What exactly happened?
Richard Lloyd, former director of consumer rights group Which? accused Google of breaching data protection law for tracking data of iOS safari users without their consent. He cited the damage caused to Apple iPhone users due to unlawful processing of data. If the lawsuit had been allowed to continue, Google could have been forced to pay £3.2 billion in compensation to millions of iPhone users.
The basis of the allegation was that Google secretly tracked the browsing activity of 5 million iPhone users in the years 2011 and 2012 in England and Wales. Also, the claim says data was collected without any consent or knowledge of the users. Consequently, iOS users could be easily targeted by advertisers based on their browsing history. Information collected included sensitive data, such as data about social class, racial or ethnic origin, physical and mental health, political opinions, or affiliations.
Google dismissed all the claims on the grounds that compensation cannot be awarded without any proof of a data breach that caused iOS users to suffer from financial distress under the DPA 1998 act.
How did Google win the privacy battle?
The UK Supreme Court unanimously blocked the 3.2-billion-pound class action against Google over allegations on the data privacy case. The problem was the way the legal claim was put up as a collective action. This was the first time in UK history where an individual brought a class action on behalf of many others, without all those affected actively opting in. This was where the case faltered.
The Supreme Court ruled that without evidence of the unlawful processing, or individuals suffering material damage, or financial distress as a result of the unlawful processing of personal data, the case could not proceed.
All the arguments were rejected, dismissing the claim against Google for two significant reasons. At first, the claim founded solely on section 13 of the DPA 1998 provides that compensation is entitled to an individual only if they suffer any financial damage due to unlawful processing of personal data. And secondly, it would have been critical to prove what unlawful processing of data Google did relate to an individual.
Giving compensation without any concrete proof of damage would have been entirely unsustainable. Both issues came in favour of Google, and the Court decided not to serve proceedings further on the search giant.
Summary
The decision was a big blow to campaigners and rights groups have responded to the Supreme Court judgement by calling for the government to legislate for collective redress. Jim Killock, the Executive Director of the Open Rights Group said that in the wake of the case, the government should now look to give people a way to “seek redress against massive data breaches” without having to spend vast amounts on legal fees.
Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.
