The way Google's scanning systems work amounts to illegal "interception" or "eavesdropping" under federal and state wiretapping statutes, both suits allege.
When it scans email for advertising purposes, Google isn't exactly "reading its users' emails." It's all automated, with a machine searching for keywords in the mails and relating them to ads. It's what allows Google and other companies to offer their services for free. But it still makes some people highly uncomfortable.
Facebook faces a similar lawsuit, which claims the company scans people's private messages for URLs for "purposes including but not limited to data mining and user profiling." It's accused of violating the Electronic Communications Privacy Act, as well as privacy and unfair competition laws in California.
These issues raise questions about the extent to which users should be concerned about the access companies have to their private communications.
With the exception of certain types of information like medical records, your data is basically all there for the taking, said Lorrie Faith Cranor, an associate professor of computer science and of engineering and public policy at Carnegie Mellon University, and director of the CyLab Usable Privacy and Security Lab.
"There's few restrictions legally on what big companies are allowed to do with your personal data," she said. "What you purchase, which websites you browse ... there's no law legally saying you can't look at that," she said.
There are differences between automatically scanning people's messages and actually reading them, but in either scenario some actionable use is made of the data. One of the questions, Cranor said, is how that data is put to use.
Scanning emails to prevent spam or viruses is probably fine with most people. But scanning emails to provide targeted ads? That's where Internet users have mixed feelings.
At the same time, almost all the major Internet firms have bolstered their efforts to protect people's data from intrusion by outside entities such as governments and hackers. Last month, Microsoft announced availability of its Office 365 Encryption program, which encrypts the emails people send to make snooping harder.
And Google this week said it was removing the option to turn off its HTTPS encryption, to make it harder for others to snoop on people's email.
For those seeking more online privacy, smaller outfits have cropped up like Syme, an encrypted Facebook-like service, and the messaging app Wickr, which claims to have no way of seeing people's data even if the company wanted to.
But the major free online services like Facebook and Google are unlikely to be changing their business models any time soon.
"If you're getting a free service, you're paying for that service with your data," said Susan Freiwald, a professor of law at the University of San Francisco, who studies cyberlaw and information privacy. And the fact that your data is stored on a company's servers, she said, poses risks around its availability to governments, hackers and the companies themselves.
Sign up for CIO Asia eNewsletters.