According to a federal court decision from February 2025, Google may have unlawfully accessed and analyzed customer service call data through its Cloud Contact Center AI system without proper consent from all call participants. The Northern District of California denied Google’s motion to dismiss in the case Ambriz et al. v. Google LLC (Case No. 3:23-cv-05437), finding that the company’s disclosed technical capability to access and use call data for its own purposes creates a “plausible inference” of violation under California’s Invasion of Privacy Act.
This ruling means the class action lawsuit, originally filed in October 2023, will proceed to the next phase of litigation, potentially exposing Google to significant liability if plaintiffs can prove the company actually improperly used customer call data. The litigation specifically challenges Google’s Contact Center AI technology, which major companies like Verizon, Hulu, GoDaddy, and Home Depot use to handle customer service operations. When customers call these businesses, their conversations may be transcribed and analyzed by Google’s AI system—but the key legal question is whether Google obtained proper consent from all parties on the calls, as required by California law. The court’s decision suggests that the mere existence of Google’s technical ability to access this sensitive data, combined with the company’s terms of service that permit such access, is enough to move forward with the case. As of June 2026, no settlement or final judgment has been announced, but the litigation represents a significant challenge to how AI companies handle voice data from business communications.
Table of Contents
- What Is Google Cloud Contact Center AI and How Did It End Up in Legal Trouble?
- The Court’s “Plausible Inference” Ruling and What It Means for Class Action Litigation
- Which Customers Are Potentially Affected by This Case?
- How Does California’s Invasion of Privacy Act Apply to AI and Cloud Services?
- The Difference Between Technical Capability and Actual Misuse
- The Motion to Dismiss Decision and What Happens Next
- Broader Implications for AI Privacy and the Future of Cloud Services
- Conclusion
What Is Google Cloud Contact Center AI and How Did It End Up in Legal Trouble?
Google Cloud Contact Center AI (GCCCAI) is an artificial intelligence platform designed to assist companies with their customer service operations. It can transcribe phone calls, analyze customer sentiment, provide real-time coaching to agents, and extract insights from conversation data. When customers call companies like Verizon for billing questions or Hulu for account support, their conversations may be processed through this Google system, which generates transcripts and performs AI analysis to help businesses improve service quality and train their staff. The legal trouble began when plaintiffs alleged that Google unlawfully accessed, transcribed, and analyzed these customer service calls without obtaining proper consent from all participants.
Under California’s Invasion of privacy Act (CIPA), it is illegal for a third party to intentionally record or listen to a phone conversation without the consent of all parties on the call. The plaintiffs’ argument is straightforward: if a customer calls Verizon for customer service and that call is processed by Google’s AI system, Google is technically a third party to that conversation. If the customer wasn’t informed that Google would access and analyze their call data, and didn’t consent to it, Google may have violated CIPA. This is different from the company using the call data just for its own customer service purposes—it’s about whether a third party (Google) had legal authority to access the data at all.
The Court’s “Plausible Inference” Ruling and What It Means for Class Action Litigation
The most significant aspect of the federal court’s February 2025 ruling is its focus on “technical capability” rather than proven misuse. The judge found that Google’s disclosed ability to access and use call data—as outlined in the company’s own terms of service—creates a “plausible inference” of CIPA violation. This is a critical distinction. The court did not require plaintiffs to prove that Google actually used the data improperly. Instead, the mere fact that Google *could* access the data, combined with the company’s contractual right to do so, was sufficient for the lawsuit to proceed past the motion to dismiss stage. This reasoning has broader implications for how courts evaluate privacy claims against technology companies. Typically, plaintiffs must demonstrate actual harm or actual misuse to proceed with a lawsuit.
But in this case, the court essentially said that if a company has the technical capability and contractual permission to access sensitive data, and individuals didn’t consent to that access, the violation is “plausible” enough to warrant a full trial. For class action litigation, this is significant because it lowered the evidentiary bar at the pleading stage. It means Google will have to defend itself at trial rather than getting the case dismissed early. However, this doesn’t guarantee that plaintiffs will ultimately prevail—it only means the case will move forward to discovery, summary judgment, or trial. One important limitation: the court’s decision doesn’t establish that Google actually violated anyone’s privacy. It simply allows the class of affected customers to pursue their claims. Google will have multiple opportunities to defend itself, including by arguing that customers implicitly consented to Google’s involvement through the companies’ privacy policies or terms of service. The outcome of this litigation remains uncertain, which is why no settlement has been announced yet.
Which Customers Are Potentially Affected by This Case?
The scope of affected customers is potentially enormous. Google Cloud Contact Center AI is used by major companies including Verizon, Hulu, GoDaddy, and home Depot. This means any customer who has called any of these companies for customer service since Google’s CCAI technology was deployed could potentially be part of the affected class. For a company like Verizon, which handles millions of customer service calls annually, the class could include millions of individuals. The same applies to Hulu, which processes countless customer calls related to account issues, billing, and technical support. The lawsuit, filed in October 2023, was brought on behalf of customers whose calls were processed through Google’s Contact Center AI system without their knowledge or consent.
The case represents a class action, meaning individual customers don’t have to file their own lawsuits—instead, one lawsuit covers an entire group of similarly situated people. If the plaintiffs ultimately prevail, customers who are part of the certified class may be eligible to receive compensation. The exact amount would depend on the settlement amount or the court’s judgment, which would then be divided among class members. As of now, without a settlement or judgment on the merits, it’s unclear what compensation might look like. A practical consideration: if you have called Verizon, Hulu, GoDaddy, or Home Depot for customer service, particularly after these companies began using Google Cloud Contact Center AI, you may be part of the potential class. You would not need to take any action now, but you should monitor the litigation for updates about class certification, settlement notifications, or claim filing periods. Settlement notices, if they occur, would typically provide information about how to submit a claim.
How Does California’s Invasion of Privacy Act Apply to AI and Cloud Services?
California’s Invasion of Privacy Act (CIPA) was enacted in 1967, long before artificial intelligence and cloud computing existed. The law makes it illegal to intentionally record or listen to a phone conversation without the consent of all parties. This “all-party consent” requirement is what makes California stricter than many other states, which only require that one party to a call consent to recording. When CIPA was written, “recording” meant capturing a conversation on tape. Today, the key legal question is whether processing a live call through a cloud-based AI system constitutes “recording or listening” under the statute. The court in the Google case appears to have concluded that yes, it does. When Google’s AI system transcribes and analyzes a customer service call, it is effectively “listening” to the conversation, even if no permanent recording is made.
The system accesses the audio in real-time, processes it, and generates a transcript and analysis—activities that fall within the definition of “listening” or “intercepting” a conversation. This interpretation expands CIPA’s reach into the digital age and suggests that companies cannot simply route customer calls through third-party AI systems without obtaining consent from all parties on the call. However, there’s a tradeoff here. If courts strictly enforce CIPA in this context, it could limit companies’ ability to use AI tools for legitimate purposes like quality assurance, agent training, and customer service improvement. Many businesses argue that they have valid reasons for analyzing customer calls and that they disclose this practice in their privacy policies. The litigation will ultimately test whether disclosure is enough, or whether explicit, informed consent from each individual customer is required. This has implications not just for Google, but for any company using third-party cloud services to analyze voice data.
The Difference Between Technical Capability and Actual Misuse
A critical element of the court’s reasoning involves the distinction between what Google *could* do with call data and what Google *actually* did. The plaintiffs alleged that Google unlawfully accessed, transcribed, and analyzed customer service calls. The court found this allegation plausible based on Google’s disclosed technical capability and contractual right to access the data. But here’s the key limitation: the court did not rule that Google definitely misused the data. The lawsuit is still in the early stages, and Google has not been found liable. In discovery and at trial, Google will have an opportunity to provide evidence about how it actually uses the data from customer service calls processed through its CCAI system. The company may argue that it only uses the data for providing the service itself—transcribing and analyzing calls to help its business customers improve their customer service.
Google may also argue that customers consented to this practice through the privacy policies and terms of service of the companies they called. These are legitimate defenses that could ultimately result in Google prevailing in the litigation. The “plausible inference” ruling simply means that the case will proceed to a stage where evidence can be presented and evaluated. One warning: this case illustrates the gap between companies’ disclosed practices and customers’ actual understanding of those practices. Many customers likely have no idea that their calls to Verizon, Hulu, GoDaddy, or Home Depot are being processed by Google’s AI system. Even if the companies disclosed this practice in their privacy policies, most customers don’t read or fully understand those policies. The litigation may ultimately turn on whether disclosure in dense privacy policy language is sufficient consent, or whether companies need to provide clearer, more explicit consent mechanisms for customers whose calls will be processed by third parties.
The Motion to Dismiss Decision and What Happens Next
On February 10, 2025, the Northern District of California issued its decision denying Google’s motion to dismiss. A motion to dismiss is an early procedural step where defendants try to get a lawsuit thrown out before any trial occurs. Google argued that plaintiffs’ allegations didn’t state a valid legal claim under CIPA or other relevant laws. The court disagreed, finding that the allegations were sufficient to survive this procedural hurdle. This decision is significant because it means the case will move forward to the discovery phase, where both sides will exchange documents and information, and potentially to summary judgment or trial. What happens next will likely take several years.
The case will proceed through discovery, during which plaintiffs’ attorneys can request documents from Google about how the CCAI system works, what data it collects, and how that data is used. Google will provide its own evidence about its practices and disclosures. At some point, the parties may attempt to settle the case, or the litigation may proceed to trial. A settlement would involve Google agreeing to pay a sum of money to affected customers or taking corrective actions. A trial would result in a judgment from a judge or jury. Either way, the case is unlikely to be fully resolved in 2026.
Broader Implications for AI Privacy and the Future of Cloud Services
This litigation signals that courts are willing to apply older privacy laws to new technologies in expansive ways. The Invasion of Privacy Act, written in 1967, was not specifically designed to regulate AI systems or cloud computing. But courts are interpreting it to cover these modern technologies because the law’s core prohibition—third parties accessing communications without consent—applies regardless of the technology used. This approach could have lasting implications for how AI companies handle sensitive data.
Looking ahead, this case may influence how companies disclose and obtain consent for third-party data processing. It could also prompt legislative action at the state or federal level to clarify how privacy laws apply to AI and cloud services. For now, the pending litigation serves as a reminder that companies handling customer voice data—whether for transcription, analysis, or any other purpose—need to carefully consider whether they have obtained appropriate consent from all parties. For customers, it underscores the importance of understanding what happens to their data when they interact with businesses and their service providers.
Conclusion
The Ambriz v. Google LLC case represents a significant moment in the intersection of privacy law and artificial intelligence. The court’s February 2025 decision to deny Google’s motion to dismiss means that allegations that Google unlawfully accessed and analyzed customer service calls through its Contact Center AI platform will proceed to the next phase of litigation. While the ruling doesn’t prove Google violated customers’ privacy rights, it establishes that the lawsuit raises plausible legal claims worthy of further investigation through discovery and trial.
Millions of customers who have called companies like Verizon, Hulu, GoDaddy, and Home Depot may ultimately be part of the affected class. If you have called one of these companies and believe your call was processed through Google’s Contact Center AI system, monitor the litigation for updates about class certification, settlement notices, or opportunities to file claims. In the meantime, the case serves as a broader reminder to review privacy policies and understand what happens to your data when you interact with businesses. The outcome of this litigation will likely shape how companies use AI to process voice data in the future, potentially requiring clearer consent mechanisms and more explicit disclosures about third-party data access.
You Might Also Like
- Meta Android Privacy Litigation Claims App Data Was Improperly Collected
- Union Home Mortgage Data Breach Litigation Claims Borrower Information Was Exposed
- The Trade Desk Data Privacy Litigation Claims Ad Tech Tracking Violated User Rights
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: