2020 ballot. Alistair Mactaggart, the architect behind...

Read More
Publication

Private Rights of Action and the CCPA—Unlimited Limitation?

As we are all well aware by now, the California Consumer Privacy Act (CCPA) (Cal. Civ. Code Sections 1798.100 et seq.) went into effect on Jan. 1. Through its amendments and regulations (the latter...

Read More
News

GDPR in 2020: What You Need to Know

In the article "GDPR in 2020: What You Need to Know," Nate Garhart discussed the newly clarified guidelines for extraterritorial application of GDPR. Read the full article on Toolbox , here .

Read More
Publication

Zoom Successfully Addresses New York’s Privacy and Security Concerns

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom , as it becomes a significant part of American daily life during the COVID-19 pandemic. ...

Read More
Publication

Federal “COVID-19 Consumer Data Protection Act” Proposed

A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis...

Read More
Publication

Senate Democrats Release Competing COVID-19 Privacy Bill

Democratic Senators Richard Blumenthal and Mark Warner have introduced the  Public Health Emergency Privacy Act  in response to  the bill of the same subject released by Senate Republicans  (the  COVID-19 Consumer Data Protection Act...

Read More
Publication

Reopening Plans and Recommended Protocols Beg New Privacy Issues

While far from getting us back to any kind of normal that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously closed “nonessential” businesses are returning to operations. With...

Read More
Publication

Reopening Businesses Must Consider Employee and Consumer Privacy

While we’re far from returning to the “normal” that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously “nonessential” businesses are returning to operations. Along with these openings, governmental...

Read More
Publication

Trademark Office Deadlines and Coronavirus-Related Delays (Updated)

With all of the business interruption caused by the COVID-19 pandemic, many worldwide trademark offices have taken steps to recognize the issues caused by the crisis. The offices in which applicants from the U.S...

Read More
News

In Novel Case, Insurer Sues Own Law Firm After Data Breach

Tyler Gerking was quoted in the Law360 article "In Novel Case, Insurer Sues Own Law Firm After Data Breach." In the article Tyler said, "This case shows some of the hazards that all companies face...

Read More