Google's adtech targeted by Dutch class-action style privacy damages suit

Google is facing class-action style litigation in the Netherlands which accuses the adtech giant of breaching European privacy laws. It's demanding Google stops tracking and profiling consumers and is also seeking compensation for what it dubs "large-scale privacy violations" of the European Union's data protection regime.

The representative action, which has been filed with the Amsterdam District Court, is being brought by two not-for-profits: The Foundation for the Protection of Privacy Interests (FPPI) and the Dutch Consumers' Association (aka Consumentenbond).

More than 82,000 consumers have signed up to join the claim since it was announced back in May, per the pair.

"Google acts in violation of Dutch and European privacy legislation," the Google claim plaintiffs argue on their website [translated from Dutch with AI]. "The tech giant collects users' online behavior and location data on an immense scale through its services and products. Without providing enough information or having obtained permission.

"Google then shares that data, including highly sensitive personal data about health, ethnicity and political preference, for example, with hundreds of parties via its online advertising platform. Irish research shows that residents' internet activity and locations in Europe are exposed to online ad auctions on average almost 380 times a day."

"Google must stop violating your privacy and pay damages. We also demand that Google implement structural changes so that it no longer violates your privacy. Google turns you into a product and collects billions in advertising sales every year," they add.

The 'no win, no fee' suit is still open to sign ups -- registration is offered via the claim website. Consumers who have used Google product or services at any time after March 1, 2012, and lived in the Netherlands, can join the mass action.

The Northern European country was early to amend its class action regime to apply a new EU directive on representative actions which allows qualified entities, such as consumer rights groups, to file collective actions for a class of consumers. The new procedural rules have been required to be applied to new claims since June 25.

Add to that, back in May, a ruling by the Court of Justice of the EU confirmed there is no threshold of seriousness for non-material harm in order to claim compensation for privacy damages. Which means claims can be brought for emotional distress flowing from a violation of the bloc's General Data Protection Regulation (GDPR) or other privacy laws.

Commenting on the Google claim in a statement, Ada van der Veer, chairman of the FPPI, added:

Google is constantly monitoring everyone. Even when using third-party cookies -- which are invisible -- Google continues to collect data through other people's websites and apps, even when someone is not using its products or services. This enables Google to monitor almost the entire internet behavior of its users. In addition, Google continuously collects the physical locations of users, even when they are not actively using their devices and think they are 'offline'.

A spokesperson for Consumentenbond also told us: "The case addresses privacy violations from 2012 onwards -- still continuing today. It focuses on specific past and present practices of Google which are in violation of the law."

Google was contacted for comment on the litigation but at press time it had not responded.

A number of aspects of the tech giant's business have been under investigation by its lead regulator for GDPR, Ireland's Data Protection Commission, for several years following complaints its technologies breach EU privacy rules. However no decisions have been handed down -- including on a major complaint against's Google adtech; another against Google's location tracking; and several charging Google with deceptive design -- giving consumer rights groups further impetus to resort to litigation so long as funders are willing to take cases on a 'no win, no fee' basis.

In this case the Google claim is being funded by the litigation-focused law firm, Lieff Cabraser Heimann & Bernstein.

Research into Google's real-time-bidding adtech by the Irish Council for Civil Liberties has previously revealed details of the vast scale of data sharing involved in the high velocity online auctions Google monetizes by matching profiled consumers with microtargeted ads. However, despite the tech giant's lead regulator for GDPR -- the Irish DPC -- investigating its adtech since 2019 no decision has been issued and, last year, the regulator itself was sued for inaction over the adtech complaint.

In the meanwhile Google has been busy executing a pivot to an alternative form of ad targeting which aims to shift away from third-party cookies for tracking individual web users' activity to embedding surveillance technology into its Chrome browser that keeps tabs on the websites consumers visit to assign interest categories that advertisers can use to select which ads they see.

Google calls this rebooted ad targeting system "Privacy Sandbox". However web users' activity is still being tracked to determine ad topics for receiving marketing so it's not clear how much of a privacy advance it represents. Google is also actively pushing the Privacy Sandbox system onto Chrome users -- requiring they take active steps to opt out of it, rather than an affirmative opt in despite its implementation of the migration being closely monitored by U.K. regulators.

The Consumer Association behind the Google claim previously brought a successful privacy litigation against Facebook-owner Meta, also funded by Lieff Cabraser Heimann & Bernstein -- obtaining a declaration of rights earlier this year in which the court found the tech giant did not have a lawful basis to process local users’ data for ad targeting.

This report was updated with additional detail after the Consumentenbond responded to our questions