The world's most widely used search engine misled users into thinking that by turning off location tracking – disabling the feature in their account settings – users would no longer be geolocated.

After four years of investigation, the New York Times reported news of the conclusion of what has been called “the largest Internet privacy settlement in the United States”. The settlement in question, between 40 U.S. Attorneys General and Google, resulted in the search engine being ordered to pay $391.5 million in compensation to users in the 40 countries involved.

The conduct alleged against Google consists of deceiving users: users were led to believe that by disabling geolocation from their devices they would no longer be tracked. Instead, it has been found that through the wide range of services offered (search engine, maps, apps) that connect to wi-fi and cell phone towers, Google has collected and stored an immense amount of data related to the locations and related habits of users; data that the search engine would then exploit to target personalized advertising to those same individuals.

It should be pointed out that even before the conviction in question, numerous grievances had been raised by associations representing consumers' privacy rights: critical issues that the so-called Big Techs have always attempted to deprive of, countering their own instances – pretty much economic – and denying their massive collection and storage of user data.

The real big problem is upstream: the United States lacks unified federal privacy legislation.

Few states (among which California, Colorado, Virginia) have legislation to protect personal data protection. At the central federal level, demands for recognition and, consequently, greater protection of citizens' privacy-side rights and freedoms have been clashing for years with the economic demands of large lobbies.

As necessary as it is to safeguard the economic interests of market participants, it is equally crucial to fully protect the rights and freedom of citizens.

Therefore, as of 2023, Google is also required to make user location procedures clearer and more transparent.

De iure condendo, a substantial change in the “method of punishment” also seems desirable. Given the revenues of a company like Google, it seems clear that a fine – no matter how large the amount – is easily predictable, calculable and amortizable in the future in a cost-benefit balance.

Not only, a purely pecuniary sanction dampens its potential deterrent effect on other economic agents (who, in making the same balancing act, might find it more profitable to violate citizens' rights, even in view of a possible fine to pay, rather than refrain from perpetrating such violations in order to avoid the sanction).

There should be a focus on more substantive and “restorative” data protection convictions, such as: the obligation to delete illegally collected personal data and the blocking of activities until effectively protective internal privacy policies are reviewed, implemented and appropriately publicized by the business operators involved.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.