Google Broke Its Promise—Now ICE Has My Data: How Tech Companies Fail Users Under Government Pressure

Google has broken its promise to protect user data by handing over personal information to U.S. Immigration and Customs Enforcement (ICE), according to a case highlighted in the Electronic Frontier Foundation’s (EFF) latest EFFector newsletter. The incident involves an EFF client whose data was provided to ICE despite Google’s assurances that it would safeguard user privacy, raising serious concerns about how tech companies respond to government data requests.

The case, detailed in EFF’s April 2026 EFFector newsletter (issue 38.8), centers on a user who trusted Google with sensitive personal information, only to learn that the company complied with a government request that led to their data being shared with ICE. EFF Senior Staff Attorney F. Mario Trujillo discussed the implications in a companion podcast episode, explaining how state attorneys general may have legal avenues to hold Google accountable for failing to uphold its privacy commitments to users targeted by government agencies.

According to EFF, the incident is part of a broader pattern in which major technology platforms receive government demands for user data and, in some cases, comply without sufficient transparency or user notice. While Google maintains a public commitment to resisting overbroad requests and notifying users when legally permissible, this case suggests a gap between policy and practice—particularly in immigration enforcement contexts where legal standards and procedural safeguards may differ from those in criminal investigations.

Google’s Data Disclosure Practices Under Scrutiny

Google receives thousands of government data requests each year, ranging from subpoenas to court orders and warrants. The company publishes a biannual Transparency Report detailing how it responds to such requests, including the number of requests received, the proportion it complies with, and how often it notifies users. In its most recent report, Google stated that it notified users in approximately 80% of cases where legally allowed, and that it pushes back on requests it deems overly broad or unlawful.

Legal and Policy Implications for Tech Accountability

EFF argues that Google’s actions in this case may violate its own stated privacy principles and could potentially breach user trust or even contravene promises made in its Terms of Service. While the company is generally permitted to comply with valid legal process, EFF contends that users should be notified unless prohibited by law—and that companies have a responsibility to challenge requests that lack proper judicial oversight, especially when they involve vulnerable populations.

Trujillo noted in the EFFector podcast that state attorneys general may pursue legal action under state consumer protection laws if companies engage in deceptive practices by promising privacy protections they do not honor. “When a company tells users it will protect their data and then hands it over to immigration enforcement without meaningful resistance or notice, that’s not just a policy failure—it could be grounds for legal accountability,” he said.

The case also intersects with ongoing debates about reforming Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows U.S. Intelligence agencies to collect certain communications of non-Americans abroad but has been criticized for enabling backdoor searches of Americans’ data. EFF’s newsletter highlights efforts to push for greater transparency and oversight in surveillance practices, including reforms that would limit how government agencies access data held by private companies.

Broader Context: Trust, Transparency, and Tech Responsibility

This incident adds to growing scrutiny over how major tech platforms manage user data in the face of government demands. Similar cases have emerged involving other companies, including instances where data was shared with law enforcement agencies involved in immigration enforcement, protest monitoring, or national security investigations. Privacy advocates argue that without stronger legal protections and corporate accountability mechanisms, users remain vulnerable to surveillance and data misuse—even when they believe their information is secure.

EFF encourages users to stay informed through its EFFector newsletter and podcast, which provide updates on digital rights issues, legal developments, and ways to take action. The organization also invites public support for its litigation and advocacy work aimed at holding technology companies accountable and strengthening privacy protections online.

As of the publication of EFFector 38.8 on April 22, 2026, Google had not issued a public response to the specific case detailed in the newsletter. The company continues to maintain that it balances legal compliance with user privacy, but critics say cases like this underscore the need for clearer commitments, stronger resistance to overbroad requests, and greater transparency when user data is shared with government entities—particularly in sensitive contexts like immigration enforcement.