Google has reached an agreement to eliminate vast amounts of data – billions of records detailing users’ online activities – as a resolution to a lawsuit accusing the company of monitoring individuals without their explicit consent through its Chrome browser.

 

The lawsuit, initiated in 2020, alleged that Google deceived users into believing their internet browsing remained confidential when utilizing “incognito” or “private” mode on browsers such as Chrome.

 

By late December 2023, it was disclosed that Google had opted to settle the lawsuit. However, final approval is pending from U.S. District Judge Yvonne Gonzalez Rogers.

 

 

According to a court filing dated April 1, 2024, “The settlement provides broad relief regardless of any challenges presented by Google’s limited record-keeping.”

 

The filing further stated, “Much of the private browsing data in these logs will be deleted in their entirety, including billions of event level data records that reflect class members’ private browsing activities.”

 

As part of the data remediation process, Google is obliged to expunge information that could potentially identify private browsing data. This includes redacting data points like IP addresses, generalizing User-Agent strings, and removing detailed URLs associated with visited websites (i.e., retaining only domain-level portions of the URLs).

 

Quick link: Google Takes Legal Action Against App Developers for Deceptive Crypto Investment App Scheme

 

Additionally, Google must delete the X-Client-Data header, described by Google as a Chrome-Variations header capturing the “state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.” This header is generated from a randomized seed value, making it potentially unique enough to identify specific Chrome users.

 

Other stipulations of the settlement require Google to block third-party cookies within Chrome’s Incognito Mode for a period of five years, a measure the company has already implemented for all users. Furthermore, the tech giant has separately announced plans to default to eliminating tracking cookies by the end of the year.

 

 

As of January 2024, Google has updated the wording of Incognito Mode to clarify that the setting does not alter “how data is collected by websites you visit and the services they use, including Google.”

 

The lawsuit unveiled admissions from Google employees who characterized the browser’s Incognito browsing mode as a “confusing mess,” “effectively a lie,” and a “problem of professional ethics and basic honesty.”

 

Read Also: Android Phones Secretly Turned into Cybercriminal Proxies by Malicious Apps

 

Internal exchanges revealed executives debating whether Incognito Mode should be labeled as “private” due to concerns that such labeling might reinforce misconceptions.

 

This development coincides with Google’s implementation of measures to automatically block bulk senders in Gmail that fail to adhere to its Email sender guidelines, in an effort to reduce spam and phishing attacks.

 

Quick link: DuckDuckGo vs Google

 

The new guidelines require email senders who send out more than 5,000 messages per day to Gmail accounts to provide a one-click unsubscribe option and respond to unsubscription requests within two days.

 

Ready to protect your business from compliance risks and stay ahead of emerging threats? 

 

Take control with CyberArrow GRC Platform. Automate your compliance processes and ensure your business stays on track. Stay compliant, stay secure, and stay ahead with CyberArrow. 

 

Get started today!