Texas Garners Billion-Dollar Settlement From Google in Data Privacy Case

Danny Bradbury, writing in Malwarebytes, reports that Texas recently secured a landmark $1.375 billion settlement from Google, concluding lawsuits focused on the company’s data privacy practices.

The cases, led by Texas Attorney General Ken Paxton, centered on allegations that Google misled users about the extent of data collection, particularly regarding geolocation tracking and Incognito Mode.

The resolution marks one of the largest state-level tech settlements in US history and reinforces the trend of aggressive state-led privacy enforcement.

The first lawsuit, The State of Texas v. Google LLC, filed in January 2022, alleged that Google continued tracking users’ locations even after settings were disabled. In May 2022, Texas amended its complaint to include claims that Google’s Incognito Mode misled users about the level of privacy it provided.

Later that year, Texas filed a second suit, accusing Google of unlawfully collecting biometric data such as voice prints and facial geometry through services like Google Photos and the Nest Hub Max.

These cases were grounded in the Texas Deceptive Trade Practices Act and the state’s Capture or Use of Biometric Data Act.

Texas’s $1.375 billion win surpasses the $391.5 million secured by a 40-state coalition over similar location-tracking issues. Paxton contrasted this outcome with smaller settlements from states like Arizona.

Texas has a history of suing big tech, including a $1.4 billion biometric privacy case against Meta, and settlements with Google over app store practices and deceptive advertising. The AG’s office has formed a specialized legal unit to pursue further data privacy violations.

The importance of state-level consumer protection laws in tech regulation can’t be overstated. Huge settlements such as this one are becoming likely in the absence of comprehensive federal legislation.

Attorneys should prepare their clients for heightened scrutiny of data privacy practices and ensure compliance with both biometric and deceptive trade practice statutes. Proactive risk assessments and clear user disclosures are critical.