Privacy litigation keeps rising
Google agreed to a $135 million settlement over alleged Android cellular‑data harvesting and has opened claims for eligible U.S. users. (newsweek.com) At the same time, PNC, U.S. Bank and Wells Fargo are facing proposed class actions accusing them of sharing website visitors’ financial data in ways that may violate California privacy law. (news.bloomberglaw.com) Together these moves highlight that analytics and tracking plumbing on customer‑facing sites are increasingly a legal and financial risk. (androidauthority.com)
# Privacy litigation keeps rising Google has opened the door to payouts in a $135 million settlement over claims that Android phones used people’s cellular data in the background without proper consent, while PNC, U.S. Bank, and Wells Fargo are now facing new proposed class actions over alleged tracking of visitors on their websites. Put together, the cases show how ordinary data plumbing, the software that quietly moves information from a phone or webpage to outside companies, is turning into a recurring legal bill. (newsweek.com) (news.bloomberglaw.com) (androidauthority.com) The Google case is about a simple idea with expensive consequences: a device can send tiny packets of data so often that users never notice the traffic, but the company receiving it can still learn a great deal. Plaintiffs in *Taylor v. Google LLC* said Android devices transmitted information even when phones were idle and apps were closed, using data people had paid their mobile carriers to provide. (courtlistener.com) (classaction.org) That kind of background transfer matters because cellular data is not just a technical resource; it is a metered product people buy each month. The lawsuit alleged Google effectively consumed part of that paid allotment for its own purposes, which turned a privacy complaint into a money claim that was easier to quantify in court. (classaction.org) (theclassactionlawsuit.com) The settlement now moving through federal court would cover Android users in the United States outside California who used a device with cellular internet access from November 12, 2017 until final judgment. Reports tied to the settlement say the class could exceed 100 million people, which helps explain why a very small amount of data per phone can still produce a very large headline number. (classaction.org 1) (classaction.org 2) Google has denied wrongdoing, but it agreed to the $135 million deal and a claims process is now live for eligible users. News reports on April 8, 2026 said users can go to the settlement site, choose a payment method, and receive a prorated amount rather than a fixed check. (newsweek.com) (androidauthority.com) (cnet.com) The bank cases involve a different pipe carrying a different kind of information, but the legal theory has a familiar shape. The new complaints say PNC, U.S. Bank, and Wells Fargo used website tracking tools that sent visitors’ financial information to third parties without consent, including data tied to what people viewed or entered on bank websites. (news.bloomberglaw.com) That accusation lands differently when the website belongs to a bank. A retailer sharing what shoes you clicked is one thing; a bank website allegedly sharing information connected to account activity, transactions, or loan pages raises the stakes because the data is more sensitive and the institutions are already expected to operate under tight confidentiality norms. (news.bloomberglaw.com) The California law at the center of the bank suits is the California Invasion of Privacy Act, a statute that has become a favored tool for plaintiffs challenging online tracking. In recent years, lawyers have used it against companies that deploy session-replay software, chat widgets, pixels, and other tools that can capture or transmit what a visitor does on a webpage. (news.bloomberglaw.com) What changed is not that companies suddenly began measuring user behavior in 2026. What changed is that courts, plaintiffs’ firms, and regulators have spent several years turning invisible analytics code into something more like a recorded phone line, where the question is no longer whether data moved, but whether the user knew who was listening when it moved. (news.bloomberglaw.com) (courtlistener.com) That is why these two stories belong together. Google’s case focuses on data leaving a device over a paid cellular connection, while the bank cases focus on data leaving a webpage through tracking scripts, but both turn on the same operational habit: collecting first, disclosing later, and explaining last. (newsweek.com) (news.bloomberglaw.com) For companies, the risk is no longer limited to a regulator’s fine years down the road. A single implementation choice, such as leaving a software development kit on a phone or a tracking tag on a login page, can now trigger litigation costs, settlement funds, notice programs, and reputational damage across millions of users at once. (androidauthority.com) (news.bloomberglaw.com) For users, the practical lesson is narrower but clearer than most privacy debates. The fight is less about dramatic hacks than about routine background sharing, the ordinary code that keeps apps measured, ads targeted, and websites optimized, and that routine code is increasingly what courts are being asked to price. (newsweek.com) (androidauthority.com)
