A California jury has ordered Google to pay $314.6 million after finding the company liable for consuming Android users’ cellular data without their permission. The verdict, delivered Tuesday in a San Jose state court, addresses claims that Google’s operating system sends and receives information from devices even when they are idle, imposing what the lawsuit called “mandatory and unavoidable burdens” on consumers for Google’s benefit.
The decision represents one of the most significant financial penalties in an escalating series of legal and regulatory battles confronting Big Tech over data privacy and user consent.
The class-action lawsuit was first filed in 2019 on behalf of an estimated 14 million Californians. Plaintiffs argued that Google collected information from idle phones for its own purposes, such as targeted advertising, forcing users to pay for the cellular data consumed in the process.
In response, Google has announced it will appeal the verdict. A company spokesperson stated the ruling “[The verdict] misunderstands services that are critical to the security, performance, and reliability of Android devices.”
The plaintiffs’ attorney, Glen Summers, celebrated the outcome, stating that “The verdict forcefully vindicates the merits of this case and reflects the seriousness of Google’s misconduct.” Google maintained that users consented to the data transfers through its terms of service and privacy policies, an argument the jury ultimately rejected. A separate but similar lawsuit against Google, representing Android users in the other 49 U.S. states, is scheduled for trial in federal court in April 2026.
Big Tech’s Broadening Privacy Battles
The Google verdict does not exist in a vacuum. It is part of a much wider pattern of legal challenges and user backlash against major technology firms for their handling of personal data, particularly as it relates to training artificial intelligence.
Just last month, OpenAI began intensely challenging a U.S. court order that it described as a “privacy nightmare”. The directive compels the company to preserve all ChatGPT user logs, including conversations that users had intentionally deleted. OpenAI argues the order undermines its privacy commitments and poses a significant risk to its millions of users.
Meta, the parent company of Facebook and Instagram, is also embroiled in multiple data privacy disputes. In May, the European privacy advocacy group noyb issued a “cease and desist” letter demanding Meta stop using personal data from its European users for AI model training without explicit opt-in consent, as required by the General Data Protection Regulation (GDPR). Max Schrems, noyb’s founder, asserted that “[Meta] simply says that it’s interest in making money is more important than the rights of its users.”
The Contentious Issue of Consent
A recurring theme in these conflicts is the nature of user consent. Critics and regulators are increasingly questioning the validity of consent obtained through complex terms of service, default opt-in settings, and retroactive policy changes.
For example, Meta’s new AI app, launched in May, immediately sparked privacy concerns because it remembers and utilizes chat details by default to personalize responses. Privacy advocates have sharply criticized this approach, with Ben Winters of the Consumer Federation of America stating, “The disclosures and consumer choices around privacy settings are laughably bad.”
Similarly, a class-action lawsuit filed in January accuses LinkedIn of violating the Stored Communications Act by using private messages from its Premium subscribers to train AI models. The lawsuit alleges that LinkedIn introduced a “Data for Generative AI Improvement” setting that was enabled by default, repurposing user data without adequate or explicit consent. This practice echoes a 2024 warning from the Federal Trade Commission (FTC) against companies making “surreptitious, retroactive” amendments to their privacy policies.
The disparity in privacy protections between different jurisdictions further complicates the matter. While companies are often forced to provide clear opt-out or even opt-in mechanisms in the European Union under GDPR, users in the United States frequently lack such robust protections. In September 2024, Meta admitted to an Australian senate inquiry that it used public data from Australian Facebook users for AI training without offering them an opt-out choice, a courtesy extended to their European counterparts.
Financial and Operational Consequences
The fallout from these privacy disputes extends beyond reputational damage, resulting in severe financial and operational consequences. The $314.6 million Google verdict is a stark example, but it is dwarfed by previous penalties. In 2019, the FTC imposed a historic $5 billion fine on Facebook for privacy failures connected to the Cambridge Analytica scandal.
At the time, then-FTC Chairman Joe Simons said, “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC.” Beyond fines, companies face court orders that impose significant engineering and logistical burdens, such as OpenAI’s data preservation mandate. In some cases, plaintiffs are demanding “algorithmic disgorgement,” a remedy that would require companies to delete entire AI models trained on improperly acquired data, as sought in the LinkedIn lawsuit.
These escalating conflicts underscore a fundamental clash between the tech industry’s relentless drive for AI innovation and the growing demands from consumers and regulators for greater transparency, control, and respect for personal data. As technology becomes more integrated into daily life, the battle over who owns and controls personal information is set to intensify, with courtrooms and regulatory bodies becoming key arenas.
