Search engine giant Google lost this time around. The company filed a bid to stop consumers in the United Kingdom from exercising the right to sue over the alleged misuse of privacy settings. But the U.K. appeals court didn’t see it Google’s way.
The Court of Appeal instead ruled that the case of Vidal-Hall et al v Google successfully classifies the misuse of private information as a tort. That means claimants can recover damages under the U.K.'s Data Protection Act (DPA) of 1998 for non-material loss.
Essentially, three plaintiffs can now pursue lawsuits against Google for allegedly tracking and collecting browser-generated information from their Apple Safari browsers.
"These claims raise serious issues which merit a trial,” the court said in its ruling. "They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature . . . about and associated with the claimants' Internet use, and the subsequent use of that information for about nine months. The case relates to the anxiety and distress this intrusion upon autonomy has caused."
What This Means
Google could not immediately be reached for comment, but the company has been down a similar road before in the U.S. In 2012, the company agreed to pay $22.5 million to settle Federal Trade Commission charges that it misrepresented privacy assurances of Safari's U.S. users.
Google shelled out another $17 million to settle allegations in 37 states and the District of Columbia that it secretly tracked Web users by inserting digital files into their cell phones, according to Reuters.
Attorneys for the U.K. plaintiffs are calling it a landmark case. Emma Cross, an associate at Olswang, the firm representing the plaintiffs, said the legal proceedings will cover ground that is not clear-cut and may open the door for a substantial class action by Apple Safari users in the U.K.
“The classification of the misuse of private information has been the subject of discussion in previous cases, but this was the first case in which it ‘made a difference,’” Cross wrote in a blog post. “Without this classification, the claimants would have been prevented from remedying their civil wrong in the English courts and, in our increasingly digital age, would not have been alone in this regard.”
What’s more, the assessment is likely to have broad and currently undetermined implications, including as to remedies, limitation and vicarious liability, she said. She offered an example: Classifying the misuse of private information as a tort will permit damages -- including exemplary damages -- being awarded as of right, rather than remedies being equitable and therefore discretionary.
“This is undoubtedly a developing area of the law. Since the coming into force of the Human Rights Act 1998, the courts have had to grapple with how to afford appropriate protection of ‘privacy rights’ in the absence of a common law tort of invasion of privacy,” Cross said.
She explained that what began as the development and adaptation of the law of confidentiality to protect the misuse of private information has led to the current acceptance that there are two separate and distinct causes of action -- breach of confidence and misuse of private information -- that protect different interests and rest on different legal foundations.
“This judgment provides welcome clarification on two related, but distinct, areas of law,” Cross said. “It will be interesting to monitor how it is used in the field of privacy law going forward and whether claimants with a claim that falls under the tort of misuse of private information will also end up bringing it under the DPA, given that the hurdle of pecuniary loss has been lifted.”