How Google convinced a Judge Surveillance is legal

How Google convinced a Judge Surveillance is legal

  • mdo  Mynymbox
  •   News
  •   July 9, 2026

On July 8, 2026, a federal judge in California dismissed a lawsuit against Google alleging that the tech giant's artificial intelligence platform Gemini was tracking users' communications without their knowledge or consent. The ruling by U.S. District Judge Noel Wise didn't declare Google innocent of wrongdoing. It simply found that the plaintiffs hadn't presented sufficient evidence of direct harm to their own data. This seemingly technical legal distinction masks a far more troubling reality: the architecture of modern privacy litigation makes it nearly impossible for ordinary users to hold powerful corporations accountable, even when those companies possess unprecedented access to our most intimate information.

The Dismissal and what it actually means

The case, filed by two Google users, accused the company of violating their privacy by enabling Gemini to track communications by default, rather than requiring users to actively opt-in to the feature. The plaintiffs argued that Google was using Gemini "to access and exploit" their emails and other records stored in their Google accounts. They claimed this deceptive practice violated their reasonable expectations of privacy. It's a straightforward allegation: a company was accessing user data without proper consent.

Yet Judge Wise dismissed the case because the plaintiffs couldn't demonstrate that their specific data had actually been impacted by Gemini tracking. They hadn't observed their data being used in targeted advertisements, received personalized suggestions they could trace back to Gemini access, or detected other changes to their services that would prove Gemini was analyzing their communications. In other words, the judge accepted that the capability to track existed and that users hadn't explicitly consented, but ruled that wasn't enough. The plaintiffs needed to show concrete evidence that their data had been harvested and misused.

This is where we encounter a profound asymmetry in the modern privacy landscape. Google possesses complete visibility into what data Gemini accesses, how it processes that information, and what it does with the results. The users bringing the lawsuit have virtually no visibility into these operations. They're being asked to prove something that only Google has the ability to verify.

The fundamental Problem: Opacity as a Shield

This case exposes a critical vulnerability in how we attempt to protect privacy in the age of artificial intelligence and pervasive data collection. Companies like Google have engineered systems of such complexity and opacity that users cannot reasonably detect when their data is being accessed or exploited. The default settings favor data collection. The algorithms that analyze and use our information operate as black boxes. The ways our data moves through corporate systems remain largely hidden from us.

Yet our legal system still demands that users (who have no technical ability to monitor what companies do with their information) must somehow prove that harm has occurred. This is not a fair burden of proof; it's a structural guarantee that large corporations will nearly always win.

Consider what we know about Google's data practices from years of investigation and reporting. Google collects staggering amounts of information about its users: search histories, location data, browsing behavior across websites that use Google's tracking tools, YouTube watch histories, Gmail contents, and increasingly, voice recordings and real-time location information. The company has built its entire business model around monetizing this data through targeted advertising. 

Gemini, Google's new artificial intelligence assistant, represents the natural next step in this evolution. An AI system that can access and synthesize all of this collected information to provide more "personalized" responses. The real question isn't whether Google can use Gemini to track and analyze user communications. It's whether users have genuinely consented to this capability, and whether they have any realistic way to prevent it.

Consent without Understanding

Google has long relied on a particular interpretation of "consent". Users accept the company's terms of service, and within those thousands of pages of legal language, Google reserves the right to use user data in various ways. But consent that's buried in dense legal documents that virtually no one reads and fewer still fully understand is consent in name only. It's particularly problematic when the company is simultaneously developing and deploying new capabilities (like Gemini) that users didn't anticipate when they accepted the terms years ago.

The plaintiffs in this case alleged that Google was allowing Gemini to track communications by default, rather than as an opt-in feature. This is a crucial distinction. An opt-in system puts the burden on the company to ask for permission before accessing data. A default-tracking system puts the burden on users to actively disable a feature they may not even know exists. Most people never change their default settings. Google knows this. Companies have spent decades perfecting the art of arranging defaults in ways that maximize data collection.

What this Ruling means for Privacy going forward

The dismissal of this lawsuit isn't a verdict on Google's practices. It's a verdict on the litigation system's ability to protect privacy in an era of AI and mass surveillance. It suggests that users will have an extraordinarily difficult time holding technology companies accountable through class action lawsuits, because the burden of proof requires demonstrating specific, concrete harm to individual plaintiffs, even when the company has designed its systems to make such harm impossible to observe.

This creates a perverse incentive structure. Companies can design systems that are invisible to users by default, collect data with minimal friction, and process that information in ways users cannot detect. If users sue, the company can argue that the plaintiffs cannot prove their data was specifically affected. Meanwhile, the company benefits from the data collection in countless ways: refined AI models, better advertising targeting, improved services that become harder to abandon, and valuable insights into human behavior and preferences.

The Path forward

The judge did allow the plaintiffs to amend and refile their case within 21 days, offering a slim possibility that a stronger complaint might survive dismissal. But even if it does, the fundamental problem remains: ordinary users attempting to verify what Google does with their data operate with one hand tied behind their backs.

Meaningful privacy protection in this context requires either stricter regulation (laws that establish privacy rights and enforce them through government agencies with the power to investigate corporate practices) or technological solutions that actually prevent data collection by default, rather than relying on users to identify and disable tracking they can't see. Until then, rulings like Judge Wise's will continue to protect corporate surveillance far more effectively than they protect user privacy.

Source