A Delaware judge has dismissed a class-action lawsuit against Google for secretly storing Safari cookies even when users had opted out. In a ruling from yesterday, Judge Sue Robinson wrote that the plaintiffs — who had filed suit under a variety of privacy and anti-hacking laws — hadn't proved real harm under any of them, nor had they convincingly argued that Google had violated their legal rights.
The basic facts of the case aren't particularly in dispute. In early 2012, researchers discovered that Google and several advertising networks had found an exploit that let them surreptitiously store cookies through the Safari and mobile Safari browsers, regardless of users' privacy settings. While Google essentially called the process an accident and quickly removed the cookies, it was later found to have a similar system on Internet Explorer. The users in this suit argued that by using cookies to track users across sites without their consent, Google was essentially swindling them out of personal information that would otherwise have monetary value and was infringing on their right to privacy.
But Robinson found there wasn't much evidence that placing the cookies had caused users tangible harm. While users can get rewards for giving up some personal information, previous court cases have found that having it collected doesn't necessarily devalue it or prove the user was hurt. Despite this, Google could still have been on the hook for invasions of privacy. To be considered under the Electronic Communications Privacy Act, the cookies would have needed to collect something that could be considered the "contents" of a communication, and Robinson didn't think that web addresses met that bar. "Even if plaintiffs' browsers were 'tricked' into sending the URLs to Google," she wrote, "the court concludes that Google did not intercept contents as provided for by the Wiretap Act."
Google hasn't gotten away scot-free. In August of 2012, it paid the FTC a fine of $22.5 million, the largest fee of its kind ever collected. As part of that agreement, though, the company didn't have to admit wrongdoing, something that ultimately didn't sit well with the FTC. More recently, the company is facing another privacy class-action suit, this one over its Gmail keyword scanning. While the two cases share some superficial similarities, they don't hinge on the same arguments or the same circumstances, and Google lost its initial fight to have that suit dismissed.