Google Fined $314m for Android Data Use Without Consent

Google has been ordered to pay US$314.6m to 14 million Android users in California after a jury found the company liable for transmitting user data from idle devices without permission. 

The case marks a turning point in legal and cyber discussions around user consent, data ownership and what it means for individuals to control access to their mobile activity — even when they're not using their phones.

The case was filed in 2019 and brought to trial in San Jose, where plaintiffs argued that Google collected information from Android phones in standby mode. 

The data transfers were described as “mandatory and unavoidable burdens shouldered by Android device users for Google's benefit” in the lawsuit — and went unnoticed by users, who believed their devices weren’t sharing data when not in use.

The lawsuit centres on the idea that even passive data usage carries value, particularly for targeted advertising. The plaintiffs claimed the unapproved transfers effectively consumed part of users’ data allowances, which they argued was their property.

Glen Summers, one of the attorneys for the plaintiffs, said: “The verdict forcefully vindicates the merits of this case and reflects the seriousness of Google's misconduct.”

A cybersecurity battle over passive data collection

At the heart of the legal argument is whether mobile data can be treated as a form of property, and whether companies need explicit, ongoing user permission to extract it – even from inactive devices. 

While mobile operating systems rely on periodic background data requests to keep systems secure and connected, this case opens a wider debate: who controls the frequency, the volume and the intent behind these transfers?

Google maintained that these processes are critical to how Android functions, especially for security updates and performance checks. 

But the jury’s verdict signals concern over the company’s level of transparency, particularly in how it communicates with users about what’s happening behind the scenes.

José Castañeda, Policy Communications Manager at Google, said the company will appeal, arguing the decision “misunderstands services that are critical to the security, performance and reliability of Android devices”.

During the trial, Google’s legal team — provided by California-based Cooley — rejected the idea that data allowances could be considered property. 

They argued the complaint was based on design, not legal wrongdoing, calling it “little more than a misguided product design claim — not wrongful conversion”.

Billions at stake in wider legal challenges

This lawsuit may set precedent for future cyber and privacy cases, with Google already facing a similar federal trial covering Android users across the rest of the US. 

That case is scheduled for April 2026 and involves far greater financial exposure, potentially reaching billions of dollars in damages.

While the estimated daily data usage in dispute per person was relatively small — around 1 to 1.5 MB — when scaled across millions of devices and over several years, the impact is financially substantial. The class period stretches back to 2016, further multiplying the potential liability.

George Zelcs, partner at Korein Tillery and co-lead counsel for the plaintiffs, put the issue in financial terms: “The upshot is that these phone users unknowingly subsidise the same Google advertising business that earns over US$200bn a year.”

This legal strategy could reshape how companies treat passive data collection in product design.

 If more courts adopt this reasoning, it could force software platforms to clearly disclose background transfers, or offer opt-outs that are currently buried in settings or policy pages.

Consent, cloud systems and legal exposure

The California ruling also reflects a broader reckoning within the tech industry around consent and how companies justify their backend data flows. 

Users are generally aware of data collection when they actively use apps — but passive collection while devices are idle is rarely discussed in terms that make its impact clear.

Google’s decision to let the case go to trial, rather than settling, adds further weight to the development. This departs from its recent legal strategy, which saw the company pay $500m to resolve shareholder disputes and another $100m to settle overcharging claims from advertisers.

For the cybersecurity and data ethics community, this case may become a cornerstone of user rights enforcement. Bill Tilley, President and CEO of Amicus Capital Group, says: “With 14 million Californians involved and potentially billions more nationwide, the stakes are high, and the outcome could reshape future data ownership claims.”