Google Continues To Defend Its Decade-Long Gmail Privacy Stance In Court
Remember that decade when people were using Gmail, and not caring about Google algorithmically scanning messages and delivering ads based on them? It recently ended when Microsoft launched a campaign to promote its competing webmail product and trying to scare Gmail users into thinking that Google is snooping on their private emails.
Then, in May, a class action lawsuit was filed against Google, claiming the company is violating laws when it “opens” and “reads” emails.
This week, Google is asking a judge to dismiss the suit. Frequent Google privacy critic Consumer Watchdog shares Google’s motion (pdf), which says:
This case involves Plaintiffs’ effort to criminalize ordinary business practices that have been part of Google’s free Gmail service since it was introduced nearly a decade ago. While Plaintiffs are differently situated (some are Gmail users; others are non-Gmail users who exchange emails with Gmail users), their claims boil down to the same core allegation: that Google commits an illegal “interception” when it applies automated (non-human) scanning to emails involving Gmail users even though the processes at issue are a standard and fully- disclosed part the Gmail service. This claim fails as matter of law for multiple reasons.
First, all of the federal and state wiretap laws at issue specifically exempt ECS providers from liability based on conduct in their ordinary course of business. These protections reflect the reality that ECS providers like Google must scan the emails sent to and from their systems as part of providing their services. While Plaintiffs go to great lengths to portray Google in a sinister light, the Complaint actually confirms that the automated processes at issue are Google’s ordinary business practices implemented as part of providing the free Gmail service to the public. This is fatal to Plaintiffs’ claims.
Second, the wiretap statutes also preclude liability where either a single party to the communication (for the federal statute) or both parties (for the state statutes) have expressly or impliedly consented to the practices at issue. Here, all Plaintiffs who are Gmail users consented to the automated scanning of their emails (including for purposes of delivering targeted advertising) in exchange for using the Gmail service, thus precluding any claim under federal law. Moreover, multiple courts have held that all email senders impliedly consent to the processing of their emails by virtue of the fact that email cannot be sent or delivered without some form of electronic processing. This combination of express and implied consent bars Plaintiffs’ claims in their entirety, under both the federal and state wiretap statutes.
Third, the CIPA claim brought by certain Plaintiffs is even farther afield than the wiretapping claims above because CIPA does not apply to emails at all, as confirmed by both the express terms and legislative history of the statute. In fact, the California Legislature specifically considered and rejected proposals to expand the statute to cover emails. And even if CIPA could be interpreted to cover emails, both implied consent and choice of law rules would preclude the CIPA Plaintiffs from relying on the statute. As residents of Alabama and Maryland whose emails have no alleged connection to California, these Plaintiffs cannot invoke the protections of California law and bypass the laws of the states in which they reside simply because they want to avoid the requirements and limitations of their local laws.
Last, Plaintiffs’ claims should be rejected because they would lead to anomalous results with far-ranging consequences beyond the allegations in the Complaint. Plaintiffs’ theory–that any scanning of email content by ECS providers is illegal–would effectively criminalize routine practices that are an everyday aspect of using email. Indeed, Plaintiffs’ effort to carve out spam filtering and virus detection from their claims underscores the fact that their theory of liability would otherwise encompass these common services that email users depend on. Notwithstanding these limited carve-outs, Plaintiffs’ theory would still sweep up a host of common features that benefit consumers. For example, Plaintiffs’ theory of liability would prevent ECS providers from providing features that allow users to sort their emails using automated filters or even to search their emails for specific words—because these features necessarily involve the scanning of email content and would thus be an illegal “interception” under Plaintiffs’ theory. The Court should not allow the Complaint to proceed on this sweeping basis.
Consumer Watchdog has singled out one quote from Google’s motion, where it says, “”Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.'”
Consumer Wathdog’s Jamie Court says, “When Consumer Watchdog released the statements to the public, Google caught quite a backlash because, apparently, the public does expect it has a right to privacy in its email communications.”
A hearing is scheduled for today, which will determine whether the case gets dismissed or not.