The Court of Appeal has paved the way for iPhone users to sue Google for damages over the alleged abuse of Apple’s Safari privacy settings, which it is claimed allowed the tech giant to capture data without consent and then sell it to advertisers.
The legal case has been brought by “Google You Owe Us”, a group set up by former Which? director Richard Lloyd, and has been running for nearly two years. It actually dates back over eight years, when it is alleged the mass “slurping” of personal data first took place.
Lloyd’s lawyers allege that Google bypassed privacy settings on Apple iPhone handsets between August 2011 and February 2012 and used data to divide people into categories for advertisers.
It is claimed that the information collected by Google included racial or ethnic origin, physical and mental heath, political affiliations or opinions, sexuality and sexual interests and social class.
It is also said that information about an individual’s financial situation, shopping habits and their geographical location were obtained and that the data was then aggregated and users were put into groups such as “football lovers” or “current affairs enthusiasts”.
Lloyd first started legal action in November 2017, when Google was summoned to the High Court to answer the charges. “Google You Owe Us” is seeking compensation of £3.2bn for more than 4 million iPhone users, equivalent to £750 each.
However, in a ruling made in October 2018, Mr Justice Warby, who oversaw the case, blocked the claim, insisting that there was no evidence that victims had suffered “damage”. He also said that it was impossible to reliably calculate the number of iPhone users affected by the alleged privacy breach.
But the Court of Appeal has today overturned this ruling. In a summary, Chancellor of the High Court Sir Geoffrey Vos said: “The claimants that Mr Lloyd seeks to represent will all have had their browser generated information (BGI) – something of value – taken by Google without their consent in the same circumstances during the same period.
“The represented class were all victims of the same alleged wrong, and had all sustained the same loss, namely loss of control over their BGI.”
In response to the decision, Lloyd said: “Today’s judgment sends a very clear message to Google and other large tech companies – you are not above the law.
“Google can be held to account in this country for misusing peoples’ personal data, and groups of consumers can together ask the courts for redress when firms profit unlawfully from ‘repeated and widespread’ violations of our data protection rights.”
Google has already paid out millions of dollars to settle claims in the US relating to the practice, after action taken by the US Federal Trade Commission in 2012. Even so, Google has said it will now seek permission to appeal at the Supreme Court.
The UK does not have a great record in allowing compensation payments for data loss; so far not a single penny has been paid to consumers through court rulings. One of the first UK class actions, launched in 2015 against Morrisons following the theft of employee data, has still not been settled.
In December 2017, the High Court ruled in the claimants’ favour; Morrisons then appealed but this was booted out in October 2018, but in April this year Morrisons won the right to have the case heard in the Supreme Court. A date has yet to be set for that hearing.
Related stories
High Court blocks class action over Google tracking
Google faces £3bn High Court battle over data tracking
Google summoned to High Court to defend data tracking
Morrisons loses appeal against data breach pay-out
Lawyer slams Morrisons on eve of data ruling appeal
Thousands of Morrisons staff to get data leak pay-off
Morrisons staff start High Court fight over 2014 breach
Morrisons staff take legal action over 2014 breach
Google fined $22.5m for DNT abuse