Google: Email Users Have No Expectation of Privacy

googleSo I read the headline of an article this morning that read: “Google Filing Says Gmail Users Have No Expectation of Privacy,” and I was a little amazed that Google would be so brazen.  Sure, as a user of Gmail, Google’s industry-leading email platform, I am aware that they scan the emails I send out (see my earlier post about being a little creeped out when talking about Sherlock Holmes in an email led to Sherlock Holmes ads appearing on my Gmail page) and that privacy advocates and Google’s competitors have been shouting from the rooftops about Google invading people’s privacy.  Still, I found it hard to believe that the headline of that article was accurate, so I dug deeper.  As it turns out, Google is actually asserting that it’s not just Gmail users, but anyone who uses email at all that has no expectation of privacy regarding their emails.

I tend to be the type of attorney who reads what non-lawyers write about lawsuits in general, and specific legal argument and contentions in particular, with a grain of salt.  As a litigator, I’m very familiar with the concept of things that seem illogical, such as pleading in the alternative, but are a part of regular legal practice, and serve important goals.  A party, at the beginning of litigation, should be allowed to plead in the alternative, because it is highly likely that not all the necessary facts and information are readily available prior to discovery (or even after discovery, if the proposed amendments to the federal discovery rules are adopted, but I digress).

So what is the case, In re: Google Inc. Gmail Litigation, Case No. 5:13-md-02430-LHK (N.D. Cal.), about?

The Case

Per the CNET article: “Plaintiffs in the case contend that Google’s automated scanning of e-mail represents an illegal interception of their electronic communications without their consent. However, Google, which uses automated scanning to filter spam and deliver targeted advertising to its users, noted that plaintiffs consented to the practice in exchange for the e-mail services. Google goes on to say that courts have held that all e-mail users ‘necessarily give implied consent to the automated processing of their emails.'”

Ok, that’s CNET’s version, but I wanted to read the actual brief that Google filed in the case, to make sure I got the story straight.  The brief, filed in support of Google’s 12(b)(1) and 12(b)(6) motions to dismiss the class action suit, puts forth some compelling arguments as to why plaintiffs’ class action lawsuit should be dismissed. (Yes, I know that I haven’t read plaintiffs’ memorandum, and if Google’s memorandum had NOT been compelling, Google should have fired their law firm.)

Seems like a lost cause lawsuit, I said to myself.  Everyone who has a Gmail account knows that their emails are scanned these days, and aside from that, it seems unlikely that you’re going to convince a court that this constitutes wiretapping.

Google’s Position

Unsurprisingly, that’s the argument that Google puts forth, with a couple interesting catches.  It was with these catches, which seemed like “throw-away” arguments based on how they’re written, that I became a little concerned:

First, Google argues that plaintiffs’ cannot base their lawsuit on allegations that Google’s “ordinary course of business” violates the industry standard for privacy. According to Google, the “ordinary course of business” standard does not require a business’s practices to meet an “industry standard,” but rather means the defendant must comply with their own standards. (Part IV(A)(3), pp. 10-12).  Ok, that seems a little strange to me, the idea that the “ordinary course of business” can be defined by the company, and lacks an industry standard definition. On the other hand, I suppose its somewhat similar to the concept that following company policies, if not illegal on their face, gives a presumption of validity.  I’m not wild about the notion, but I can get past it.

Next, as a part of their argument that users of Gmail have given their consent to the scanning of emails, Google claims that such consent extends to minors. (Part IV(B)(2), pp. 16-17).  Citing the federal Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-08, Google claims that the law only requires parental consent for collection and use of personal information when the child is under 13.  This seems like a strained opinion to me, considering that COPPA, by its own terms, only applies to children under 13. § 6501(1). As such, arguing that COPPA preempts any state privacy laws regarding children still fails to address how privacy rights of minors in the 13-17 age range is affected.  However, I can also understand Google’s practical position that it would be difficult to ensure that minors did not use Gmail, and that setting up an entirely separate mail system for minors would be cumbersome and likely cause undue burden.

Then I came to it: “Non Gmail [users] Impliedly Consent to the Automatic Processing Of Their Messages.” (Part IV(B)(4), pp. 19-21). Excuse me?!? Up to this point, it was difficult to not see Google’s point: a person who consents to violation of their privacy cannot sue for violation of their privacy.  I could even have understood Google’s claim that non-Gmail users emails would inevitably be processed, provided the information would not be stored or retained other than how it related to the Gmail user’s emails.  But no, that’s not what Google is arguing.  Google’s argument is, essentially, that since everyone already knows that Google automatically scans, retains, uses and sells information contained in Gmail messages, then anyone who sends an email to a Gmail account is impliedly consenting to EACH AND EVERY ONE OF GOOGLE’S OPERATIONS!

My Problem with Google’s Arguments

But every email provider “processes” emails, you say?  Well, not like Google!  Want to know how I know that?  Because earlier in THIS VERY BRIEF, Google says that the “industry standard” cannot be applied to Google because they are at the forefront of the industry, doing things faster and better than everyone else!  But people who use telephones know their information is being routed through a third-party, you say? Well, Google just argued that the wiretapping provisions of state and federal law do not protect emails, even though they do protect phone calls in THIS VERY BRIEF.

[poll id=”6″]

Going even further, Google argues that users of the Gmail system, whether in privity with Google or not, cannot consider emails to be “confidential,” because by submitting an email through a 3rd party processing system, it is being sent with the expectation that it is being recorded by someone (or thing) other than the sender or recipient, and therefore were not sent under “‘circumstances’  that would ‘reasonably indicate’ a ‘desire[]’ that the emails ‘be confined to the parties.'” (Google Brief, at p. 26).  However, Google makes no attempt to identify what those “circumstances” would be, since the rest of the argument in that section is that no email can be confidential because it involves a 3rd party.  What effect does this have on attorney-client communication?  Every state allows emails to be considered “privileged communication,” but Google appears to be arguing for a different interpretation.

Will this lawsuit survive?  I have no idea.  Before they went off the deep end, Google appeared to make some pretty convincing arguments about why this particular lawsuit should be dismissed.  What do you think?