UK court decision boosts online data protection
Case was taken by English claimants who alleged that Google misused their private information by secretly tracking and collating data about their internet usage
Google: said claims for misuse of private information and breach of confidence were merely equitable in nature, and that procedural rules did not permit the grant of leave in the absence of a claim grounded in tort. Photograph: Chris Ison/PA Wire
The court of appeal in England recently delivered its judgment in Vidal Hall and Others v Google Inc. It is a case of some significance in the evolving EU jurisprudence on data protection rights, not least because it may be seen as taking a different approach to that adopted in the Irish case of Collins v FBD Insurances.
The case was taken by a number of English claimants who alleged that Google Inc misused their private information by secretly tracking and collating data about their internet usage on their Apple devices in 2011-2012. The claimants alleged that Google exploited a wayround mechanism on the Safari internet browser on their Apple devices, despite publicly stating that such activity could not be conducted unless Safari users gave their consent. The claimants asserted that this constituted a misuse of their private information, and a breach of confidence, as well as data protection laws, under the Data Protection Act 1998 (DPA), as well as the data protection directive 95/46.
Although the claimants were granted leave to serve proceedings out of the jurisdiction, Google Inc sought to set this aside, arguing the claims for misuse of private information and breach of confidence were merely equitable in nature, and that procedural rules did not permit the grant of leave in the absence of a claim grounded in tort. It also argued that the DPA claims were bound to fail, as the claimants could not point to any specific loss or damage as required by the DPA, or, alternatively, if the court concluded that such a claim was actionable, any damages awarded would be minuscule and dwarfed by the costs of the litigation.
Elegant analysisCampbell v MGN
There had been some lingering doubt since Campbell as to whether the misuse of confidential information was simply an aspect of breach of confidence laws, or whether it had assumed an independent life form of its own as a tort, given that the superior courts in England were still firm, as in Wainright, that there was no “general” tort of privacy.
The judge also held that the damage resulted from an act committed within the jurisdiction, namely the publication of the advertisements on the claimants’ screens.
One of the most interesting aspect of the judgment was the judge’s determination that there was a serious issue to be tried as to whether claims for compensation under section 13 of the DPA required proof of pecuniary loss. The traditional orthodoxy had viewed this as plain from the wording of the statute, and indeed Feeney J had taken this view in Collins v FBD Insurances when construing the Irish legislation and the directive.
It is too early to consider the impact of this ruling, which is likely to be appealed, but the dicta of Tugendhat J, and the court of appeal, are strong on the issue of vindication of data privacy rights within the directive and CFR framework. This may prompt review of the Collins decision, which, although based on the Irish DPA, was relied upon by Google, but where the court of appeal construed article 23 through the prism of the CFR.
Pauline Walley is a senior counsel with a practice in civil, criminal and internet litigation.