Tech giant Google is facing a proposed class-action lawsuit in the United States, which alleges that its Gemini AI assistant was used to unlawfully track and analyze the private communications of users across its services, including Gmail, Chat, and Meet. The lawsuit raises significant questions about user consent and data privacy in the age of generative AI.
The Core Allegation: Default On Without Consent
The complaint, filed in a federal court in San Jose, California, claims that Google activated Gemini by default for its communication services in October 2023. It alleges this was done without explicitly notifying users or obtaining their consent, effectively allowing the AI to access and process the content of private emails, messages, and attachments.
According to the lawsuit, while users have the option to disable the feature, the process is buried within complex privacy settings that are not easily accessible or understood by the average user. This “default on” approach is at the heart of the plaintiffs’ claims.
Violating California Privacy Law
The lawsuit argues that Google’s actions violate the California Invasion of Privacy Act (CIPA). This long-standing law, enacted in 1967, prohibits the recording or eavesdropping on confidential communications without the consent of all parties involved.
The plaintiffs contend that by leaving Gemini activated, Google gave its AI system access to “the entire recorded history” of user communications, constituting a breach of this act. The lawsuit is seeking class-action status and unspecified damages, setting the stage for a legal battle that could test how decades-old privacy laws apply to modern AI technologies.
Implications for the MENA Tech Ecosystem
While this legal challenge is unfolding in the US, its implications resonate strongly within the MENA startup and tech community. The region is rapidly advancing its own data privacy regulations, such as Saudi Arabia’s Personal Data Protection Law (PDPL) and the UAE’s Personal Data Protection Law (PDPL Federal Decree-Law No. 45/2021).
For MENA-based founders and developers building AI-powered solutions, this case serves as a critical reminder of the importance of “privacy by design.” The era of ambiguous terms of service and opt-out consent models is fading. Startups in the region must prioritize transparent communication and explicit user consent for data processing to build trust and ensure compliance with evolving local regulations. Furthermore, global legal precedents like this can shape user expectations and influence future regulatory frameworks across MENA.
A Pattern of Privacy Concerns
This is not the first time Google has faced scrutiny over its data handling practices. In 2018, the company shut down its Google+ social network after a data bug was exposed. More recently, Google has paid out hundreds of millions in settlements related to misleading users about how it collects and uses location data, even when location history settings were turned off.
About Google
Google is a multinational technology company specializing in Internet-related services and products, which include online advertising technologies, a search engine, cloud computing, software, and hardware. It is considered one of the Big Five American information technology companies, alongside Amazon, Apple, Meta, and Microsoft.
Source: Tech in Asia
