Last week, a law firm filed a class action suit against Google for allegedly breaking its promise of not selling users’ data. The lawsuit centers around Google’s use of so-called real-time bidding, where companies place bids to win advertising space in peoples’ web browsing sessions. As part of that, companies obtain sensitive information about the users, even if they don’t win, or even intend to win, the ad placement, the suit claims.
“Plaintiffs bring this class action on behalf of themselves and all Google account holders in United States who personal information was sold or otherwise disclosed by Google without their authorization,” the lawsuit reads.
Videos by VICE
The suit opens with a screenshot of a Google site, which reads “We do not sell your personal information to anyone.”
“Google breaks these promises billions of times every day,” the suit then alleges.
Do you know anything else about real-time bidding or bidstream data? Do you work with such data? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
The suit says its plaintiffs engaged Professor Christo Wilson, associate professor at Northeastern University’s Khoury College of Computer Sciences, to help determine which entities receive Google real-time bidding data.
“Professor Wilson identified 1.3 million separate publishers participating in Google’s ad systems. Each of those publishers is a potential recipient of Google RTB [real-time bidding] Bidstream Data, including the personal information Google tells account holders it will not share,” the lawsuit reads.
The lawsuit also points to a letter the office of Senator Ron Wyden sent to the Federal Trade Commission last July.
“Few Americans realize that companies are siphoning off and storing that ‘bidstream’ data to compile exhaustive dossiers about them. These dossiers include their web browsing, location, and other data, which are then sold by data brokers to hedge funds, political campaigns, and even to the government without court orders,” that letter read.
Venntel is a contractor that sources location data and then sells that to government agencies, such as Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). In October, Motherboard reported that CBP refused to tell Congress its legal reasoning for tracking Americans without a warrant with data bought from Venntel. As part of that report, an aide for Senator Wyden said that CBP officials believe the Venntel data is sourced both from software development kits (SDKs)—bundles of code included in ordinary apps—as well as bidstream data.
Bleichmar Fonti & Auld LLP, the firm behind the lawsuit, has previously won settlements of tens and hundred of millions of dollars.
Google did not immediately respond to a request for comment. Lesley Weaver from Bleichmar Fonti & Auld LLP and who is listed on the case docket declined to comment beyond the contents of the lawsuit.