The Weekly Breach Breakdown Podcast by ITRC - Google Privacy Settlement Hits Record $1.4B in Texas Case - S6E17

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for June 6, 2025. I’m Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week, we examine the latest events and trends in data security and privacy. This week, we’re discussing a record-setting Google privacy settlement in Texas and what it means when states begin holding Big Tech accountable. 

On May 9, Texas Attorney General (AG) Ken Paxton announced a historic Google privacy settlement, in which Google had agreed to pay nearly $1.4 billion, and yes, that’s billion with a B, to settle allegations that the company violated the data privacy rights of Texas residents. Let’s take a closer look at what’s behind the headlines. 

In 2022, Texas sued Google, alleging that the company had been unlawfully tracking and collecting private user data. The state’s legal team pointed to a pattern of behavior that included monitoring users’ physical movements, private search histories and even biometric data, such as voiceprints and facial geometry, often without clear consent. 

According to AG Paxton, this Google privacy settlement, which combines two separate lawsuits, is the largest of its kind by any state against Google for data privacy violations. It comes less than a year after Texas reached an identical $1.4 billion settlement with Meta, the parent company of Facebook and Instagram, over unauthorized use of biometric data on those platforms. 

In a statement, Paxton said, “In Texas, Big Tech is not above the law. This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust.” 

It’s worth noting what this Google privacy settlement doesn’t do. Google did not admit to any wrongdoing or liability. According to a company spokesperson, the agreement won’t require Google to change any of its products. In fact, they say the company had already implemented relevant policy changes, such as clearer disclosures on Chrome’s Incognito mode and location tracking in Google Maps, before the Google privacy settlement was finalized. 

The statement from Google emphasized that the deal “settles a raft of old claims...concerning product policies we have long since changed.” In other words, the company views this as putting past issues behind them, rather than overhauling current practices. 

So, what does this mean for consumers, especially those who live outside of Texas? It reinforces the fact that some of the most significant privacy enforcement actions are now coming from individual states rather than the federal government. It’s a clear signal to tech companies: privacy violations, especially those involving biometrics and location tracking, are going to cost you, at least in court. 

It also reminds us of how deeply embedded data collection is in the tools we use every day. Incognito mode might sound private, but that doesn’t always mean invisible. Google Maps helps us get around, but it also helps Google learn where we go.  

As always, the best defense is awareness. Know your settings. Understand what permissions you're giving. Also, don’t assume that just because a feature is popular, it’s privacy-safe by default. 

If you’re concerned about how your personal information may have been affected by this Google privacy settlement, or if you think you may be the victim of identity theft or crime, the ITRC is here to help. You can speak with an expert advisor by phone or text, chat live on our website or send us an email during our regular business hours (6 a.m. to 5 p.m. PT). Just visit idtheftcenter.org to get started. 

Thanks again to SentiLink for their continued support of the ITRC and this podcast. Please like this episode and subscribe wherever you get your podcasts. We’ll be back next week with another episode of the Weekly Breach Breakdown. I’m Tim Walden. Until then, thanks for listening.