Consumer Protection

A $135 million Google settlement received preliminary court approval on March 5, 2026, resolving class action allegations that Google unlawfully surveilled and collected private information from cellular data purchased by Android users. The settlement covers over 100 million Americans, with payouts of up to $100 per person. As part of the settlement, Google will be required to obtain users' affirmative consent before using cellular data.

In early March 2026, the #QuitGPT boycott movement exploded from 300,000 to over 2.5 million participants following OpenAI's Pentagon military AI deal. ChatGPT app uninstalls jumped 295% day-over-day and one-star reviews surged 775%. On March 3, approximately 50 protesters gathered outside OpenAI's San Francisco headquarters with signs reading 'Sam Altman is watching you' and 'QuitGPT.' Meanwhile, competitor Claude rose to #1 on the App Store, reaching 11.3 million daily active users.

On February 11, 2026, California AG Rob Bonta announced the largest CCPA settlement to date with Disney. The company's opt-out webform only stopped sharing through Disney's own ad platform while continuing to sell data to third-party ad-tech companies. Disney failed to provide in-app opt-out in streaming apps, ignored device-specific Global Privacy Control signals for logged-in users, and required bundle subscribers to opt out up to 10 separate times to fully stop data sharing.

In February 2026, after FEC filings revealed Greg Brockman's $25 million combined donations to MAGA Inc., the QuitGPT boycott movement launched on February 5, 2026. The boycott attracted over 300,000 participants and was endorsed by actor Mark Ruffalo. The movement focused on Brockman's political donations and OpenAI's partnerships with ICE/DHS. It became part of a broader 'Resist and Unsubscribe' campaign organized by NYU Professor Scott Galloway targeting 10 tech companies.

In January 2026, Snap Inc. settled a bellwether case just days before trial, in which a 19-year-old woman and her mother alleged she developed mental health problems after becoming addicted to Snapchat. The suit accused Snapchat of engineering features like infinite scroll, Snapstreaks, and recommendation algorithms that made the app nearly impossible for kids to stop using, leading to depression, eating disorders, and self-harm. The settlement terms were confidential. The broader MDL included over 2,243 plaintiffs as of January 2026.

The FTC announced a proposed order to settle allegations that cryptocurrency company Nomad (Illusory Systems Inc.) failed to implement adequate security measures leading to a breach in which hackers stole $186 million from customers. The FTC alleged that Nomad prominently touted its security in advertising, claiming 'security-first' services, but failed to live up to these promises by failing to use secure coding practices, implement processes for receiving and addressing vulnerability reports, respond to security incidents, or utilize widely known technologies that might have helped mitigate consumer losses.

Google agreed to pay $68 million to settle class action claims that Google Assistant-enabled devices (Google Home, Nest Hub, Pixel phones) surreptitiously recorded users' private conversations without consent. The recordings occurred due to 'false accepts' — the device mistakenly activating and recording when no wake word was spoken. Final approval hearing is scheduled for March 19, 2026.

On January 21, 2026, Cisco disclosed a critical code injection vulnerability (CVE-2026-20045, CVSS 8.2) affecting Unified Communications Manager, Webex Calling, and related products that was actively exploited as a zero-day before a patch was available. The vulnerability allowed attackers to send crafted HTTP requests to obtain user-level access to the underlying operating system and escalate privileges to root. Cisco's PSIRT was aware of attempted exploitation in the wild. The U.S. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and gave federal agencies until February 11, 2026 to deploy updates. The zero-day status indicates attackers discovered the vulnerability before Cisco's security teams, representing a failure to identify and remediate critical vulnerabilities before exploitation.

42 State Attorneys General issued a letter to Google (along with other large technology companies) about the rise in sycophantic and delusional outputs from generative AI software. The letter highlighted that generative AI software has been involved in at least six deaths in the United States, and other incidents of domestic violence, poisoning, and hospitalizations for psychosis.

42 State Attorneys General issued a letter to Meta (along with other large technology companies) about the rise in sycophantic and delusional outputs from generative AI software. The letter highlighted that generative AI software has been involved in at least six deaths in the United States, and other incidents of domestic violence, poisoning, and hospitalizations for psychosis.

42 State Attorneys General issued a letter to Microsoft (along with other large technology companies) about the rise in sycophantic and delusional outputs from generative AI software. The letter highlighted that generative AI software has been involved in at least six deaths in the United States, and other incidents of domestic violence, poisoning, and hospitalizations for psychosis.

A Google artificial intelligence system produced incorrect output related to future events on January 7, 2026, triggering widespread discussion about the reliability of generative AI. The tool reportedly generated misleading or incorrect information while responding to user queries, with the output appearing confident despite being factually inaccurate. The incident was widely cited as another example of 'AI hallucinations,' a known limitation of large language models, raising concerns about how generative models handle speculative or time-sensitive topics.

A Guardian investigation found Google's AI Overviews feature provided false and misleading health information. Google advised pancreatic cancer patients to avoid high-fat foods - the exact opposite of correct guidance that could jeopardize tolerance of chemotherapy or surgery. Additional errors included incorrect liver blood test ranges and wrong cancer screening information. Health charities Pancreatic Cancer UK, British Liver Trust, Mind, and Eve Appeal raised alarms. Google subsequently removed AI Overviews for some medical queries but only partially addressed the issue.

In January 2026, Match Group settled a class action for $60.5 million over age-based pricing that charged users 30+ nearly double ($19.99 vs $9.99/month) for Tinder Plus since 2015. The California Court of Appeal ruled in 2018 it was an 'arbitrary, class-based generalization.' The practice continued for a decade while litigation proceeded, affecting ~268,000 California users.

In December 2025, Zoox issued a voluntary recall of 332 vehicles after its autonomous driving system caused robotaxis to cross center lane lines near intersections or block crosswalks. The issue was first identified on August 26, 2025 when a robotaxi made a wide right turn into the opposing travel lane. Zoox monitored data and identified 62 such lane-crossing instances between August and December 2025. This was Zoox's third recall in eight months.

During a December 20, 2025 power outage in San Francisco, Waymo robotaxis stalled across the city, blocking intersections and emergency vehicles. Mayor Daniel Lurie texted Waymo's CEO reporting a car blocking a fire truck from reaching an active fire. In subsequent regulatory proceedings, a judge scolded Waymo after the company refused to disclose how many robotaxis had stalled, claiming the information was a trade secret.

In December 2025, six survivors filed a lawsuit against Match Group after Stephen Matthews (later sentenced to 158 years) remained active on Hinge and Tinder despite being reported for sexual assault in September 2020. One survivor was told Matthews was 'permanently banned' but he was later promoted as a 'Standout' match to other users.

Germany's BaFin imposed new restrictions on N26 in December 2025 after a 2024 special audit found serious deficiencies in risk management, complaint handling, and lending. Restrictions include a ban on new mortgages in the Netherlands, higher capital requirements, and a second special monitor appointment since 2021. The company's funding process was suspended.

NHTSA opened investigation after Waymo vehicles repeatedly passed stopped school buses with red lights flashing and stop arms deployed. Austin ISD documented 20+ citations since August 2025. Company claimed software fix in November but violations continued. Faces potential penalties up to $139M.

In December 2025, a US federal court certified a nationwide class action lawsuit against Ticketmaster, representing millions of consumers who paid allegedly inflated service fees. The class certification enables billions of dollars in potential damages claims. The lawsuit alleges Ticketmaster exploited its monopoly position to charge supracompetitive fees that would not exist in a competitive ticketing market.