Google Shared Data with ICE — Whatever Happened to 'We Won't Do That'?

In 2018, Google told the world it wouldn’t weaponize its technology or support immigration enforcement. In 2026, records obtained by the Electronic Frontier Foundation tell a different story: Google handed user data to Immigration and Customs Enforcement. The gap between those two facts is where trust goes to die.

The Promise

The backstory matters. In 2018, thousands of Google employees signed an internal petition protesting Project Maven, the company’s AI contract with the Pentagon. Google buckled under pressure, published a set of AI principles, and signaled — through public statements and internal communications — that it would not provide technology for uses like immigration enforcement, where human rights concerns were front and center.

It was a moment that felt meaningful. Google, the world’s largest advertising company, was drawing a moral line.

Then it quietly crossed it. According to records surfaced by the EFF and other civil liberties organizations, Google complied with ICE data requests that included location data and search history. The company that said “we won’t” apparently meant “we won’t talk about it.”

How ICE Uses Big Tech Data

ICE’s use of commercial data has grown increasingly sophisticated. Location data lets agents reconstruct a person’s movements. Search history and communication metadata help map social networks. This doesn’t just affect undocumented immigrants — it reaches their families, their lawyers, and the activists who support them.

The most troubling tool in the kit is the geofence warrant. Rather than targeting a specific suspect, these warrants demand data on every device present at a given location during a given time window. If you happened to be near an immigration raid while picking up coffee, your data could get swept up with everyone else’s. It’s the digital equivalent of stopping every car on the highway because one of them might be speeding.

Why the EFF Is This Angry

The EFF’s fury isn’t just about data sharing. It’s about information asymmetry. Users continued trusting Google’s services in part because of those 2018 commitments. They made choices — what to search, where to carry their phones, which services to rely on — based on promises Google was already breaking behind the scenes.

The EFF’s blunt assessment: Big Tech privacy pledges are PR strategies with no legal teeth. And they’re right. These commitments live in blog posts and keynote speeches, not in binding contracts or independent audits. There’s no enforcement mechanism. There’s no penalty for breaking them. They’re corporate pinky promises.

Google Isn’t the Only One

If this were just a Google problem, it would be simpler. It isn’t.

Amazon’s Ring doorbell division was caught sharing camera footage with police without warrants. Microsoft and Palantir have maintained open contracts with ICE for years. The pattern is consistent: market privacy as a value, monetize surveillance as a business.

The incentive structure makes the hypocrisy almost inevitable. Federal IT spending hit roughly $100 billion in 2025. No company is going to walk away from that market over a blog post it wrote eight years ago. When principles and procurement contracts collide, procurement wins.

What You Can Do (and Why It’s Not Enough)

You can turn off location history. Reset your advertising ID. Use a VPN. These steps help at the margins, but they don’t solve the fundamental problem: if you’re logged into a Google account, you’re generating data. And that data is one subpoena away from landing on an ICE agent’s desk.

The real fix is legal regulation. Not voluntary pledges — laws with consequences. Europe’s GDPR isn’t perfect, but fines of up to 4% of global revenue have a way of focusing corporate attention that blog posts never will. The US still has no federal privacy law that comes close. Until that changes, every tech company’s privacy commitment is a promise written in pencil.

Google’s broken pledge is a useful reminder: privacy protection that depends on corporate goodwill isn’t privacy protection at all. The question isn’t whether your favorite tech company means well. It’s whether anything stops them when they stop meaning well.