Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws.
"Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to track its users' movements for its own commercial gain," California Attorney General Rob Bonta said.
The lawsuit is in response to disclosures that the company continued to track users' locations despite stating to the contrary that such information would not be stored if the "Location History" setting was disabled.
The complaint filed by California alleged that Google collected location data through other sources and that it deceived users about their ability to opt out of personalized advertisements targeted to their location.
With Google making over $220 billion in revenue in 2022 from advertising alone, the development is the latest in a series of financial settlements made by the Mountain View-based company to resolve multiple lawsuits filed by different states in the U.S.
Last November, it agreed to pay $391.5 million to settle similar complaints by 40 U.S. states. Then in January 2023, it consented to shell out another $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C.
Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.Supercharge Your Skills
The tech giant, which has not admitted to any wrongdoing, has maintained that they are based on "outdated product policies that we changed years ago." It also agreed to provide greater controls and transparency to users over location data.
The development comes two weeks after Austrian privacy non-profit NOYB (short for None of Your Business) filed three complaints against Google-owned Fitbit for forcing new users of its app to consent to sensitive data transfers outside the European Union that may not have the same level of data protection as the bloc.
"Contrary to legal requirements, users aren't even provided with a possibility to withdraw their consent," it further added. "Instead, they have to completely delete their account to stop illegal processing."