Disclaimer: This article is for informational purposes only. The Rodriguez v. Google LLC verdict and all figures cited, including the $425.7M jury award, are drawn from public court records and verified reporting. Google has appealed the verdict; no class member payments have been finalised as of April 2026. DesiDaily is not affiliated with Google LLC. Nothing here constitutes legal advice.
Image Credit: Leonardo AI
News Summary
- Google's Web and App Activity setting records every search, location visit, voice command, and app interaction by default for every signed-in user.
- In September 2025, a federal jury ordered Google to pay $ 425.7 million after finding that it continued collecting data from nearly 100 million users who had already turned this setting off.
- The collection pathway used Google's Firebase SDK, a developer toolkit embedded in approximately 1.5 million mobile applications, which operated independently of account privacy controls.
- Google also offers Privacy Checkup, My Activity, and Google Takeout, three free tools that provide genuine control over personal data and that most users have never once visited.
- You can delete years of stored activity, activate automatic deletion timers, and download a full copy of everything Google holds about you, at no cost, in under two minutes.
A federal jury confirmed what millions of people had long suspected. Google recorded their personal data even after they had explicitly said to stop. Here is the setting at the centre of that 425 million dollar verdict, and exactly what you should do about it right now.
The full story: what actually happened
The setting is called Web and App Activity. It lives inside your Google Account under Data and Privacy, and it has been running silently since the day you created your account.
Every search query. Every route you navigated on Maps. Every YouTube video you played. Every application you opened on an Android device. All of it feeds into one master profile, timestamped, categorised, and stored without an expiry date. Google's Safety Center confirms this is enabled by default for every signed-in user globally.
Most people never know the setting exists. Not because Google concealed it. Because no one showed them where to look.
On September 3, 2025, a federal jury in San Francisco delivered a verdict that forced this conversation into the open. In the case of Rodriguez v. Google LLC, the jury ordered Google to pay 425.7 million dollars in damages after finding the company had collected personal data from nearly 100 million users who had already disabled their Web and App Activity settings.
The mechanism was Google's Firebase SDK, a software development toolkit embedded in roughly 1.5 million mobile applications. It collected user data, including page location signals, referrer information, and in-app interaction details, operating independently of any privacy settings users toggled in their Google Account. Users turned the privacy control off. Data continued flowing through a channel most users never knew existed.
The verdict in plain English
Users adjusted their privacy settings and reasonably believed that the adjustment would be honoured. A federal jury found that Google continued collecting data through a separate infrastructure pathway. The court described this as a violation of the reasonable expectation of privacy users held when they made that change. Google has appealed the verdict. As of April 2026, no payment to class members has been finalised, with the earliest possible claims period projected for late 2026 or beyond.
For a broader understanding of how large technology companies handle personal data across their AI products, see our analysis of how Claude AI is reshaping the software landscape in 2026 and what that shift means for data ownership going forward.
Why this matters: the bigger picture on digital privacy
This is not a story about corporate wrongdoing in the conventional sense. It is a story about a gap between what a privacy setting promises and what happens at the infrastructure level underneath it.
Research published in Frontiers in Computer Science in August 2025 found that the vast majority of Google users remain unaware of the granularity of location and behavioural data collected across the company's services. Awareness, the researchers concluded, is the first and most meaningful step toward informed digital privacy control.
Google states clearly in its Privacy Policy that it does not sell your personal data to third parties. That distinction is both accurate and important. The data powers advertising targeting within Google's own ecosystem rather than being sold to outside buyers. But the behavioural profile it constructs is detailed to a degree that surprises most users when they encounter it directly.
A real example of cross-platform data linking
You searched for back pain remedies. You watched a YouTube video about career changes. You navigated to a pharmacy using Google Maps. Those three data points are linked under a single user profile and drive targeted advertising across Search, YouTube, Gmail, and millions of third-party websites within Google's advertising network. This is how personalised advertising at scale actually functions.
The 425 million dollar verdict reframes this reality. Adjusting your privacy settings genuinely reduces cross-platform profiling. The Firebase SDK case revealed that those settings have limits at the infrastructure level that were not disclosed to users. Understanding both sides of that equation is what genuine informed control looks like in 2026.
This question of data control also connects directly to the rise of AI tools that store and learn from your conversations over time. Our coverage of Anthropic's 2026 IPO and evolving AI data practices provides important context for anyone monitoring this space.
What most technology guides miss: the angle competitors undersold
Here is the detail most privacy articles skip entirely. Turning Web and App Activity off does not delete anything already stored in your account.
Disabling the setting stops Google from adding new activity to your unified cross-platform profile. But every search query, Maps navigation, and voice interaction recorded before that change remains in your account until you actively delete it through My Activity or set Auto-Delete to handle older data on a rolling basis.
Most guides tell you to turn the setting off and stop there. That is only half the action required. Clearing what is already stored is a separate step that requires visiting a different part of your account entirely.
There is also a second, newer data store that almost no coverage has addressed. Google's AI assistant, Gemini, now stores your conversation history by default to personalise future responses. This Gemini Apps Activity sits inside the same Data and Privacy dashboard, largely unreviewed by the users generating it every day.
The data scale that most users do not expect
One journalist who exported their complete Google data archive via Google Takeout found it spanned 36 products, totalled 63.6 gigabytes, and arrived as three separate archive files. Abstract discussions about data collection become concrete very quickly when the download lands in your inbox.
Google's Dark Web Monitoring Tool, which previously alerted users when their personal information appeared in known data breaches, was quietly shut down in February 2026. Google deleted users' stored monitoring data at the point of shutdown. Anyone who relied on that service now requires a third-party alternative for breach monitoring.
This feeds into the wider transformation examined in our piece on how AI is reshaping what organisations know about individuals and who holds meaningful authority over that knowledge.
Here is exactly where to find it right now
This process takes under 90 seconds. The exact path differs slightly between desktop and mobile.
On desktop
Go to myaccount.google.com and sign in with your Google credentials.
Click Data and Privacy in the left-hand sidebar.
Scroll to History Settings. You will find Web and App Activity, Location History, and YouTube History listed here.
Click any setting to review its sub-controls, adjust your preferences, or disable it entirely.
On mobile, Android or iPhone
Open the Google app and tap your profile picture in the top right corner.
Tap Manage your Google Account.
Swipe across to the Data and Privacy tab.
Tap Web and App Activity under History Settings to access and adjust every available sub-control.
The settings breakdown: what to adjust and why
Not every switch requires turning off. Some settings meaningfully improve your daily experience. Others, depending on your personal threshold for data collection, warrant closer consideration. Here is a clear account of what each one does.
| Setting | What it does | Recommendation |
|---|---|---|
| Web and App Activity | The master switch. Records all activity across Google services to build your unified personalisation profile. | Your call |
| Chrome History | Logs every website you visit in Chrome while signed into your Google Account. | Consider off |
| Voice and Audio Activity | Stores audio clips from Google Assistant interactions. Human reviewers at Google may access these clips before a 7-day automatic deletion. | Consider off |
| Visual Search History | Saves images scanned through Google Lens, which may include accidental captures of personal documents, faces, or sensitive materials. | Consider off |
| YouTube History | Records every video you watch and every search you conduct on YouTube. | Your call |
| Location History | Tracks every place you visit, every route you travel, and the time spent at each location. | Consider off |
| Auto-Delete | Automatically removes stored activity older than 3, 18, or 36 months on a continuous rolling basis. | Turn on |
Recommended: configure Auto-Delete immediately
Set Auto-Delete to 3 months if protecting your privacy is the priority. Set it to 18 months if you want Google's recommendations to remain reasonably relevant. Either setting represents a substantial improvement over the default, which stores everything indefinitely for the life of your account with no expiry date applied.
You may also like
AI in Warfare: What It Can Do, and What Keeps Experts Up at Night
How artificial intelligence is reshaping modern conflict and who controls it.
24,000 Accounts, One AI Target: The Claude Security Incident Explained
What happened, what it revealed about AI platform vulnerabilities, and what users should know.
Three free tools Google built that almost nobody uses
Privacy Checkup: the guided review most users skip
Google built a guided tool that walks you through your entire privacy configuration in one sitting. You access it directly at myaccount.google.com/intro/privacycheckup. No download is required. It is already inside your account and takes approximately three to five minutes to complete.
Google's Safety Center documentation describes it as a structured way to review what data is saved, update what you share publicly, and manage the categories of advertising you see. At the end of each section, a Set a Reminder option allows Google to email you every three or six months with a direct link back to your settings. Most users have never noticed that this option exists.
Google updates its products and privacy settings regularly. A configuration you reviewed twelve months ago may now include additional options. Running Privacy Checkup twice a year takes less time than a coffee break and keeps your account genuinely current.
My Activity: the complete record of your Google history
Visit myactivity.google.com to see the full extent of what Google has retained. Every search query. Every application is open. Every video played. Organised chronologically by date, time, and product. Fully searchable, fully filterable, and entirely deletable by you at any point.
Google's Account Help documentation confirms you can remove individual items, all activity within a defined time range, or your entire stored history in a single action. You can also require a verification step before any access to the full log, which is particularly relevant for shared or household devices.
Most people who visit My Activity for the first time describe the same reaction. They had no idea the record was that extensive. The data was collected with consent embedded in account sign-up terms, but the scale only becomes real when you see it displayed in front of you. Now you know exactly where to look.
Google Takeout: download everything they hold about you
Go to takeout.google.com. Select any or all of the available Google products. Request a full archive of your personal data covering Search history, Gmail messages, Google Drive files, Maps location timeline, YouTube watch history, Chrome bookmarks, Google Photos, Calendar entries, Contacts, Google Pay transaction records, and more.
Important: exporting is not the same as deleting.
Downloading a Takeout archive gives you a personal copy of your data. It does not remove that data from Google's servers. To delete what is stored, you must take a separate action through My Activity or the individual product settings within your account. The archive is a record for your own reference, not a removal from Google's systems.
Google Takeout was launched in 2011 by Google's Data Liberation team and covers data across 36 or more products. It remains one of the most substantive user data portability tools offered by any major technology company and one of the least used.
The Gemini memory setting that most users have not yet checked
In late 2025, Google introduced a memory feature within its AI assistant, Gemini. By default, Gemini retains context from your past conversations, including stated preferences, recurring topics, and personal details you have mentioned, and uses that context to personalise future responses.
To review this setting, navigate to myaccount.google.com, click Data and Privacy, and locate Gemini Apps Activity. You can review retained content, delete individual conversations, or disable the feature entirely from the same dashboard you now know how to use.
WebProNews reported in their 2026 privacy controls review that this feature is active by default and that most users have not thought to examine it. As AI assistants become more deeply embedded in daily workflows, this category of stored conversational data is likely to grow in both scale and significance.
For further reading on the data implications of AI tools operating at enterprise scale, our breakdown of the Microsoft 10 billion dollar Japan AI deal and its data conditions is directly relevant.
You may also like
Imagine Opening Your Monthly AI Bill and Seeing This Number
The hidden costs of AI tools are compounding faster than most users realise.
The Secret Revenue Streams Powering Big Tech, and What They Mean for You
Free products are never actually free. Here is how the business model really works.
What iPhone users and families need to know
If you use Google on an iPhone
Apple's App Tracking Transparency framework, introduced in iOS 14.5, restricts cross-application ad tracking by third parties. It does not restrict what Google collects inside its own applications on your device.
When you use Google Maps, Google Search, Gmail, or YouTube on an iPhone, that activity routes back to your Google Account exactly as it would on an Android device. Your Google Account privacy settings govern that data collection, not your iPhone settings. The path to adjust this is identical: myaccount.google.com, then Data and Privacy.
A common misconception worth addressing
Apple's privacy features protect you from cross-application advertising tracking by unknown third parties. They do not protect you from data collection within Google's own applications. Those two things are separate, governed by separate systems, and require separate actions to address.
If you manage a child's Google Account
Google Accounts for children under 13 in the United States are supervised through the Family Link system. These accounts carry more restricted advertising defaults, but their YouTube watch history, Search activity, and Maps usage are still logged and stored.
Parents can review and manage these settings through the Family Link app at families.google.com. Navigate to your child's account, tap Manage Settings, then Google Services, to see what is being recorded. Auto-Delete can be applied to a supervised account in exactly the same way as an adult account.
If you configured a child's Google Account several years ago and have not revisited its privacy settings since, this is an appropriate moment to do so. Our guide on protecting children from social media and online data exposure covers the broader parental considerations in this space.
What happens next: legal trajectory and regulatory outlook
Google has filed an appeal against the 425.7 million dollar Rodriguez verdict. As of April 2026, the appeals process is ongoing, and no payment to affected class members has been authorised. Legal analysts expect the earliest possible claims period to fall in late 2026 at the soonest, with outcomes contingent on how the appeal proceeds through the federal court system.
The Firebase SDK data collection issue is subject to parallel scrutiny outside the United States. Data protection regulators operating under the European Union's General Data Protection Regulation, as well as authorities in the United Kingdom and Canada, have opened or expanded investigations into how software development toolkits embedded in third-party applications interact with consumer privacy settings declared at the account level.
Google faces ongoing examination from the Federal Trade Commission regarding its data practices more broadly. Industry observers expect the company to introduce more granular controls around SDK-level data collection as part of both its legal positioning and its regulatory compliance obligations in the year ahead.
The expansion of Gemini's memory and personalisation capabilities will also introduce new questions about what constitutes meaningful user consent when AI systems retain conversational context across sessions. This connects to the wider shift examined in our analysis of quantum computing and the future of digital security.
What you need to know right now
Key facts at a glance
- 425.7 million dollars: the jury verdict against Google for collecting data from users who had disabled Web and App Activity.
- Approximately 100 million users were affected by Firebase SDK data collection in Rodriguez v. Google LLC.
- 1.5 million mobile applications embed Google's Firebase SDK, the secondary collection pathway at the centre of the 2025 verdict.
- 36 products are covered by Google Takeout, including Gmail, Maps, YouTube, Photos, Chrome, Contacts, Calendar, and Google Pay.
- 7 days is the retention window for Google Assistant voice clips before automatic deletion. Human reviewers may access those clips within that window.
- February 2026 was when Google shut down its Dark Web Monitoring Tool and deleted users' stored monitoring data at the point of closure.
- 90 seconds is how long it takes to reach Web and App Activity and configure Auto-Delete starting today.
The setting was always there. Now you know what to do with it.
Google did not conceal these controls. They are clearly labelled, freely accessible, and genuinely powerful when used. The problem was never secrecy. It was that the default configuration was built to serve Google's operational and commercial interests first, and your personal privacy preferences second.
The 425 million dollar verdict was not a straightforward condemnation of Google as a company. It was a legal ruling that the gap between what a privacy setting promises and what happens at the infrastructure level beneath it can be both measurable and legally actionable. That distinction matters whether you hold privacy as a core concern or simply want to understand what is actually happening with your data.
Privacy Checkup, My Activity, Gemini Apps Activity, Google Takeout, and Auto-Delete are all available at no cost, already inside your account, and most users have not opened a single one of them. The knowledge to act on all of this is now in your possession.
Here is the question worth sitting with. Google built these controls for you. A federal jury confirmed they are significant enough to litigate over at the scale of hundreds of millions of dollars. Why has yours been sitting unopened in your account all this time?
One action, right now
Open myaccount.google.com, go to Data and Privacy, and locate Web and App Activity. It takes 90 seconds. You will know exactly what is being stored about you, and you will finally be the one in control of it.
Read next
The Quiet Reset Inside Meta: Why the Shift Is Bigger Than You Think
What is really happening inside Meta's platforms and what it means for users and advertisers.
An AI Version of You After Death: Inside the Companies Making It Possible
Digital afterlife technology is moving faster than most people realise, raising urgent questions about data and consent.





