Internet media companies collect, use, and store substantial amounts of user data and track user behavior across online platforms, creating significant financial, legal, regulatory, and reputational risks, should those data be improperly collected, misused, or accessed by unauthorized parties.

Policymakers and regulators recognize the fundamental importance of online privacy and have implemented meaningful protections to that end. Regulations such as the EU’s GDPR, along with other similar measures implemented around the world, represent an important step toward greater data privacy protection. Given the fundamental significance of privacy, regulatory scrutiny is likely to only increase going forward. Companies who wish to remain competitive must stay ahead of the regulatory curve by proactively managing, mitigating, and disclosing information about such issues.

Alphabet is particularly exposed to these risks. Unfortunately, the company may not be adequately managing these risks and lacks transparency in its handling of such issues, as evidenced by multiple Congressional inquiries regarding the Company’s data practices.

A 2018 study published by Precursor, LLC regarding Alphabet-Google’s privacy track record cited repeated violations of privacy laws and unfair and deceptive data collection practices. The study concluded, “Google has serially harmed consumer welfare in unfairly and deceptively undermining consumers’ expectation of, and actual, privacy and data security, as well as undermining consumers’ ability to protect their own privacy and data security and that of minors.”

A 2020 class action suit alleges that Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake. According to the suit, “even when Google users launch a web browser with ‘private browsing mode’ activated (as Google recommends to users wishing to browse the web privately), Google nevertheless tracks the users’ browsing data and other identifying information.” This is in direct contravention of global standards such as those provided by the UN Development Group’s Data Privacy, Ethics and Protection: Guidance Note on Big Data for Achievement of the 2030 Agenda.

Alphabet has also failed to provide adequate transparency regarding the use and protection of the data it collects. The 2020 RDR Corporate Accountability Index concluded that Google should increase transparency of data inference practices and collection of user information from third parties. Further, the report stated that “Google was less transparent about its security policies than many of its peers and failed to disclose anything about is policies for handling data breaches.”