Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Android users who used a COVID-19 contact tracing tool created by tech giants Google and Apple have had their sensitive personal information exposed to third-parties thanks to Google, a new nationwide class action lawsuit alleges.
In a class action filed Tuesday in a California federal court, Plaintiffs Jonathan Diaz and Lewis Bornmann claim Google violated the California Confidentiality of Medical Information Act and privacy laws in its implementation of the Google-Apple Exposure Notification System (GAEN) for coronavirus.
“For those who have reported testing positive, it enables third parties to link that diagnosis back to the particular patient, defeating the purported anonymity Google claims for its service,” the class action states.
The system, rolled out last May, was designed to help public health authorities track the spread of the novel coronavirus and notify a person if they had been exposed to someone with the virus.
The program uses Bluetooth on individuals’ mobile phones to send signals about encounters with other people nearby who also have an app using the system.
Google tells users it is made with privacy at its center, and assures people their identity is not shared with other users, Google, or Apple.
The class action says the contact tracing apps themselves generate secure personal device identifiers, which change periodically as they are broadcast to other devices. These identifiers should only be traceable with a “key” held by the public health authorities.
However, Google’s mobile services actually record the outgoing and incoming data on each device’s system log, the class action says.
This means Android device users running Google’s software “unwittingly expose” not only their own personally identifiable information to numerous third parties, but also to users of the app on other devices that come near them, including iPhones.
“Google unequivocally assures that it completely safeguards the sensitive information necessarily involved with COVID-19 contact tracing,” the class action states.
“However, because Google’s implementation of GAEN allows this sensitive contact tracing data to be placed on a device’s system logs and provides dozens or even hundreds of third parties access to these system logs, Google has exposed GAEN participants’ private personal and medical information associated with contact tracing, including notifications to Android device users of their potential exposure to COVID-19.”
The users allege Google has known about the security flaw since February, but has failed to inform the public that people with the app have had their private personal and medical information exposed.
“In or about the third week of April 2021, Google indirectly confirmed the existence of the security flaw by acknowledging that in late March 2021, it began to address the security flaw by rolling out patch fixes,” they say.
The class action says more than 28 million people across the U.S. have downloaded contact tracing apps that use GAEN or activated exposure notifications on their phones. California’s version of the app, CA Notify, has been downloaded to 1 million Androids and about 8.5 million Apple devices.
The users seek to represent a nationwide Class of Android users who downloaded or activated a contact tracing app incorporating GAEN. They also seek to represent a Subclass of California residents.
They are seeking certification of the Class, an injunction preventing Google from continuing the alleged practice and an order forcing it to destroy personal information stored in the system logs. They are also asking for damages, fees, costs and a jury trial.
Meanwhile, Google is also facing lawsuits alongside Facebook claiming that it is pushing the newspaper industry to the brink of extinction through anti-competitive behavior, including a “secret deal” that allowed the pair to monopolize the digital advertising market.
Did you expect your data to be kept safe while using a contract tracing app? Let us know in the comments!
The plaintiffs are represented by Michael W. Sobol, Melissa Gardner, Ian Bensberg, Nicholas Diamand and Douglas Cuthbertson of Lieff Cabraser Heimann & Bernstein LLP.
The Google Contact Tracing App Class Action Lawsuit is Diaz et al. v. Google LLC, Case No. 5:21-cv-03080, in the U.S. District Court for the Northern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
25 thoughts onGoogle Assured COVID-19 Contact Tracing Users Anonymity, Class Action Alleges It Lied
Please add my name to this class action lawsuit
Add me