The US tech giant Google has agreed to remove billions of personal records collected from over 136 million individuals in the United States who used its Chrome web browser. The move is part of a settlement in response to a class-action lawsuit accusing Google of engaging in illegal surveillance practices.
The lawsuit, filed in 2020, alleged that Google misled users by tracking their internet browsing activity even when they believed it to be private, such as when using the “incognito” or “private” mode on web browsers like Chrome.
After months of legal proceedings, Google consented to settle the lawsuit in late December 2023. However, the settlement is currently pending approval by the US District Judge. As part of the agreement, Google is required to undertake a comprehensive data remediation process to delete sensitive information and uphold user privacy.
Key measures include the deletion of data that could identify individuals engaging in private browsing. This involves redacting data points such as IP addresses, generalizing User-Agent strings, and removing detailed URLs associated with visited websites. Google has agreed to retain only domain-level portions of the URLs to minimize the risk of user identification.
Furthermore, Google will eliminate the X-Client-Data header field, described as a Chrome-Variations header capturing information about the installation of Chrome. This move aims to prevent the potential identification of specific Chrome users based on randomized seed values associated with the header.
As part of the data cleanup effort, Google will purge information older than nine months collected before December 2023. The company is required to complete this process within 275 days of the settlement's approval.
The internet giant has also agreed to implement changes to Incognito mode to enhance user privacy over the next five years. This includes enabling Incognito users to block third-party cookies by default, offering greater control over online tracking and data collection.