Google fights email privacy group suit
SAN FRANCISCO - Google, fighting claims that it illegally scanned private email messages, argues it shouldn't have to face a single lawsuit that lumps together hundreds of millions of Internet users.
The world's largest search-engine company contends a nationwide grouping of people who sent or received messages through its Gmail service over five years would "amalgamate an unprecedented collection of individuals," according to a filing in federal court in San Jose, Calif.
The amount at stake could reach into the trillions of dollars if, as the plaintiffs argue, each person is eligible for damages of $100 a day for violations of the Electronic Communications Privacy Act.
U.S. District Judge Lucy Koh heard arguments Friday over whether to certify the case as a class action. Her ruling has implications for email privacy cases assigned to her that were filed last year against Yahoo and LinkedIn, which also have hundreds of millions of users. In each case, class- action status would allow plaintiffs to pool resources and put greater pressure on defendants to settle.
Similarly giant cases have been brought against Facebook Inc. and Hulu as Web users challenge how companies monetize their data for the online advertising market that generated more than $40 billion in the U.S. last year. Google, meanwhile, faces another privacy case in San Francisco federal court brought on behalf of everyone in the U.S. whose wireless Internet connections were intercepted by company vehicles gathering information for the Street View mapping service.
The case before Koh Friday was brought in 2013 by users of Gmail and other email services from states including Texas, Pennsylvania, Maryland and Florida, claiming Google intercepted, read and mined the content of email messages for targeted advertising and to build user profiles.
Koh said she had less difficulty seeing how such a suit could go forward for discernible groups of people using Internet service providers, or educational organizations, that rely on e- mail powered by Gmail. She expressed skepticism about how plaintiffs would verify birth dates and addresses for a reliable group of non-Gmail users.
"We're not a government agency of verifying birth dates," Koh said, referring to the court.
Michael Rhodes, a lawyer for Google, said it would be impossible to build a case with a measurable "total mix of information" each class member had about the company's scanning.
There's no legal requirement that Google had to disclose its scanning "in a particular way, at a particular time and that we're limited to that," Rhodes said. "There's no proposition in the law that I have to give that level of granularity."
Sean Rommel, a lawyer representing the plaintiffs, told Koh that he has "streamlined" the case by focusing on a device Google has used to intercept emails called the "content one box." Google determined that the device couldn't extract information from emails that weren't opened or deleted, or when they were accessed by phones or through Outlook, Rommel said.
In 2010, Google moved the device from the storage end of e- mail services to the "delivery pipeline" to extract data before users receive the messages, Rommel said.
"That's the secret," Rommel said. "It is factually inaccurate to say that the location and the timing of that interception is in the public record," he said, referring to Google's disclosures about its scanning. "There is not a single disclosure in the record that identifies, alerts, tells anybody that there is an interception occurring. It's not there, it doesn't exist."
The lawyers suing Google over email scanning face "a very steep hurdle" to proceed with a group case and the judge will need to do a "rigorous analysis" to determine whether it's appropriate, Stanford Law School professor Deborah Hensler said, adding that only 10 percent to 20 percent of all cases filed as class-actions are allowed to go forward.
Koh in September rejected Mountain View, Calif.-based Google's bid to dismiss the case. In a rare early victory for plaintiffs in an online privacy lawsuit, the judge rejected Google's argument that Gmail users agreed when they accepted subscription service terms and privacy policies to let their messages be scanned.
The plaintiffs now argue the case is "perfectly suited for class treatment" because everyone affected by the email scanning has so much in common, from the "uniform nature" of Google's extraction of data in emails to the company's "uniform disclosures" about its privacy practices.
Companies often seek to avoid class actions, instead attempting to fight plaintiffs one-by-one or in small groups, forcing them to use their own financial resources to litigate.
Google contends that if the email case gets group status, it would "indiscriminately amass together virtually everyone in the United States with a non-Gmail email account, along with large groups of the over 400 million people who use Gmail and Google Apps," according to a court filing.
The common ground needed for class-action status is missing because the "many billions" of emails at issue raise "an immense array of individualized evidence" over whether the senders and recipients were aware of the automatic scanning, Google said.
Federal rules requires that the class be "clearly definable and that common issues predominate over individual differences among class members," Hensler, the Stanford professor, said in an email.
"Arguably in a huge class there are more likely to be differences among class members that would make certification difficult," she wrote. "In any event, certification is never a sure thing."
In 2011, the Supreme Court rejected class certification for a lawsuit brought on behalf of more than 1.5 million female workers alleging discrimination in pay and promotions at Wal-Mart Stores, the world's largest retailer. The court told the women they didn't have enough in common to sue the company as a monolithic class.
Google's 31-page argument to Koh in the email case cited the high court's Wal-Mart ruling three times.
If the Google case is given class status, "it could well be" the largest ever, said Rick Wiebe, a San Francisco lawyer who does privacy and class-action cases. While other group lawsuits - product injury, drug or medical device, and shareholder cases - have been litigated on behalf of tens of millions of plaintiffs, Google may be the first involving hundreds of millions, said Wiebe, who's one of the lawyers in a civil rights lawsuit challenging the Obama administration over National Security Agency surveillance of telephone calls.
Plaintiffs' lawyers are presenting the Google case as more viable by organizing "subclasses," arguing that any differences in the types of injury "clump themselves together in a manageable fashion," Wiebe said. Arguing for statutory damages may also streamline the case, Wiebe said. By claiming damages "that Congress has said everyone should get for a violation, you don't need individual proof of an injury," he said.
Neither the plaintiffs or Google have publicly disclosed total estimates on the size of the class or potential damages.
Chris Hoofnagle, a law professor at the University of California at Berkeley, said in an email that while the Google case is "very important," courts "almost never award the full amount of potential statutory damages in privacy cases."
"Defendants in these cases often have mitigating circumstances that reduce damage awards, and they argue that extra-large awards violate their due process," Hoofnagle said.