HomepageCommercial LawPrivate LawPublic Law & Human RightsCriminal LawEU & International LawCareers

Accessibility

Have Irlen Syndrome, or need different contrast? Click the button below for options.

Background Colours

Subscribe

Enter you email address below to subscribe to free customisable article notifications.

Alternatively, click the button below for our various RSS Feeds (available journal wide, or per section).

Google to get a slap on the wrist for ‘stalking adverts’?

About The Author

Chris Bridges (Executive Editor)

Chris is an IT and Data Protection solicitor at a top 20 full service firm and the founder of Keep Calm Talk Law. He also contributes to Computers and Law and other sector specific publications.

[Read More]

On 16 January 2014, the High Court handed down judgment in Vidal-Hall & Ors v Google Inc [2014], with an outcome Google will surely be dismayed by.

Three claimants, all owners of Apple devices, and users of Google services via the stock Apple web browser, Safari, hope to sue Google for either: misuse of their private information, breach of confidence, or breach of statutory duty as a data controller under Section 4(4) of the Data Protection Act 1998.

The Background

If you have ever wondered how a good proportion of the adverts on the internet seem to know what you are thinking of at the moment, or what you are shopping for, but have just put it down to magic, you may be dismayed to find out it is no such thing. In fact, it is the product of an oxymoronic ‘discreetly invasive’ method of discovering exactly what makes you tick.

Many of these Ads are served by Google and its AdSense program. AdSense sets a third-party cookie on your computer, which can be used to track your movement across websites. With enough data, Google are able to determine what Ads you are most likely to click on and tailor the adverts you see according to this. Whilst this may seem innocent, creating a win-for-all situation (you get Ads you are more likely to be interested in, the advertiser gets the most ‘bang for their buck’ and Google profits as a result are sky high), it does not always work out in your favour.

Many find it ‘stalkerish’, not useful; comparable to the uncomfortable situations where somebody knows far more about you than you have ever told them, showing they must have done some digging. This is where the problem arises; the practice is regarded by many to be an invasion of privacy.

Consequently, a feature has emerged in many web browsers called ‘Do Not Track’, which sends a request to websites not to set this type of cookie. Safari, Apple’s browser, takes this further and does not accept third-party cookies, as unfortunately many webmasters are oblivious to the request (they do not check for it), or disregard it.

However, Google used a work-around. Without going into technical details, it allowed Google to track Safari users’ web activity even with the ‘Do Not Track’ feature enabled. The claimants, users of said browser, were disgruntled by this. In effect, Google were completely disregarding their lack of consent (assumed or otherwise).

They alleged that because of this breach of their privacy they had been caused damage. No actual damage had occurred to them but the possibility of such damage caused anxiety and distress. The possibility for damage was the consequences of private information being displayed on their screen as a result of the tracking, which others standing behind them or other users of the same machine might see. Examples may include an employer seeing adverts for jobs at a competitor’s firm, indicating the employee is thinking of ‘jumping ship’, or somebody’s partner seeing adverts for online dating or other adult websites and assuming the ‘browser’ is up to no good.

(For the sake of clarity, not all cookies are ‘evil stalkers’. Many websites use them for basic functionality, such as shopping carts, or maintaining your log in session. The cookies in question here are cookies that are not restricted to one particular site- they can track you across the internet. ‘Normal’ cookies do not, and cannot, do this.)

The Issues & Outcomes

The issue in question was a relatively simple one: do UK Courts have jurisdiction to try these claims? While Google Inc. has a UK subsidiary, Google UK Ltd, its principle place of business is in the USA. Google alleged that whilst in some cases they could be sued here in the UK, and have been before, this particular case did not fulfil the requirements for service of a claim form outside of the UK.

However, out of this question, a new tort has arisen: a tort of misuse of private information.

Under paragraph 3.1 of Practice Direction 6B a “claimant may serve a claim form out of the jurisdiction with the permission of the court”. The claimants sought permission and succeeded, but Google disputed legality of the service of the claim form.

The claimants’ success relied on showing that their claim fulfilled one of a number of grounds found in paragraph 3.1. However, ground 3.1(9) was the ground to prove key to the claimants’ success:

  1. A claim is made in tort where
    1. damage was sustained within the jurisdiction; or
    2. the damage sustained resulted from an act committed within the jurisdiction.

Since it was decided in Kitetechnology BV v Unicor GmbH Plastmaschinen [1995] FSR 765that a claim for breach of confidence was not a claim in tort, it had to be shown that there was in fact a distinct tort of misuse of private information. (Breach of confidence has roots in equity, and is therefore not tortuous).

To distinguish the two, the presiding Judge relied heavily on a passage from OBG Ltd v Allan and Douglas v Hello!:

As the law has developed breach of confidence, or misuse of confidential information, now covers two distinct causes of action, protecting two different interests: privacy, and secret ("confidential") information. It is important to keep these two distinct. In some instances information may qualify for protection both on grounds of privacy and confidentiality. In other instances information may be in the public domain, and not qualify for protection as confidential, and yet qualify for protection on the grounds of privacy. Privacy can be invaded by further publication of information or photographs already disclosed to the public. Conversely, and obviously, a trade secret may be protected as confidential information even though no question of personal privacy is involved.

He was therefore able to conclude, “the tort of misuse of private information is a tort within the meaning of ground 3.1(9).” As with other tortuous claims, damage for anxiety and distress was found to be permissible. The claim under the DPA was also held valid.

You may be wondering, how bad can the distress and anxiety be from something seemingly rather trivial? This is a question the court also had to ask. Whilst there may have been a valid claim for anxiety and distress, the respondent sought to argue, “that the cost of the litigation would be out of all proportion to any award of damages which the Claimants might obtain”. Whilst this may be the case, the judge held that the claimants’ right to privacy under Article 8 ECHR had been engaged, as were Google’s Article 10 rights (freedom of expression, the subject of the dispute was the data, not the adverts themselves). Therefore, the court were obliged to hear the case under Article 6; as a public body, they must “administer the law in a manner which is compatible with Convention rights.”

Most interesting, the presiding judge quickly dismissed the suggestion that the case did not concern private information. Google Inc. submitted that all data was collected anonymously, and 100 x 0 is = 0 (100 pieces of non-private information do not make it private). However, the judge deduced that the product of this data, targeted advertising, was in fact private information.

The Prognosis

It must be noted that the outcome of this dispute is currently unclear. This judgement only concerned whether a claim form could be served to Google’s HQ in California, USA. In doing so, the court had to consider all of the above considerations, which from many lawyers’ point of view is far more interesting.

If the claimants were to succeed at the next stage of this dispute, it is of doubt whether they would obtain any substantial remedy. No financial loss or quantifiable physical damage was caused, and (I assume), any damage caused by anxiety and distress will be minimal. The award of non-pecuniary damages, if any, really will only be a slap on the wrist for Google.

Similar issues have already been heard in the US, with total fines at US $39.5 million (~£24 million at time of writing). This may seem like a lot, but for a company with $2.97 billion profits in just one quarter, it is a drop in the ocean. Damages to the claimants will likely be far, far less.

However, I suspect this is not why the claimants are pursuing the claim; it seems likely they are simply trying to prove a point, and set the groundwork for a monumental movement in online privacy here in the UK.

All claimants may have a special interest in the outcome of this case, perhaps not financial, but personal. “The First Claimant is a self employed editor and publisher. The Second Claimant is a company director of an IT security company. The Third Claimant is a company director of an IT services company.”

High profile judicial support for a separate cause of action of ‘misuse of private information’ is likely to accelerate the movement of online privacy protection. Whilst it is a topic much discussed, no great developments have been made. Such decisions are likely to be considered by parliament and/or the law commission when inevitable reform comes about.

Furthermore, this case and others like it set the boundaries for what is acceptable online tracking. Whilst ‘Do Not Track’ features of some browsers can simply be ignored by websites, this case will make it clear whether or not working around any restriction, or completely disregarding the users preference will open digital companies to lawsuits.

Both Safari and Internet Explorer (10 and above on Windows 8) now come with a default ‘Do Not Track’ feature. Since the specification of ‘Do Not Track’ requires that the feature be enabled explicitly by the user, many advertisers have said they will not honour ‘Do Not Track’ requests. However, should this case and others like it fall in favour of the claimants, advertisers may well be landing themselves in hot water by doing this. A technical specification is different from a legal requirement. By completing ignoring ‘Do Not Track’ requests, advertisers may be seen to be disregarding users privacy preferences indiscriminately; how do they know who has made a conscious decision to protect their privacy, and who has not?

As more browsers include a ‘Do Not Track’ feature, and more browsers enable it by default, online advertisers may need to change their advertising models. If the current trend continues, and cases such as this succeed, it will not be long before online advertisers cannot collect enough data to make the targeted advertising schemes worthwhile.

A potential slap on the wrist for Google, but a huge step for online privacy.

If this lawsuit interests you, you can follow it on the Group Action’s website www.googlelawsuit.co.uk .

For the latest articles straight to your inbox, you can subscribe for free. Alternatively, follow @KeepCalmTalkLaw on Twitter or Like us on Facebook.

Tagged: Commercial Law, Human Rights, Privacy Law, Technology, Tort Law

Comment / Show Comments (0)

You May Also Be Interested In...

Dead on Arrival: The Investigatory Powers Act 2016

29th Sep 2017 by Alexios Ektor Koursopoulos

Misuse of Private Information: The Failure to Protect the Right to Privacy

10th Feb 2017 by Connor Griffith

Living in an Interconnected World – A Legal Conundrum

17th Sep 2015 by Matt Bogdan

Is There Really a ‘Right’ to be Forgotten?

17th May 2014 by Chris Bridges

It's not the end of the line for data retention

10th Apr 2014 by Chris Bridges

Online Bill of Rights: What might it look like?

13th Mar 2014 by Chris Bridges

Section Pick May

Taming the Retail Giants: The Impact of Mergers & Acquisitions on Competition

Editors' Pick Image

View More

KCTL News

Keep Calm Talk Law: Moving Forward

3rd Sep 2019

Changing of the Guard: Moving Keep Calm Talk Law Forward

12th Aug 2018

An Anniversary or Two: Four Years of Keep Calm Talk Law

11th Nov 2017

Rising from the Ashes: The Return of Keep Calm Talk Law

18th Nov 2016

Two Years On, Keep Calm Talk Law’s Legacy is Expanding

11th Nov 2015

Twitter

Javascript must be enabled for the Twitter plugin to function. Click below to visit us on Twitter.

Free Email Subscription

Subscribe to Keep Calm Talk Law for email updates, and/or weekly roundups. You can tailor your subscription on activation. Both fields are required.

Your occupation / Career stage is used to tailor your subscription and for readership monitoring.

Uncheck this box if you do not want to receive our monthly newsletter.

By clicking the Subscribe button, you agree to our privacy policy and terms of service. Please ensure you read these in full.

Free Subscription