UK Court of Appeal Allows Privacy Claim against Google for its ‘Safari Workaround’ to Proceed

On March 27, 2015, the UK Court of Appeal (UKCA) released its decision inGoogle Inc v Vidal-Hall & Ors, [2015] EWCA Civ 311, affirming a decision of the UK High Court of Justice that allowed UK users of Apple’s Safari web browser to bring a claim against Google for misuse of private information.

A group of UK Safari users sued Google alleging that Google collected private information about them without their knowledge and consent by tracking cookies on the users’ devices. This was done through the use of a cookie called the “Safari workaround”. Google collected this information in order to provide it to advertisers for the purpose of targeted advertising. The claimants alleged misuse of their private information, breach of confidence, and breach of the UK Data Protection Act 1998. The claimants also alleged that their personal dignity, autonomy, and integrity were damaged, and claimed damages for anxiety and distress.

Because Google is an out of jurisdiction (US) business, the claimants required permission from the UK court to sue Google. To obtain that permission, the claimants had to establish, among other things, that (i) there was a serious issue to be tried on the merits of their claims (i.e. that the claims raised substantial issues of fact, law, or both); and (ii) that there was a good arguable case that their claims came within a jurisdictional ‘gateway’ under UK law. Google argued for dismissal of the case on the basis that the claimants had not met these requirements.

The UKCA rejected Google’s argument that the information collected by Google was not personal data, and consequently, there was no serious issue to be tried. Google argued that the information was not personal data because, among other things, it did not specifically identify the individual by name. The UKCA also rejected Google’s argument that the claimants were not within a jurisdictional “gateway” under UK law because misuse of information was not a tort. It also did not accept Google’s argument that there could not be a claim for compensation under the UK Data Protection Act 1998 without pecuniary loss.

In the US, Google has already paid $22.5 million to settle charges brought by the US Federal Trade Commission in respect of the Safari workaround. It has also paid approximately $17 million to settle actions brought by 38 individual states.

For more information, see this summary prepared by the law firm representing the claimants.