Google may have violated the federal Wiretap Act when it routinely scanned the content of emails for purposes of providing targeted advertising and creating user profiles, a federal judge ruled yesterday.
The Northern District of California denied Google’s motion to dismiss the Wiretap Act claims against it, allowing the case to go forward. The court found that Google’s practices were not “instrumental” to providing email services through Gmail and that email users may not have consented to having their emails read for advertising and user profile purposes.
The outcome of this case could have ramifications for all email services that intercept and “read” or “scan” users’ emails for key words which are used to attach targeted ads to emails.
The Wiretap Act and the “ordinary course of business” exception
The federal Wiretap Act prohibits the interception of wire, oral, or electronic communications. The Act contains an exception for communications intercepted by a provider of electronic communication service in the “ordinary course of its business.” The court held that Google’s interception of emails to and from Gmail users for advertising and user profile building purposes did not fall under this exception.
The court narrowly defined the “ordinary course of business” exception as applying to email providers only when the interception “facilitates or is incidental to” providing email services. Since Google’s interception of email for advertising and profile building purposes is separate from its spam filtering, antivirus protections, spell checking, and other scanning functions, the Court held that the interception was not “instrumental” to providing email services.
Did Gmail users consent to Google reading their emails?
Google argued that Gmail users, by agreeing to Google’s Terms of Service and Privacy Policies, consented to any interception of emails by Google. But after reviewing the policies, the court could not “conclude that any party…consented to Google’s reading of email for purposes of creating user profiles or providing targeted advertising.”
The judge found that no version of Google’s Terms of Service or Privacy Policies explicitly said that Google would intercept and read the content of users’ emails.
Google’s Terms of Service from April 2007 to March 2012 stated that “Google reserves the right…to pre-screen, review, flag, filter, modify, refuse or remove any or all Content from any Service.” A separate section stated that “advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information.” Google’s Privacy Policies from August 2008 to March 2012 stated that Google may collect “information you provide, cookies, log information, user communications to Google, affiliated sites, links, and other sites.”
The district judge found that none of these terms specifically mentioned the content of users’ emails to each other or gave users notice that their emails were intercepted to create user profiles. Moreover, the assertion that Google “could” target advertisements based on content stored in Gmail did not provide notice that it “would,” and intercepting information in transit — the specific prohibition of the Wiretap Act — is not the same as collecting “stored” content, the Judge wrote.
Google can ask the district court judge to grant it permission to appeal the decision to the Ninth Circuit. In the mean time, it remains uncertain whether email services can legally scan the content of users’ emails to provide targeted advertising and what constitutes consent for doing so.
Natasha Duarte is a 2L at the University of North Carolina School of Law and a first-year master’s student at the UNC School of Journalism and Mass Communication.