The ruling against Google sets a legal precedent that might re-set approaches to cellular data gathering. MEF has launched a report on the implications. Here’s a summary.
It’s just a week old, but the industry is still coming to terms with that whopping legal judgement against Google. No one can second-guess the true implications. But it does look like a precedent has been set.
How should MEF members respond?
Before we get into that, let’s review the judgement. On July 1, 2025, a US jury ordered Google to pay $314 million in a class-action lawsuit brought by Arizona consumers. They alleged that Google collected cellular data, including precise location and app usage details, from Android users. It did this without explicit consent, even when privacy settings were configured to prevent it.
In its defence, Google asserted the data was anonymised and that users had consented via agreements and other phone settings. The jury disagreed and found Google liable. Hence the big fine.
So why is this significant? After all, Google and other tech giants have been fined before for similar breaches. Well, the difference here is that this was a jury trial rather than a regulatory settlement.
So why is this significant? After all, Google and other tech giants have been fined before for similar breaches. Well, the difference here is that this was a jury trial rather than a regulatory settlement..”
As such, it establishes a strong legal precedent, with a number of key implications including:
- Anonymisation alone may not be a sufficient legal safeguard against privacy violations.
- The ruling challenges a long-standing industry practice of treating anonymised data with looser privacy requirements.
- Google’s consent mechanisms were deemed insufficient.
- Platforms might need to enact more explicit, informed consent protocols.
- Consent must be granular, easily understandable, with clear tools to manage preferences.
- Other plaintiffs and regulators might see the decision as a precedent for more action.
Another interesting angle on the ruling is its potential impact beyond smartphones. The focus on “cellular data” extends to the broader landscape of always-on, data-generating devices. In other words IoT sensors and modules, smart cities, automotive, smart homes and wearables.
It’s interesting to consider how consent might apply when a device has no singular human ‘owner’ but still sends data back to (in theory) Google.
These are questions for MEF members to mull over. But in the shorter term, members should consider essential actions such as:
- Review data collection, storage, processing, and sharing practices.
- Ensure consent processes are explicit, granular, and easily understandable, with clear opt-in and revocation options.
- Evaluate de-identification techniques against evolving legal interpretations.
- Collect only essential information.
- Update privacy policies to reflect current practices and legal requirements.
- Reduce exposure to lawsuits and fines.
MEF has produced a more comprehensive report on this topic – Google’s $314 Million Verdict: A Landmark Ruling Reshaping Data Privacy.
