A $1.375 billion Google settlement highlights the growing legal focus on unlawful geolocation tracking, incognito data collection, and biometric surveillance by tech companies.
A recently announced $1.375 billion settlement between Google and the State of Texas marks a major development in the ongoing scrutiny of how Big Tech companies handle users’ personal data. The resolution, which stems from a 2022 lawsuit filed by Texas Attorney General Ken Paxton, targets alleged violations involving geolocation tracking, incognito browsing data, and biometric identifiers—core areas of concern in current privacy enforcement trends.
Enforcement actions increasingly focus on the opaque or invasive data collection methods of tech companies.
According to the claims in the lawsuit, Google systematically tracked users’ real-time locations, monitored private browsing activity even in “incognito” mode, and collected biometric data such as facial recognition and voice data without adequate disclosure or consent. These practices, the complaint argued, were deceptive and invasive, in violation of state privacy laws designed to safeguard users’ autonomy and control over their personal information.
The use of biometric data without consent is a significant area of regulatory concern.
The collection and use of biometric identifiers has drawn particular attention from regulators, given the sensitive and irreversible nature of this data. The Texas Attorney General’s Office has also pursued enforcement against Meta (formerly Facebook), reaching a $1.4 billion settlement in July 2023 over the alleged misuse of facial recognition data. These actions reflect broader regulatory concern that companies are failing to adequately inform users or obtain lawful consent before using biometric technology.
Incognito mode and location tracking practices face legal challenges over deceptive or inadequate privacy by design.
Enforcement bodies are also targeting what they consider misleading representations of privacy tools. In this case, Google’s incognito browsing mode was alleged to give users a false sense of anonymity, while location tracking continued in the background. Similarly, Google’s location services were found to be difficult to disable, with disclosures that were either insufficiently clear or buried within complex settings. These design choices are increasingly being characterized by regulators as “dark patterns” that undermine informed user consent.
US state-level enforcement is becoming more active in addressing consumer privacy rights
While federal privacy legislation remains under debate in the U.S., individual states have taken an active role in holding companies accountable for unlawful data practices. Attorneys general across the country have launched investigations into companies that fail to meet standards for transparency, consent, and responsible data processing. The $1.375 billion settlement with Google—one of the largest of its kind—signals growing scrutiny of the data practices of tech giants.
Legal action aims to set clearer expectations around data protection compliance
Attorney General Paxton emphasized the message the settlement sends to other companies: “This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust.” The case highlights the need for businesses to reassess their data collection practices in light of possible legal and reputational risks.
