Electronic Frontier Foundation has challenged Google over the company’s handling of a user data request tied to U.S. authorities, arguing that the privacy policy Google presents to the public did not appear to be followed in this case. The digital rights group says the issue goes beyond a simple procedural exception and raises a broader question about whether users can rely on the protections Google says it offers.
At the center of the dispute is the claim that Google handed over account data without notifying the account holder in advance. EFF says that silence matters because Google’s published privacy policy says users are generally informed before their information is shared with the government.
The complaint came after Google complied with a subpoena from Immigration and Customs Enforcement, or ICE. The request sought data connected to Amandla Thomas-Johnson, a foreign doctoral student who was said to have attended pro-Palestinian demonstrations at Cornell University.
Thomas-Johnson said Google did not send any notice before the data was delivered. That allegation became the basis for EFF’s argument that Google failed to honor the expectation it created through its own privacy language.
Google, for its part, says every subpoena goes through a review process. A company spokesperson told Android Authority that the process is meant to protect user privacy while still allowing Google to meet legal obligations, and that notice is usually provided when an account is the subject of a subpoena.
The company also said there are situations in which notice is not sent. Those include cases where a legal order prohibits notification or where exceptional circumstances apply. Google added that it pushes back against requests it views as overly broad, including some that are rejected outright.
EFF disputes that explanation in this case. F. Mario Trujillo, senior staff attorney at EFF, said the subpoena involving Thomas-Johnson did not fit the exceptions Google described. He argued that the issue is not a matter of interpretation but a failure to follow the company’s own rule.
Trujillo also said there was no gag order involved. He noted that the account was personal, the investigation was not related to child safety or a threat to life, and the account was not being hacked. In EFF’s view, those facts weaken any claim that Google had a valid basis to bypass notification.
That criticism has drawn attention because it touches a larger concern about the gap between privacy promises and actual handling of government requests. If a company says notice is the default, but users do not receive it in cases that appear ordinary, that can undermine confidence in how the policy works in practice.
Android Authority has asked Google for more detail about which exception it believed applied. At the time of reporting, the company had not provided a specific answer, leaving the dispute without clear public resolution.
For EFF, the matter is not only about one subpoena but also about transparency and consistency. The organization says Google should acknowledge the mistake openly rather than describe it as a routine exception, because the public statement in its privacy policy sets an expectation that users will be alerted before their data is shared with the government.
Source: www.androidauthority.com
