13-year Google privacy settlement pays litigants the equivalent of a Big Mac meal
Chocolate Factory agrees $23m guilt-free settlement
About 2.5 million people who clicked on a Google Search link between October 25, 2006, and September 30, 2013 can expect to receive $7.16 to compensate them for claims of violated privacy, after an epic legal battle with the ad giant.
On Tuesday, Edward Davila, US district judge in the Northern District of California, finally approved [PDF] a $23 million settlement that concludes a privacy complaint filed against Google back on October 25, 2010. The settlement details were negotiated last year and published on a website in June, as we reported earlier this year. Under the terms of the deal, Google admits no wrongdoing.
Not every plaintiff participating in the case is thrilled with the final deal. In July, Clifford Weiler, a retired attorney and a claimant in the case, filed an objection, saying that given the nature of the alleged violations, Google's size and revenue, and duration of the misconduct, the settlement is far too low.
"The small amount provided to each claimant in the proposed settlement invokes concern that this may be a friendly lawsuit to clear the defendant as the plaintiff's team of attorneys receives voluminous fees and costs for basically moving papers around," he wrote.
An objection to the settlement filed by Boyd John Adams also argues the $23 million amount is too low. Adams proposed $160 million and added "I also feel Google has to admit wrongdoing."
Parent company Alphabet reported [PDF] revenue of $77 billion for its third quarter of 2023. So the settlement amounts to almost 0.03 percent of Alphabet's revenue for a single quarter, but maybe its legal team have other issues at the moment.
- Google searchers from years past can get paid for pilfered privacy
- When is a privacy button not a privacy button? When Google runs it, claims lawsuit
- Google - yes, that Google - testing proxy scheme to hide IP addresses for privacy
- What's unconstitutional about Google keyword search warrants? Nothing, says Colorado Supreme Court
The 13-year-old case, as outlined in the second amended complaint [PDF] from 2012, alleged that Google violated the privacy of people using its search engine. It did so by appending their search keywords to the HTTP Referer header – an infamous misspelling – that gets sent to websites when a search user clicks on a Google Search result link.
As the complaint explains, searching for 'abortion clinics in Indianapolis' more than a decade ago would return a search results page with a URL that included the search keywords:
Web owners back then would receive these search terms when a searcher clicked on their link: The full URL with query parameters would be passed via the Referer header. Web analytics services and other data gathers would cull these terms from server logs, which obviously was not ideal for privacy.
This could have been avoided. RFC 1945 HTTP/1.0 from 1996 and RFC 2616 HTTP/1.1 both suggest browser makers implement mechanisms that let the user control Referer data. But that didn't happen because doing so can cause other problems.
Only Opera 12.17 briefly tried to implement a user Referer control, and Microsoft considered it for the now-defunct Internet Explorer. There are, however, browser extensions that enable such meddling. More recently, the implementation of Referrer-Policy gives publishers a way to control the transmission of such information in headers.
In any event, around 2010, Google began testing the encryption of search keywords in the Referer header and by 2011 announced the change. Nonetheless, the Class of affected searchers extends from October 25, 2006 to September 30, 2013.
Now, after 13 years, they get the price of a Big Mac and fries from Google, based on The Economist's Big Mac Index, which lists the average US price at $5.58. You could use the whole settlement if you added a fry. But the Big Mac deal might make you reach into your pocket for a couple spare bucks.
Google did not respond to a request for comment. ®