Eff pushes back on Google data scandal response: ‘Google screwed up’

At a glance:

• The Electronic Frontier Foundation filed legal complaints accusing Google of deceptive trade practices for handing over a user’s data without notice.
• Google says it notifies users unless a legal order or an exceptional circumstance applies, but the EFF says none of those exceptions fit.
• An ICE subpoena targeting PhD student Amandla Thomas‑Johnson led to Google’s data hand‑off without prior user notification.

What happened

The Electronic Frontier Foundation (EFF) recently lodged legal complaints against Google, alleging that the company violated its own privacy policies and engaged in deceptive trade practices. The complaints center on a subpoena issued by Immigration and Customs Enforcement (ICE) that sought the account data of Amandla Thomas‑Johnson, a foreign PhD student who attended a pro‑Palestine protest at Cornell University. According to the student, Google complied with the ICE request and transferred the data to authorities without providing any prior notice.

Google’s response

In a statement to Android Authority, a Google spokesperson explained the company’s standard procedure: “All subpoenas undergo a review process designed to protect user privacy while meeting our legal obligations. We inform users when their accounts have been subpoenaed, unless under legal order not to or in an exceptional circumstance. We push back against those that are overbroad, including objecting to some entirely.” The spokesperson emphasized that Google does object to overly broad requests and that notifications are the norm unless a specific legal restriction applies.

EFF’s rebuttal

F. Mario Trujillo, Senior Staff Attorney at the EFF, contested Google’s claim that an exception applied. He told Android Authority, “The subpoena targeting Amandla did not fit any of Google’s exceptions. Google screwed up, and it needs to own its mistakes. There was no gag order, Amandla’s personal account was targeted, the investigation did not involve child safety or threats to life, and his account was not hijacked.” Trujillo’s assessment underscores that the known exceptions—such as national security orders, child‑safety investigations, or account hijacking—were not present in this case.

Legal and policy implications

If the EFF’s complaints succeed, Google could face regulatory scrutiny for breaching its own transparency commitments. The case also highlights a broader tension between tech companies’ privacy promises and the realities of law‑enforcement data requests in the United States. Future litigation may force clearer statutory guidance on when companies can lawfully withhold user notifications, potentially reshaping industry‑wide data‑hand‑off practices.

What to watch next

The EFF has not yet disclosed the exact legal filings, but observers expect the complaints to be filed in federal court soon. Google has not responded to follow‑up questions about which specific exception it believes applies. Stakeholders—including privacy advocates, lawmakers, and other tech firms—are likely to monitor the outcome closely, as it could set a precedent for how “exceptional circumstances” are interpreted in future subpoenas.