A federal judge in California has dismissed a proposed class action accusing Google of quietly monitoring users' private emails, chats, and video calls through its Gemini AI assistant, ruling that the plaintiffs failed to spell out what information Google actually accessed or what concrete harm they suffered as a result. The plaintiffs have been given a chance to fix the problems and refile.
U.S. District Judge Noel Wise granted Google's motion to dismiss the amended complaint brought by Thomas Thele and Melo Porter, who alleged that the company violated state and federal wiretapping statutes and invaded their privacy when it switched on Gemini by default for all Gmail, Chat, and Meet users in October.
According to the lawsuit, users previously had to actively opt in before Google's AI could interact with their accounts, and the shift to an opt-out default last year allowed the company to monitor and hold onto private communications without users' consent.
Google had argued back in January, when it first moved to dismiss the case, that the plaintiffs never adequately alleged that their own data had been touched or described a concrete enough injury to satisfy the standing requirements under Article III of the Constitution.
Judge Wise agreed, concluding that the complaint failed to describe with sufficient detail the central harm it was built around, Google's supposed intrusion into users' private communications.
The judge's opinion highlighted several specific gaps in the complaint. She noted that the plaintiffs never explained when they first signed up for Google's services or whether they were already using Gmail, Chat, or Meet before the company allegedly flipped Gemini on by default on October 10, 2025.
She also pointed out that the complaint did not explain why that particular date was significant, no indication of whether the plaintiffs had been shown Google's privacy policies when they created their accounts, no confirmation of whether Gemini's features were already active when their accounts were first set up, and no statement about whether they had since turned the features off.
In the judge's view, nothing in the complaint ruled out the possibility that Gemini had already been running as a default feature well before the October date the plaintiffs cited.
Judge Wise also found that the plaintiffs had not shown their own personal data was actually affected by Gemini. While the complaint broadly described the kinds of sensitive financial, medical, and employment information that can live inside a Google account, it did not point to any specific messages or communications that Gemini supposedly analyzed, nor did it identify any particular personal data the AI tool had actually used.
The judge noted that the plaintiffs never claimed to have witnessed any real-world evidence of their data being put to use and said merely alleging that Gemini theoretically could access their data wasn't enough to establish a real injury.
The court additionally rejected the plaintiffs' bid to pursue an order blocking Google's practices going forward, finding they hadn't shown they or other members of the proposed class faced an ongoing or future risk of the same harm.
Judge Wise noted that, as Google had pointed out, users can eliminate any risk going forward simply by switching off Gemini's "smart" features in their account settings.
Despite dismissing the complaint, the judge gave the plaintiffs 21 days to file a new version addressing the shortcomings, citing the general principle that courts should freely allow amended pleadings when doing so serves the interests of justice and helps resolve cases on their merits rather than on procedural technicalities.
The underlying complaint, filed shortly after Thele brought the case on his own in November, accused Google of violating California's constitutional privacy protections and the state's Invasion of Privacy Act, which bars secretly recording or intercepting confidential communications without consent.
It also alleged violations of California's computer data access law and the federal Stored Communications Act, both of which prohibit intentionally accessing protected electronic information without authorization, and argued that Google's conduct amounted to an intrusion upon seclusion given the password protection, encryption, and two-factor safeguards users reasonably expect to keep such communications private.