Over a year ago, we wrote about a class action lawsuit against Google for allegedly intercepting (or wiretapping) email in order to provide targeted advertisements and create user profiles. Most Gmail users are familiar with the targeted ads, which Google provides after a computer quickly scans the email and matches a relevant ad. Other email services and Facebook provide similar targeted ads. Now, as Wired reports, U.S. District Judge Lucy Koh has ruled that this type of practice could violate the federal Wiretap Act, rejecting Google’s attempt to dismiss the case.
Plaintiffs claimed that Google violated the Wiretap Act and various other state privacy laws by scanning all incoming emails. Google moved to dismiss, arguing that it fell within an exception of the Wiretap Act and, in the alternative, that all plaintiffs consented to any interception.
Generally, the Wiretap Act prohibits the interception of electronic communications and provides a private right of action against those who intercept such communications. The Act defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”
First in its motion to dismiss, Google argued that it fell within an exception to the definition of device, putting it outside the definition of intercept. Under the exception, “any . . . equipment or facility . . . being used by a provider of wire or electronic communication service in the ordinary course of business” is not considered a device.
The court rejected Google’s argument, interpreting the “ordinary course of business” exception narrowly. When interpreting the exception, the court focused on the word “ordinary”:
The Court must give effect to the word “ordinary,” which limits “course of business” . . . The presence of the modifier “ordinary” must mean that not everything Google does in the course of its business would fall within the exception. The task that the Court faces at this stage is to determine whether Plaintiffs have adequately alleged that the purported interceptions were not an “ordinary” part of Google’s business.”
The court also reasoned that “the statutory scheme suggest[ed] that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business model.” The court noted that “Google’s alleged interceptions are neither instrumental to the provision of email services, nor are they an incident effect of providing these services.”
Additionally, Google argued that the plaintiffs consented to any interception, which would take Google’s actions outside of the Act. According to Google, all Gmail users consented when they agreed to the Terms of Service and non-Gmail users impliedly consented when they sent mail to Gmail users. But the court concluded that the policies were not clear enough and rejected Google’s argument:
It appears that Google couldn’t point to any language in their terms explaining the email scanning practice, and the argument that non-Gmail users consented seemed particularly weak. The court flatly rejected the non-Gmail users consent argument:
Google [has not] cited anything that suggests that by doing nothing more than receiving emails from a Gmail user, non-Gmail users have consented to the interception of those communications. Accepting Google’s theory of implied consent—that by merely sending emails to or receiving emails from a Gmail user, a non-Gmail user has consent to Google’s interception of such emails for any purposes—would eviscerate the rule against interception.
The impact of this decision remains unclear. Targeted ads help bring in revenue for an otherwise free service. But Google and other online service providers—such as Yahoo—may have to find new ways to raise revenue if the practice violates federal law. Based on the importance of the decision, it seems likely that Google will seek permission to appeal the ruling in an interlocutory appeal.