Three of the world’s most prominent technology companies—Google, Microsoft, and Kenneth Cole Productions—are facing a new wave of legal scrutiny over how they collect, use, and share the personal data of millions of people. Recent lawsuits and regulatory rulings from California to Austria have thrust the issue of digital privacy into the spotlight, raising tough questions about what really happens when users click “accept” (or “reject”) on cookie banners, or rely on voice assistants and online learning platforms.
On January 23, 2026, Google agreed to pay $68 million to settle a class action lawsuit in San Jose, California, federal court. According to Reuters, the suit accused the tech giant of violating users’ privacy by allowing its voice-activated Google Assistant to record and disseminate private conversations, even when users hadn’t intentionally activated the device. The complaint alleged that Google Assistant, designed to respond to “hot words” like “Hey Google” or “Okay Google,” sometimes misinterpreted ordinary speech as a command—a phenomenon known as “false accepts.” As a result, users said they received targeted ads based on conversations they never intended to share with Google’s servers.
“I never expected my private conversations to end up as data points for advertising,” said one plaintiff, echoing the concerns of many who joined the class action. The settlement, which still requires approval from U.S. District Judge Beth Labson Freeman, covers anyone who bought a Google device or was subjected to these “false accepts” since May 18, 2016. Notably, lawyers for the plaintiffs may seek up to one-third of the settlement fund—about $22.7 million—in legal fees.
Google, a subsidiary of Alphabet based in Mountain View, California, denied any wrongdoing. In court papers, the company said it settled to “avoid the risk, cost, and uncertainty of litigation.” When reached for comment on January 26, Google declined to elaborate further. The settlement comes on the heels of a similar $95 million agreement Apple reached with smartphone users in December 2024, underscoring the growing legal risks for tech companies over privacy missteps.
But Google is hardly alone in facing scrutiny. On the same day as the Google settlement, two California residents filed a proposed class action complaint against Kenneth Cole Productions Inc., a fashion retailer, alleging the company shared their personal information with third parties despite their explicit refusal of cookie tracking. According to Bloomberg Law, the complaint centers on the Kenneth Cole website’s consent banner, which allows users to reject cookies used for analytics, marketing, and functionality. The plaintiffs, Jose Ortiz and John Inzalaco, claim that even after opting out, the site continued transmitting user data to cookie providers.
“It’s frustrating,” Ortiz said in the filing. “The site gave me the impression that I was in control of my privacy, but my data was still being sent out.” The lawsuit highlights the ongoing confusion and lack of transparency around digital consent mechanisms, as well as the technical loopholes that can undermine users’ choices. While the outcome of the Kenneth Cole case remains uncertain, it’s clear that consumers and regulators are paying closer attention to the fine print—and the technical implementation—of privacy policies.
Meanwhile, across the Atlantic, Microsoft is facing its own reckoning over data privacy, this time involving schoolchildren. On January 27, 2026, the Austrian data protection authority (DSB) ruled that Microsoft had illegally installed tracking cookies on a school pupil’s devices without consent. The case was brought by None of Your Business (noyb), an Austria-based privacy advocacy group, and dates back to the COVID-19 pandemic, when schools rapidly adopted online learning platforms like Microsoft 365 Education.
According to The Register, Microsoft’s cookies analyzed user behavior, collected browser data, and were used for advertising purposes. The Austrian Ministry of Education and the school involved said they were unaware of the tracking software until noyb launched the complaint. Felix Mikolasch, a data protection lawyer at noyb, didn’t mince words: “Tracking minors clearly isn’t privacy-friendly. It seems like Microsoft doesn’t care much about privacy, unless it is for their marketing and PR statements.”
The DSB ordered Microsoft to stop tracking the complainant within four weeks of the ruling. Microsoft responded on January 27 by stating, “Microsoft 365 for Education meets all required data protection standards and institutions in the education sector can continue to use it in compliance with GDPR. We are reviewing the Austrian data protection authority’s latest decision and will decide on next steps in due course.” Despite Microsoft’s assurances, the ruling has reignited debate over the responsibilities of tech giants when it comes to protecting children’s data.
The Microsoft case is particularly striking because it exposes the complex web of accountability in educational technology. During the pandemic, schools across Europe and beyond rushed to implement digital learning tools, often relying on the privacy documentation and assurances provided by software companies. Yet, as the Austrian case shows, even well-intentioned schools and ministries can be blindsided by hidden data collection practices. The DSB previously ruled in October 2025 that Microsoft had “illegally” tracked students via its 365 Education platform and attempted to shift responsibility for data access requests onto local schools.
These developments come at a time when privacy activists across the European Union have criticized recent reforms to the General Data Protection Regulation (GDPR) and artificial intelligence laws for “playing into Big Tech’s hands.” As regulators and courts try to keep pace with rapidly evolving technology, companies like Google, Microsoft, and even fashion retailers like Kenneth Cole find themselves navigating a minefield of legal and reputational risks.
For everyday users, the implications are profound. Whether it’s a voice assistant listening for a “hot word,” a cookie consent banner that doesn’t actually stop tracking, or a school laptop quietly collecting data, the line between convenience and surveillance has never been thinner. While settlements and regulatory rulings can provide some redress, they also raise the question: Are these measures enough to change the underlying business models of companies whose profits depend on data?
As privacy litigation ramps up on both sides of the Atlantic, tech companies are being forced to reckon with a new reality—one in which users, regulators, and advocacy groups are no longer willing to accept vague promises or opaque practices. The coming months will reveal whether these high-profile cases lead to meaningful reforms or simply more sophisticated ways of collecting and monetizing personal information.
In the end, these cases serve as a stark reminder that in the digital age, privacy is both a right and a battleground—one where the stakes are only getting higher.
:sharpen(0.5,0.5,true)/tpg%2Fsources%2Fc8dd349e-fde3-47de-9f6e-c32c6472be5c.jpeg)