believing in Web & App Activity
Google’s decision to split its privacy toggles is not merely an act of user-centric goodwill; it is a calculated response to a devastating series of legal and regulatory defeats. Chief among these is the monumental class-action lawsuit Rodriguez v. Google LLC (Case No. 3:20-cv-04688-RS) in the U.S. District Court for the Northern District of California.
In September 2025, a federal jury found Google liable for systematically violating the privacy of over 98 million users, awarding a historic $425 million in compensatory damages (which accrued to over $440 million by March 2026 with interest). The lawsuit exposed a glaring contradiction in Google’s data practices: even when users had explicitly paused their “Web & App Activity” or “supplemental Web & App Activity” (sWAA) settings, Google continued to harvest and log their personal data from third-party mobile applications. This was achieved through embedded Google software code, such as Firebase, which siphoned user activity and organized it for analytics and product development behind the scenes.
The presiding judge noted that Google’s public-facing privacy statements and