Google's $1.4B Settlement Cements Texas' Reputation for Privacy Enforcement

“The main takeaways are ‘Don’t mess with Texas’ and ‘Everything is bigger in Texas’ -- even for privacy enforcement and settlements,” Odia Kagan, partner at Fox Rothschild, said in an email to Privacy Daily. The Texas enforcement, when considered alongside 2025 California Privacy Protection Agency fines against Todd Snyder and Honda (see 2505050066 and 2503140025), and other recent AG actions in states like Indiana, Arkansas and Vermont, "show that regulator enforcement is both imminent and can be very significant,” Kagan added. “Private right of action is not the only sheriff in town.”

The nearly $1.4 billion settlement with Google sets a new standard for both Texas and national privacy enforcement, said Kelley Drye’s Paul Singer, a consumer protection attorney who worked at the Texas AG office for more than 20 years. While the Texas-Google settlement might be similar in size to the state’s $1.4 billion settlement with Meta last year, the Google amount exceeds a previous 40-state settlement with Google on the same issues by almost $1 billion, he said in an interview.

It will be “seen, certainly within the state, as … how we should value these kinds of cases going forward,” Singer said. He added that "other states are going to take notice, and likely need to sort of catch up and sort of refocus their thinking on what appropriate penalties are for these kinds of cases.” Singer believes the “enforcement community is going to start to see the signal that 'maybe we should be valuing these cases higher,' because the significant impact that [these] practices have,” which affect nearly everyone, “probably need to have a larger price tag on them.”

Attorney General Ken Paxton (R) originally filed the lawsuit against Google in October 2022, alleging violations of the Texas Capture or Use of Biometric Identifier Act (see 2210200075). In addition to geolocation and biometric data, Paxton’s suit alleged the search engine illegally tracked and collected incognito search data.

Kagan said browsing data has gotten more government attention recently, including from the FTC. “You need to know whether there is any information of yours related to browsing data being collected or used and the implication of ... designating something as ‘incognito,’” she said. “You need to be very clear about what is being collected, and make sure that what you think you are presenting is what is being received by the reasonable consumer.”

It's “no secret” that Paxton “wants to pursue Big Tech for all sorts of violations,” and the Google settlement is consistent with that message, said Singer. “But more importantly … this is a strong indication and more proof that Texas is going to position itself as a leader in privacy enforcement going forward.” It’s not just Big Tech companies that should pay attention, Singer added. “While Big Tech obviously has the most eye-popping numbers attached to it, those are certainly not the only cases that the office is bringing. … There is no industry that is safe from the reach of Ken Paxton’s privacy team.”

Electronic Frontier Foundation Staff Attorney Mario Trujillo agreed the settlement is solidifying Texas as a privacy enforcer. "For many years, Illinois alone set the standard for biometric privacy with its strong law that allows consumers to defend their own rights in court,” he said. “In the past few years, Texas has started enforcing its own laws. With the absence of a comprehensive federal privacy law, states should continue to fill the gap.”

"Companies need to know they can't disregard the privacy of consumers' biometric and location data,” added Trujillo: The Texas “settlement helps send that message.”

Kagan agreed that Illinois has on biometrics, but “joining the fray are the recent Colorado [Privacy Act] biometrics amendment as well as recent AG actions for the use of biometrics for identification under state consumer protection laws.” It's important for businesses to ensure they only use data that's needed, "do a full risk assessment, collect and retain the minimum, and provide notice and choice."

She added that the “settlement emphasizes that it needs to be abundantly clear to the user that their location is being collected" and how to stop it. "If the options to turn off the location collection are confusing or ineffective or if you think something is not collected, but actually it is… regulators will be coming after you.”

Singer said businesses shouldn’t “get caught up in the fact that” Texas has a comprehensive privacy law, since the Google settlement didn’t involve that statute. “Deceptive trade practice theories still apply to all businesses operating in the state.” Expect Texas to continue using preexisting statutory frameworks “in addition to this new privacy law as they pursue enforcement.”

This settlement comes less than a year after another $1.4 billion settlement between Texas and Meta, in a case alleging the social media company captured biometric information in violation of state law (see 2407300030). “In Texas, Big Tech is not above the law. For years, Google secretly tracked people’s movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won,” said Paxton in Friday's press release. “This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust."

In an emailed statement, a Google spokesperson said the flagged policies have already been changed. “This settles a raft of old claims, many of which have already been resolved elsewhere, concerning product policies we have long since changed,” the statement said. “We are pleased to put them behind us, and we will continue to build robust privacy controls into our services”

While the Center for Democracy and Technology doesn’t think Texas' privacy law isn't strong enough, it appreciates vigorous enforcement, said Nathalie Marechal, CDT privacy and data project co-director. “Like any other area of law, statutory privacy protections are only as good as their enforcement.”