Class Action Lawsuit Claims Google Granted ‘Hundreds’ of Third Parties Access to Gmail Users’ Inboxes

Google finds itself in the crosshairs of a proposed class action lawsuit filed by two plaintiffs in California federal court. The 20-page, six-count lawsuit claims that Google granted third-party developers “privileged access” to view and read the personal emails of all Gmail users, even though users never provided consent for such access.

Google’s conduct amounts to violations of California’s Computer Data Access and Fraud Act, the suit claims, as well as the state’s Unfair Competition Law and other consumer protection statutes.

What does the lawsuit say exactly?

According to the complaint, Google’s Gmail platform boasts 1.2 billion active users worldwide, making it one of the most popular email platforms out there. Google, the suit says, has for years placed great emphasis on its pledge to protect Gmail users’ privacy, stating that “if your data is not secure, it is not private,” while assuring that its encryption tools keep users’ data from prying eyes while in transit thanks to “multiple layers of security.” A notable caveat to Google’s dedication to privacy, the case points out, is that Gmail users’ emails were, up until mid-2017, open for scanning by machine-based code for the collection of “input for ads personalization.”

The plaintiffs, in no uncertain terms, allege that Google’s pledge to hold Gmail users’ privacy in the highest regard rings hollow. From the complaint:

Despite its representations to its users regarding the security and privacy of their Gmail messages, Google gave hundreds of third-party developers—like marketing and data-mining firms—privileged access to its users’ inboxes. Such access allowed the developers’ employees to surreptitiously read Gmail user emails.”

Did Google ever warn Gmail users about this?

The suit claims that Gmail users were never informed that Google would be granting third parties access to their emails.

What about a timeline? When did this supposedly all start?

The lawsuit fails to present any concrete timeline for when Google supposedly began granting third-party developers access to Gmail users’ private messages. The plaintiffs attribute this to Google’s failure to publicly disclose that third-party access was being granted while, at the same time, presenting contrary information to the public regarding the level of access granted to external developers, the complaint says.

“Google was under a continuous duty to disclose to Plaintiffs and the other Class members of the true nature, quality, and character of the privacy controls available and utilized in Gmail,” the lawsuit states. “Google chose to make certain representations and disclosures regarding its privacy policies; however, its disclosures were inaccurate, deceptive, and negligent.”

Does the case say why Google would do this?

One theory floated by the lawsuit is that Google provided third-party developers with unauthorized access to Gmail users’ messages as a way to gain a leg up on the competition.

According to the case, Google allowed third parties to poke around Gmail to help developers create services that integrated with users’ inboxes, providing access that was “unnecessary” and “to the benefit of the developers, who now have access to information that users would not otherwise provide.” The complaint says that this was all part of Google’s plan:

Google provided access to third-party developers as part of a scheme or artifice to defraud and deceive, because it knowingly provided access to developers, while at the same time making representations regarding privacy that were materially inconsistent, misleading, and deceptive to its users.”

According to the complaint, Google effectively pointed the finger at its own email users in response to recent outrage over the company’s “latest violation of its own representations regarding privacy.” The case says that Google “foisted responsibility” onto Gmail users for downloading apps that integrate with its e-mail service, all while claiming that, regardless, users shouldn’t be worried because these app developers have been “vetted.”

Who does the lawsuit hope to cover?

The suit asks the court to certify a class of all Gmail users whose accounts were able to be accessed by third-party developers after Google allowed for such permissions.

Tell me again how to join a class action.

Here’s what you do . . . nothing. In most cases, people really won’t have to do anything until when and if a settlement is reached. For now, while the case winds its way through the court system, the best thing consumers can do is sit tight. ClassAction.org will have updates as they come in.

The complaint can be read below.