FAQ - About our Action against Google

About Stichting Bescherming Privacybelangen

What is Stichting Bescherming Privacybelangen?

Stichting Bescherming Privacybelangen is a non-profit Netherlands-based foundation. The Foundation was established in 2021 to protect the interests of consumers who are affected by Google’s privacy violations. The Foundation aims to stop Google’s illegal business practices, which are in breach of Dutch and European consumer and privacy laws. In addition, it seeks to secure financial compensation for Dutch consumers who use or used Google’s products and services and are therefore aggrieved by Google’s violations.

With the Action, the Foundation also aims to pressure other major tech companies to implement significant structural changes to protect their users’ privacy. As such, the Foundation’s broad goal is to advance privacy protections for consumers worldwide.

The Foundation has an independent Board and Supervisory Board, consisting of leading specialists experienced in privacy law and collective actions. More information on the Foundation and its Board members can be found here.

More information on the parties with whom the Foundation cooperates can be found here.

What does the Foundation want to achieve?

The Foundation wants to stop the illegal surveillance of consumers and the illegal commercial exploitation of their personal data by Google. The Foundation has therefore taken legal action against Google. The Foundation demands that Google fundamentally changes its business practices. In addition, it demands financial compensation for consumers who are or have been using Google’s products or services.

Where can I find the Foundation’s Articles of Association?

You can find the Articles of Association here.

Do the Foundation’s Board of Directors and Supervisory Board get any remuneration?

Yes. Members of the Board of Directors receive hourly compensation for their work and members of the Supervisory Board are compensated annually for the same. These fees are paid by the Funder, Lieff Cabraser Heimann & Bernstein, LLP. For this year the specific amounts are listed in the document ‘Claim Code Compliance 2024’, which can be found here.

About the Action Against Google

Why this Action against Google?

Google’s business model is based on illegal, exploitative practices that violate consumers’ rights. Google goes to great lengths to collect as much of its users’ personal data as possible to support its advertising business, which in 2023 generated approximately USD 238 billion in revenue. Google’s outsized profits come at the expense of consumer privacy. Its practices constitute illegal surveillance and illegal exploitation of personal data, with an unknown impact on the personal lives of its users now and in the future. The Foundation finds Google’s disregard for its users’ privacy rights unacceptable and has therefore taken legal action against Google. The Action is supported by the Consumentenbond.

Why is the Action not international?

Google offers its services all over the world, not just in the Netherlands. So it is true that Google not only violates privacy rights in the Netherlands. In the Netherlands, this type of collective action is limited to actions associated with the Netherlands. For this reason, the action only targets Google users in the Netherlands.

What does Google do and why is it wrong?

Google is the most dominant data company on earth, offering useful and practical products and services to the public. Google’s products and services, such as Google Search, Google Chrome, Gmail, Google Maps, and Android phones, are almost impossible to avoid. They have become an essential part of our daily lives. But that does not justify intrusive surveillance, which is exactly what Google’s business practices result in.

Google’s consumer tracking takes place on an unprecedented scale—collecting personal data from all consumers who use its ubiquitous products and services. This includes data on location and online activity, which Google collects regardless of selected preferences. Moreover, it uses what are known as ‘dark patterns’ or deceptive design techniques to nudge users towards the least privacy-centered option. Google aggregates the personal data it collects to build detailed profiles of consumers’ lives, which it uses to derive products and services it sells to third parties to feed its advertising business. Google also transfers personal data to the United States without sufficient protection from government surveillance.

Google claims that users like you have ‘consented’ to Google’s vast and intrusive collection of personal data, but this ‘consent’ is manufactured, not freely given, and has no legitimate basis in the law. Google conducts its business such that obtaining consent from consumers is impossible. Consumers cannot possibly grasp what Google does with their personal data.

All in all, the illegal ongoing surveillance and exploitation of its users’ personal data by Google violates their right to privacy and the democratic freedoms that they secure. Privacy and freedom from surveillance are long-established Dutch and European rights laid down in the law and constitute the basis for democratic rule. These fundamental rights preserve the freedom to live and develop independently without being tracked, watched, or manipulated.

Accordingly, Google acts unlawfully and in violation of Dutch and European consumer and data protection law. Specifically, Google’s practices violate applicable privacy laws (such as the Dutch General Data Protection Regulation (GDPR)) and cookie laws. In addition, Google’s practices constitute an unfair trade practice: users are being misled and in any event not informed properly about Google’s actual practices. Also, Google has been unjustly enriched.

Visit ‘Our Action Against Google’ for more information.

What does Google need to change?

Google must fundamentally change its practices so that it stops violating the rights of its users and no longer violates the law.

To do this, Google must do at least the following:

drastically change its digital infrastructure by applying effective privacy by design. This means implementing specific technical and organizational measures in Google’s systems so that the processing of users’ personal data is limited to what is strictly necessary and otherwise meets the requirements of applicable laws and these measures put a stop to the illegal surveillance;
stop misleading its users and inform them what specific data Google is collecting, what Google (and any third parties) are doing with it, and with whom Google is sharing all that information;
establish a legitimate basis for processing personal data. Google currently makes it impossible for users to legally consent to its practices, including the commercial exploitation of their data. Users cannot possibly comprehend what Google does with their data. But at the same time, because of Google’s dominant position, users have virtually no choice but to use Google’s ubiquitous products and services; and
stop transferring users’ personal data to the United States without sufficient safeguards against government surveillance.

Can Google counter that it just offers good services? Google needs money for that, doesn't it?

Google provides services that almost all of us use on a daily basis, such as Google Maps to find our way around. The fact that a product is used daily is no excuse for ignoring consumers’ rights. On the contrary, it means that Google must take extra care of your data. It has a legal duty to comply with consumer rights. After all, data protection and privacy are fundamental rights. They do not have to be paid for. Google can perfectly well offer its services and get paid for them without violating these fundamental rights. For example, it can also offer ads that are not based on personal data.

How is it determined what minimal data Google is allowed to use?

Google has a duty of care to consumers to limit the processing of personal data to what is strictly necessary. This is also known as the data minimization obligation. It makes sense if you want to use Google Maps, for example, that Google needs data about your location to know where you are for the use of Google Maps. But Google often also uses that data for other purposes (like advertising), or collects location data for advertising outside of using Google Maps. Google collects far more data than strictly necessary to offer a product or service. Google is thus violating its data minimization obligation.

Who does this Action aim to protect?

You are one of the Aggrieved Parties that the Foundation intends to protect if you have been subject to Google’s privacy violations involving the illegal collection, processing, storage or transfer of your personal data and you resided in the Netherlands (for a period of time) on or after 1 March 2012.

Google’s services and products include the following:

A Google Account;
Gmail;
A smartphone with the Android operating system;
Google Search;
YouTube;
Google Maps;
Google Chrome;
Google Drive;
Google Docs;
Google Translate;
Google Play;
Google Photos;
A Google Chromebook;
A Google Nest product;
Google Pay; and
A Fitbit.

You can sign up from the age of 16. Are you under 18 years old? Ask your parents/guardians for permission before you sign up. For the precise definition of Aggrieved Parties, see the Foundations’ Articles of Association.

Stichting Massaschade & Consument (SMC) also started an action against Google. How does it differ from the Foundation’s Action?

The Foundation represents the interests of all consumers who have used a Google product or service from the Netherlands, at any point in time as of 1 March 2012. In its action, SMC represents the interest ofall natural persons residing in the Netherlands who used an Android smartphone after 25 May 2018.

Participation in the Action

How can I be involved in the Action?

The Foundation understands that it is important to stay in touch with the Aggrieved Parties. On 26 June 2024, the Foundation organised an event for participants where attendees had the opportunity to meet the Board and an explanation was given about the lawsuit. Click here for a report of the event. In addition, the Foundation established a panel of participants. The panel members will be asked to provide input on certain decisions of the Foundation or to share their views on certain topics with which the Foundation is concerned. The Articles of Association provide for this possibility.

Aggrieved Parties can monitor relevant developments via the Foundation’s website. Participants in the Action will additionally be kept informed of relevant case developments through news releases via e-mail.

Does it cost anything for the Aggrieved Parties to participate in the Action?

It does not cost you anything to participate in the Action against Google, because a ‘no cure, no pay’ agreement applies. Read more information here about the ‘no cure, no pay’ agreement.

If I participate in the Action, can I still use Google?

Yes. You can join the Action and continue to use Google’s products and services. For many of Google’s products and services, there are no practical alternatives.

How does the Foundation handle my privacy in pursuing my claim?

The Foundation has mandated Consumentenbond Claimservice B.V. (CCS) to facilitate and establish the registration process, maintenance, and support of your claim. Under the Foundation’s mandate, CCS will collect your personal data on behalf of the Foundation, which will maintain responsibility over it. This means that the Foundation will be the controller and CCS will be the processor on behalf of the Foundation.

CCS processes your name, contact details, and the provided information about your use of Google’s products and services. We use this information only for the Action. CCS will only use your e-mail address to contact you about other CSS actions if you have consented to this. You can easily opt out. Please read the Privacy Statement carefully.

Why should I participate in the Action?

As a collective we can take a strong stand against Google. Your participation shows to the court that consumers take their privacy seriously and want Google’s illegal surveillance and exploitative practices to stop.

Is it possible to withdraw from the Action?

Yes, it is possible to withdraw from the Action.

Aggrieved Parties who have entered into an agreement with the Foundation can withdraw within 60 days without owing anything to the Foundation. This changes after 60 days. If an Aggrieved Party withdraws after 60 days, the Foundation has already incurred significant costs. Therefore, the agreement provides that, if an Aggrieved Party withdraws at a later stage and the Action ultimately results in a recovery for that Aggrieved Party, part of the ‘no cure, no pay‘ fee is owed to the Foundation. The Foundation, in turn, pays the owed amount to the litigation funder. The Foundation will not keep this for itself. Read more about the payable amount in case of withdrawal from the Action.