Google's Billion Dollar Texan Adventure

I’m Alan Chapell. I’ve been working at the intersection of privacy, competition, advertising and music for decades and I’m now writing for The Monopoly Report. If you have a tip to share in confidence, find me on Twitter or Bluesky.

Our latest Monopoly Report podcast is out privacy engineer Brian May. Brian and I talk about privacy enhancing technologies (PETs), and how PETs are used (and mis-used) in the ads space.

Google settles with Texas AG for $1.375 billion

Last week, the Texas AG’s office announced that it had secured a $1.375 billion settlement with Google in connection with a privacy and consumer protection lawsuit initiated in 2022. Lot’s of press reports to date focus on the size of the fine. It’s certainly not chump change - even for Google.

I’m more intrigued by the speed at which this case made it from initial complaint to settlement. Google is certainly no pushover - so there are a few things that one might infer about this case based on the size of the settlement:

1. The AG’s office had Google dead to rights (maybe)

2. Google is running out of lawyers given all their legal woes (unlikely)

3. Google needs to untangle / simplify as best as it can given the Texas led AG antitrust case coming this summer.

Honestly, none of those possibilities felt particularly satisfying to me. What’s worse, there’s very little information to be found about the case (i.e., no published settlement) other than some fun legal arguments that Google somehow had insufficient ties to Texas (say what you want, but that claim made it all the way to the Texas Court of Appeals).

Pursuant to the Texas AG’s May 2025 announcement, Google is not required to admit wrongdoing or liability - and the settlement does not force the company to change any products or required disclosures to consumers.

What is this case about?

This case mostly pertains to (a) Google’s alleged use of precise location data, and (b) Google’s alleged collection of data via Chrome when the browser is set to Incognito mode. More on that below.

Precise Location

The Texas complaint against Google alleges deceptive practices in how the company collects and uses precise location data by using dark patterns such as misleading settings descriptions and repeated prompts to nudge users into enabling location tracking. These practices apparently violate the Texas Deceptive Trade Practices-Consumer Protection Act by misleading users about their ability to control location data.

Editor’s Note: As you may know, use of precise location data has become increasingly problematic given reports that self-serve sales of precise location are enabling some questionable behaviors such as the outing of gay priests and tracking the movements of government employees. Precise location is really one of the few ad tech data use cases where we don’t have a particularly good answer to the question: what’s the harm? I’ve talked about precise location on the podcast a few times - and I get the sense that the regulatory walls are starting to close in on that space. It’s no longer a question of “valid consent” - as some states are beginning to prohibit the sale of precise location altogether.

But that begs the question - what kind of location data was Google processing here?

I’m assuming that at least some of the time, these practices pertained to Google’s use of precise location data. But for some reason, the complaint doesn’t consistently distinguish precise location (e.g., lat/long) from geo location (e.g., city, postal code). That’s an issue because the two types of data carry different risk profiles and are typically subject to very different privacy rulesets.

Incognito Mode in Chrome

The Texas AG also took issue Google Chrome's Incognito mode, a feature in the Chrome browser that promises private browsing - a promise that on it’s face seems dubious at best. According to the allegations, Google continues to collect data during these supposedly private browsing sessions, contradicting its assurances of privacy.

Private browsing has been around for almost two decades - starting with Safari in 2005. And within a few years, most major browsers were offering their own version of “private” browsing sessions as a core feature of protecting the privacy of its users.

But here’s the thing about “private” browsing sessions - they aren’t really private. Sure, if you share a browser with your roommate (as if), you can use it to make sure that (s)he can’t easily see the URLs you visit. But it doesn’t prevent your ISP or the website you just visited from getting access to certain browsing data. There’s all kinds of research that suggest that private browsing is pretty much worthless - to the point where I’ve often wondered why browsers continue to offer the feature at all.

I’m confident that Google (like most browsers) is well aware of the problematic nature of its Incognito mode. Despite this, the company has allegedly failed to adequately inform users, allowing them to believe their browsing is private when it is not. According to Texas, this practice not only deceives users but also highlights the broader issue of transparency in tech companies' data practices.

Fair enough - but I’d be curious to see if the in-private settings of other browsers would survive a similar challenge.

What data do browsers process - and how is it shared?

The Texas settlement with Google raises an interesting question regarding the types of data that each browser collects - and how that data gets used. I’d welcome some independent research on this question given that browsers are entering into a new era of monetization. Surfshark makes an interesting attempt to evaluate browsers, but just looking at the app store privacy disclosures for each browser is of limited value given the general (in)accuracy of those disclosures. The Mysk folks evaluated what MSFT Edge collects a few years ago. I’m hoping they (or someone else) does a study that covers all major browsers. My guess is that a look under the hood would reveal functionality that is non-core to browsing…. and who knows, maybe they find a back door integration or two.

Personally, I’d love to understand how ad blocking functionality might be incorporated into the rest of a particular browser companies ad stack.

What can we learn from Google’s Settlement with the Texas AG?

A few random observations about this case.

1. It’s probably easier just to settle and write a check - particularly if doing so doesn’t necessitate a change in business practices or an admission of guilt. That’s pretty much the approach Google has adopted with respect to ePrivacy “cookie” violations in Europe. But damn - that’s a pretty big check!

2. Google’s services and platforms contain all kinds of complexities and interdependencies. That’s probably obvious to most who are reading this. But those same factors that render any potential divestment under antitrust law as really problematic for Google will also continue to create privacy issues for the company.

3. Just a gut feeling, but I suspect that the TX AG is a bit more comfortable playing the legal game using hard fouls than the DOJ might be. Assuming I’m right, I wonder how that mindset might implicate the State led “Jedi Blue” antitrust case against Google and Meta later this year. Are we potentially getting a preview here?

4. Google sometimes comes off as invincible, but there’s a part of me that feels like we’re just a few more losses away from the flood gates really starting to open for Google given the number of fora under which Google is being forced to defend itself.

____________________________________________________________________________

If there’s an area that you want to see covered on these pages, if you agree/disagree with something I’ve written, if you want tell me you dig my music, or if you just want to yell at me, please reach out to me on LinkedIn or in the comments below.