The first details emerged Monday from Google’s settlement of a class-action lawsuit over Chrome’s tracking of Incognito users. Filed in 2020, the suit could have required the company to pay $5 billion in damages. Instead, The Wall Street Journal reports that Google will destroy “billions of data points” it improperly collected, update its data collection disclosures and maintain a setting that blocks Chrome’s third-party cookies by default for the next five years.
The lawsuit accused Google of misleading Chrome users about how private Incognito browsing truly is. It claimed the company told customers their info was private — even as it monitored their activity. Google defended its practices by claiming it warned Chrome users that Incognito mode “does not mean ‘invisible’” and that sites could still see their activity. The settlement was first reported in December.
The suit initially asked for $5,000 in damages per user for alleged offenses related to federal wiretapping and California privacy laws. Google tried and failed to have the legal action dismissed, with Judge Lucy Koh determining in 2021 that the company “did not notify” users it was still collecting data while Incognito mode was active.
Engadget emailed Google for comment about the settlement details. We’ll update this article if we hear back.
The suit’s discovery included emails that, in late 2022, revealed publicly some of the company’s concerns about Incognito’s false privacy. In 2019, Google Chief Marketing Officer Lorraine Twohill suggested to CEO Sundar Pichai that “private” was the wrong term for Incognito mode because it risked “exacerbating known misconceptions.” In a later email exchange, Twohill wrote, “We are limited in how strongly we can market Incognito because it’s not truly private, thus requiring really fuzzy, hedging language that is almost more damaging.”
The court didn’t approve a class of plaintiffs for financial damages, so users would have to sue Google as individuals to try to collect compensation. Some didn’t waste any time: A group of 50 people already filed a separate suit in California state court on Thursday over the privacy violations.
The lawsuit’s trial was initially scheduled for February. The settlement still needs final approval from Judge Yvonne Gonzalez Rogers of the Northern District of California before it’s official.
“This settlement is an historic step in requiring honesty and accountability from dominant technology companies,” Attorney David Boies, who represents the plaintiffs, said in a statement to The Wall Street Journal.
One piece of the settlement, the requirement that Google turn off third-party tracking cookies by default for the next five years, could already be a moot point. The company’s Privacy Sandbox initiative was already scheduled to disable all third-party cookies for Chrome users by the end of the year. It will replace them with the Topics API, a system that avoids cookies by categorizing browsing activity into locally stored topics. The new system lets advertisers target ads toward users without having direct access to their browsing data.
It’s also questionable how effective the destruction of the improperly collected data will be. Considering that the suit covers information stretching back to 2016, it’s reasonable to assume the company sold much of the data to third parties long ago or incorporated it into separate products not covered by the settlement.
Google will also have to rewrite its privacy disclosures over its data collection practices in Incognito mode. It told The WSJ it’s already begun applying the change.
This article originally appeared on Engadget at https://www.engadget.com/google-says-it-will-destroy-browsing-data-collected-from-chromes-incognito-mode-172121598.html?src=rss