Greetings TCPAWorld!
Get excited! What a time to be alive in the latest AI evolution of legal cases emerging and yet to come. I’m back with a deep dive into a juicy new class action against tech titan Google. The lawsuit, Barulich v. Google, LLC, 3:24CV06225, filed in California federal court, claims Google’s AI-powered customer service platform is illegally eavesdropping on consumers’ calls and violating state privacy laws. WOW.
The Plaintiff claims that Google’s software allegedly secretly listens in on phone conversations, records them without consent, retains copies in its databases to feed its AI algorithms, and even suggests responses to customer service reps based on the calls—all without the consumer knowing Google’s on the line. They argue that this amounts to wiretapping under the California Invasion of Privacy Act (CIPA).
According to the Complaint, Google is portrayed as a covert eavesdropper, lurking on the line and capturing consumers’ private communications. Specifically, the Plaintiff alleges:
- Google’s Cloud Contact Center AI (CCAI) tool, used by companies like Home Depot for customer service, analyzes voices, transcribes conversations in real-time, and suggests responses to service agents without callers’ knowledge.
- It retains these recorded conversations in its databases to train AI models.
- Google can access and use these recordings independently of its clients’ customer support.
- Consumers are not clearly informed or given a chance to consent.
The Plaintiff argues that this conduct violates Section 631 of CIPA, which bars wiretapping communications without all parties’ consent. They’re seeking to represent a class of “all California residents who had their telephone conversations intercepted, recorded, eavesdropped on, or wiretapped” by Google’s software without prior permission. The demand? Statutory damages under CIPA—$5,000 per violation.
So, how might Google try to wiggle out of this jam? Its most robust play may be an argument that it was merely acting as an “agent” for the companies using its customer service AI, like Home Depot. Google scored a recent win on this ground in a similar case involving its software for Verizon in Ambriz v. Google, LLC, No. 23-CV-05437-RFL, 2024 WL 3282521 (N.D. Cal. June 20, 2024). However, the Ambriz Complaint alleged an agency relationship, while this one does not. Critically, the CIPA exception applied in Ambriz involving Verizon because it was limited to agents of phone companies and utilities—a label Home Depot is unlikely to claim.
Alternatively, Google may argue that consumers implicitly consented to the recording via its clients’ privacy policies. But courts have been hesitant to find implied consent to third-party snooping based on vague fine print. The Complaint here says Google’s role was never disclosed at all, which is a far cry from the crystal-clear notice courts demand.
So, will the Plaintiff’s claims stick? Recent rulings in similar cases suggest Google faces an uphill battle.
For example, in Yockey v. Salesforce, Inc., the court found allegations that Salesforce could use customer chat data to improve its products and train its AI models were enough to allege it was a third party under CIPA plausibly. See Yockey v. Salesforce, Inc., No. 22-CV-09067-JST, 2024 WL 3875785 (N.D. Cal. Aug. 16, 2024). Likewise, in Turner v. Nuance Communications, Inc., Nuance’s use of customer voice data to create its own “watchlist” of “known fraudsters” database made it more than a mere recording tool. See Turner v. Nuance Commc’ns, Inc., No. 22-CV-05827-DMR, 2024 WL 2750017 (N.D. Cal. May 28, 2024).
The allegations here strike a similar chord. If the evidence shows Google banked Home Depot customer data to rev up its own AI engines, an agency defense could be significantly undermined.
Other cases highlight Google’s risks. In Gladstone v. Amazon Web Services, Inc., the court allowed wiretapping claims to proceed against Amazon over its “Amazon Connect” customer service software. See Gladstone v. Amazon Web Servs., Inc., No. 2:23-CV-00491-TL, 2024 WL 3276490 (W.D. Wash. July 2, 2024). The court emphasized allegations that Amazon retained and analyzed customers’ voice data, finding this could make Amazon a third-party “interceptor” under CIPA, even if it acted on its client’s behalf.
This reasoning could spell trouble for Google. Similarly, the Complaint here alleges that Google doesn’t just pass on customer conversations to Home Depot but stores copies in its databases to refine its AI. Gladstone suggests this kind of data retention and use for independent purposes could place Google outside CIPA’s “party” exception and in the crosshairs of liability. The Gladstone case also held that CIPA applies to interception by any “person”—not just “devices.” That could undermine Google’s potential defense that its AI is not a “device” regulated by the statute.
Similarly, in Rodriguez v. Ford Motor Co., the plaintiff alleged that Ford allowed a third-party software company to eavesdrop on and record conversations between website visitors and Ford’s customer service representatives, allegedly violating CIPA. The court dismissed the claims for direct liability under CIPA with prejudice while dismissing the claims for aiding and abetting and for violations under CIPA Section 632.7 without prejudice, allowing the plaintiff the opportunity to amend and potentially refile these claims. The court found that the plaintiff failed to plausibly allege that the software company used the data for its own purposes or that Ford knew of any intent by the software company to use the data independently. It emphasized that merely collecting data to benefit Ford as the client, without evidence of independent use by the software company, was insufficient to state a claim under CIPA. See Rodriguez v. Ford Motor Co., No. 323CV00598RBMJLB, 2024 WL 1223485 (S.D. Cal. Mar. 21, 2024). Here, if discovery reveals Google exploited Home Depot customer data to turbocharge its own algorithms, it may be harder to paint itself as Home Depot’s innocent sidekick.
So, what’s the bottom line? The case is still in the early rounds, but the Complaint’s detailed allegations and the crescendo of plaintiff-friendly rulings in similar suits suggest Google may be in for a dogfight.
The Plaintiff seems to have done their research from the greatest hits of recent AI eavesdropping complaints, emphasizing Google’s alleged data hoarding and reuse – factors that have helped other claims survive. If discovery bears out those contentions, Google’s “just an agent” refrain may ring hollow.
In the meantime, consider this your cautionary tale. If your company is considering using AI customer service tools, consider your disclosure practices. In the age of machine learning, transparency isn’t just good ethics—it’s existential risk management.
We’ll have to see how the chips fall and keep you posted. Google may yet dodge this wiretapping bullet, but the war between data-ravenous AI and consumer privacy is just beginning. Tread carefully, friends.
Keep it legal, keep it smart, and stay ahead of the game.
Talk soon!