During the week of 7-13 of July 2024, Google has been sentenced to pay US$314.6 million to 14 million Android users in California. In the case Attila Csupo et al. v. Google LLC, Case No. 19CV352557, in Superior Court of the State of California, County of Santa Clara, the jury found the company liable for transmitting user data from idle devices without permission.
According to Yahoo News reported on July 15, 2025 this case arose from a 2019-styled class action suit posed by nearly 14 million Android users of California. Indeed, since 2016, Google had been collecting user data-with a primary cast of advertising and analytical intent-without an adequate consent being given. The suit also claims that data transfers continued unbeknownst to the user when no active use of the device was occurring, thus siphoning away mobile data through background processes, which users themselves believed they had turned off.
While the plaintiffs said that Google’s unlawful use of their mobile data is a violation of a California law, the defendant responded to say, it consistently revealed these transfers and obtains consent for them, including via user controls. It considered further that, given the immense advantage users gain, acts of transferring data should not be restricted to Wi-Fi. Despite Google decision to appeal against this judgment, it marks an unyielding statement passed by the jury-paralleling the plaintiffs-on Tech Giants to respect user choices. This case, whose compensation will only benefit to plaintiffs residing in the state of California, is likely to set a precedent for future cases. In particular, it could guide judges in the case scheduled for April 2026 involving Google (again) on charges of illegally processing data of millions of users, this time residing in the rest of U.S.
This issue has brought the central question of personal data ownership back into the spotlight. As a result, the State of California has established a new principle that extends the protection of personal data beyond the use of an internet-connected device. Indeed, it appears that whether collected online or not, the data processor must clearly inform the owner of the data collected. This is even more crucial when the data is collected for advertising purposes. It is part of respecting fundamental human rights and company’s duty to ensure this, « and not just pay lip service to it » according to Law360.
What about Africa?
Although the African continent’s share is not specifically mentioned in the 2024 annual revenue reports of Meta, Google, and Apple, there is no doubt that the African market accounts for a considerable percentage. However, it must be noted that the personal data market still seems to be a free-for-all where Big Tech companies can use it with complete peace of mind. Various African countries have enacted their national laws on data protection, many of them having resorted to extensive frameworks like the European Union’s General Data Protection Regulation (GDPR) as a reference. Kenya’s Data protection act, Nigeria’s NDPR, or South Africa’s POPIA among many others, derive basic principles from the GDPR, including data subject rights and the duties of data controllers. However, having these frameworks only constitutes the first step. It is therefore crucial to strengthen personal data protection agencies but above all, to increase the citizenry’s awareness of the meaning of these rights, so that they will be able to identify violations and to hold infringing companies accountable.
Some cases along these lines have been identified, notably in Kenya, but also in Nigeria, where in 2024, investigations conducted by the Federal Competition and Consumer Protection Commission (FCCPC) in collaboration with the Nigeria Data Protection Commission (NDPC) led the court to hold Meta liable for ‘sharing Nigerians’ personal data without authorization and denying Nigerians the right to determine how their data is used.’ Meta has therefore been fined $220 million. An appeal of this decision, initiated by Meta in April 2025 has been dismissed by the Consumer and Competition Protection Tribunal (CCPT).
It is more necessary than ever to hope that cases like these will multiply across the continent. So African laws will be respected to the same extent as it is globally, and personal data, as part of fundamental human rights, will receive the same level of protection… here in Africa as elsewhere.
Add a Comment