Why the class action against Google for misuse of personal internet data was rejected by the Court

Rory Lynch, a solicitor in the media team at law firm Seddons, discusses a recent English High Court decision to stop a class action lawsuit brought against Google

A recent decision by the English High Court has made large-scale class actions for misuse of personal internet data more difficult to litigate.

In Lloyd v Google LLC [2018] EWCH 2599 (QB), the consumer protection campaigner and former Executive Director of Which?, Richard Lloyd, started a class action against Google in relation to their ‘Safari Workaround' and ‘Double-Click Cookie'.

Google's underhand activities in relation to the Safari Workaround were identified back in 2012 by PhD researcher, Jonathan Mayer. This led to litigation in both the US and UK, with Google paying out $39.5 million in fines and damages in the United States alone.

The scandal involved the acquisition and use of browser generated information ("BGI") from third party cookies that enabled the placer of the cookies to track the internet activity of the device in question. Such cookies can be used to monitor internet activity so as to facilitate tailored advertising targeted at that user. These are known as ‘internet based adverts'.

In the period of June 2011 to February 2012, one of Google's third party cookies was known as the ‘Double-Click Cookie'. It would be placed on a device if the user visited a website that contained content from the company's ‘Double-Click' domain.

During this period, Apple's Safari browser was set by default to block third party cookies. However, Apple created some exceptions to this default setting and Google created the ‘Safari Workaround' via their Double-Click Cookie to take advantage of this exception.

Consequently, until 2012 when Apple removed these exceptions, Google were able to surreptitiously collect BGI via Safari and aggregate this data into useful categories such as ‘football lovers' or ‘current affairs enthusiasts'. Controversially, such BGI could also reveal users' more intimate and personal likes and dislikes. Google was then able to sell this data to marketers and advertisers and profit from the deception.

Lloyd's claim related to the "secret tracking and collation by Google" of information as to individuals' internet usage. He claimed that this constituted the processing of personal data in breach of the statutory duty imposed by section 4 of the UK Data Protection Act.

This section of the Act stipulates that personal data should be processed fairly and lawfully. In the case of sensitive personal data, this should be obtained only for "specified and lawful purposes" and "shall not be processed in any manner incompatible with that purpose".

Mr Lloyd was not only suing Google on his own behalf, but also on behalf of a class of other residents in England and Wales who he deemed to be victims of the Safari Workaround. It was estimated that, due to the ubiquity of iPhones, this ‘class' of residents would total approximately 4.4 million persons. Lloyd argued that each of these residents should be entitled to £750 each in damages, which would cost Google in the region of £1 and £3 billion.

[Turn to next page]

Why the class action against Google for misuse of personal internet data was rejected by the Court

Rory Lynch, a solicitor in the media team at law firm Seddons, discusses a recent English High Court decision to stop a class action lawsuit brought against Google

Google's headquarters are in Mountain View, California, which meant Lloyd needed the permission of the English Court to proceed with his English-based legal claim. Lloyd had also secured funding and insurance for his claim from a company called Therium Litigation Funding. Therium had agreed to provide £15.5 million to cover legal costs, in addition to £12 million of insurance in the event of the claim failing and Lloyd being liable for Google's legal costs.

In his measured ruling, Mr Justice Warby identified a number of issues with the claim. Firstly, he pointed out that some of the 4.4 million ‘class' may not have actually objected to their data being harvested without their knowledge as they would benefit from targeted advertising. He used the example of a lasting relationship that could have been formed on the basis of contact made via a phone number disclosed by a mutual friend who did not ask permission to divulge the number.

Therefore, this meant that as some members of the 4.4 million may not object, then it was not possible to identify precisely the whole ‘class' which is required for any such claim.

He also pointed out that the benefit to each class member, namely £750 each in damages, meant that the main beneficiary in any victory by Lloyd would be Therium and his lawyers, who would receive a large windfall in fees. These points taken together meant that the case would offend the legal principles of fairness and proportionality, both in terms of costs and the Court's time and resources. For these reasons the Court would not allow the claim to proceed.

However, those tech titans who have misappropriated the personal internet data of their users should not breathe a sigh of relief just yet. The judge pointed out that if the class could be properly and precisely identified, and evidence of distress or loss disclosed, then the door would be open for future class actions on this issue.

Computing's IT Leaders' Summit this year focuses on a subject at the forefront of every CIO's mind: digital transformation.

Taking place at 10-11 Carlton House Terrace, Computing's IT Leaders' Summit will include a keynote by Alex Sbardella focusing on the future of digital - China. To reserve your place, please check out our dedicated event website