Posts

Understanding the Google Class Action Lawsuit Notice

/in ,

Google WorkspaceBeginning on September 23, 2024, Google Workspace administrators began receiving notices from Google Operations related to a class action lawsuit filed against Google in 2020. This Service Alert blog post summarizes the information and discusses next steps as they relate to users with Google Workspace accounts.

Background

In July 2020, a class action lawsuit was filed against Google LLC, alleging unauthorized data access. The case, titled Rodriguez et al. v. Google LLC, is being heard in the United States District Court for the Northern District of California. The plaintiffs, comprising four Google account holders, claim that Google unlawfully accessed their devices and data. The access was via non-Google mobile apps, even when the “Web & App Activity” (WAA) and “supplemental Web & App Activity” (sWAA) settings were turned off or “paused.”

This lawsuit has significant implications for Google account holders using non-Google mobile apps while signed into their Google Workspace accounts between July 1, 2016, and September 23, 2024. Despite Google’s denial of the allegations and no court ruling yet on the merits of the case, the lawsuit has proceeded with class certification. 

The notice received by Google Workspace administrators is part of the initial efforts to distribute notices to potentially affected users.

Key Allegations and Legal Claims

The plaintiffs in this lawsuit assert three primary legal claims against Google:

Invasion of Privacy:

  • The plaintiffs allege that Google unlawfully accessed their mobile devices to collect, save, and use data concerning their activity on non-Google apps.
  • These apps incorporate certain Google software code into the apps while WAA and/or sWAA were turned off or “paused.”

Intrusion Upon Seclusion:

  • Similar to the invasion of privacy allegation, This claim focuses on unauthorized intrusions into private activities.

Violation of the Comprehensive Computer Data Access and Fraud Act (CCDAFA):

  • Plaintiffs contend that Google violated this act by unlawfully accessing and using their data.

The plaintiffs are seeking monetary damages and changes to Google’s practices. Google denies any wrongdoing and maintains that it did not violate any laws.

Class Certification

The court has certified four classes to assert claims for damages based on specific criteria. The two classes covering invasion of privacy and intrusion upon seclusion apply only to non-managed user accounts.

The court defined Google Workspace accounts as “Enterprise” accounts.  For these users, the court defined two classes for claims under the CDAFA.

The classes cover:

  • Usage in the period from July 1, 2016, to September 23, 2024
  • Users with their WAA and/or sWAA settings turned off
  • A non-Google-branded mobile app transmitted activity to Google via the Firebase SDK and/or Google Mobile Ads SDK.

Class 1: From an Android device 

Class 2: From a non-Android device

The Role of Workspace Administrators

Workspace administrators play a crucial role in managing the implications of this Google class action lawsuit for their end users. The Court ordered Google to notify all relevant end users who may be class members. 

Workspace administrators must ensure that they comply with their obligations under the Google Workspace Terms of Service. Per sections 3 and 7, which pertain to legal notices and updates, Workspace administrators must forward messages to end users with accounts during the period of the claim. 

Google will send Administrators lists of end user email addresses. Administrators should forward class notification emails to these users. 

Per the Court Order, Administrators must:

  1. Be prepared to receive and distribute the notices; and
  2. Distribute notices appropriately, maintaining the confidentiality and security of the information as stipulated by the court.

Email Notices and What They Mean for End Users

The court-appointed Class Notice Administrator, Epiq, began sending email notices to all eligible end users as of September 23, 2025. These notices inform users of their status in relation to the class action, specifying whether they are included in the classes for damages or for seeking changes to Google’s practices.

The email notices will provide critical information, including a contact number and additional resources for users to determine their eligibility and understand the implications of the lawsuit. 

End users should read these notices carefully and follow the instructions provided to ensure they stay informed about their rights and any potential compensation.

Stay Informed

To stay informed, you may want to periodically visit the dedicated website www.GoogleWebAppActivityLawsuit.com. You can also call the contact number (855-822-8821) for additional information and updates about the lawsuit.

Your Next Steps

Given the court order, we recommend that Google Workspace administrators use Google Groups to create a distribution list. Your list should include current employees and the personal email addresses for past employees who worked between July 1, 2016 and September 24, 2024.

If you are a client or have a Google Workspace subscription and have questions, please contact us to connect with one of our Cloud Advisors.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Prevent Your Email From Being Pushed Aside or Blocked

/in

With the ever-present nuisance of spam and threats of cyber attacks, email services continue to add features and protections. Some of these will prevent your email from being delivered, and others will prevent your message from being seen. 

Here are 3 actions you need to take so your messages arrive and are seen.

1 Ensure Your Emails Validate Properly

Yahoo, Google, and other email services now require validation for emails. Initially targeting volume marketers, the validation checks can prevent your emails from reaching their destination. To ensure your emails reach your recipients, you must have DomainKey Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols in place.

Our eBook, Improve Your Email and Deliverability and Security in Five Steps, provides five steps you can take to ensure that your business and marketing emails reach your intended recipients. These steps also help protect you from costly and damaging email identity and business email compromise cyber attacks.

2 Use a Marketing Email Service

Google, Microsoft, and other email services limit the number of emails you can send individually and as an organization. Additionally, these email services lack the controls required by the CAN-SPAM Act and other regulations. 

Marketing email services include the necessary controls, including address publishing, unsubscribe links, and email preferences. They also provide tools for managing contacts, lists, and content.

Using a marketing email service enables you to send bulk emails without being flagged as a spammer. You can protect and maintain your email reputation by using the services to manage your email marketing and response campaigns.

3 Include AI Trigger Words In Your Content

Microsoft Outlook includes a Focus Inbox, while Google Workspace offers Priority Inbox. With iOS 18, Apple will auto-filter email into four segmented inboxes: Primary, Transactions, Updates, and Promotions.

With artificial intelligence (AI), the content of your email determines whether it lands in the primary inbox that people check most, or a secondary folder that may go unnoticed. Messages will be prioritized when they include phrases with:

  • Contextual Relevance: Phrases that indicate important actionable content
  • User Behavior: Messages that are typically opened and acted upon more frequently
  • NLP Recognition: Phrases commonly used in critical communications, as they signal priority
  • Transactional Nature: Content commonly used in transactional messages

In addition to identifying these emails for the focus, priority, or primary inbox views, the AI engines will prioritize messages to ensure recipients see them first.

AI trigger words and phrases should be included but need not be the focus of your message: Sample AI trigger words and phrases include:

Registration Confirmed Preview Meeting Invite
Exclusive Invitation Important Update X Day Left
New Feature Subscription Details Action Required
Invitation Enclosed Event Registration Priority Access
Add to Calendar Event Details

Using AI trigger words will improve the visibility of your emails. Expect that preferred phrases will evolve and change over time.

Your Next Steps

Our Cloud Advisors are ready to help you review your email service configuration. Contact us or schedule time with one of our Cloud Advisors to learn more.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.