Google promised to tell you before handing your data to the feds. Spoiler: it didn't.

Here is a fun thought experiment: imagine a company promising billions of people it would give them a heads-up before sharing their personal data with law enforcement. Now imagine that same company quietly handing that data over to immigration authorities without so much as a courtesy notification. Wild, right? Apparently not wild enough to be fictional.

The Electronic Frontier Foundation (EFF) has formally asked the attorneys general of California and New York to investigate Google for deceptive trade practices, according to reporting from The Verge. The core accusation is straightforward and pretty damning: Google has spent nearly a decade telling users it would notify them before disclosing their personal information to law enforcement agencies. And then, allegedly, it just... didn't.

The case that kicked this off

The situation came to a head around the case of Amandla Thomas-Johnson, a former PhD candidate whose data Google reportedly handed over to ICE without the promised notification. This is not a minor clerical error. This is the kind of thing that can upend someone's life - and it raises serious questions about whether Google's privacy promises are marketing copy or actual policy.

The EFF's letter to both state attorneys general frames this as a straightforward consumer protection issue: if Google told users one thing and did another, that is, legally speaking, deceptive. California and New York are historically the states most likely to actually do something about that kind of allegation, which is presumably why the EFF aimed there first.

Why this should bother everyone, not just the obvious targets

It is tempting to think of this as someone else's problem. But the privacy promise Google allegedly broke was not made to a select group - it was made to billions of users. That includes you, your family, your group chats, your search history about that weird rash, all of it. The agreement most people assume they have with Google - that they would at least be warned before their data gets handed to federal agencies - may be worth considerably less than advertised.

Immigration enforcement is the flashpoint here, but the underlying issue is much broader: can you trust that a platform's stated privacy commitments are actually enforced when it matters, or do they evaporate the moment a government agency sends a request?

The EFF is betting that state-level consumer protection law is the lever to force an answer. Whether California or New York's attorneys general agree is now the key question. Either way, Google has some explaining to do.