A billion-pound legal action against Google over claims it secretly tracked millions of iPhone users’ internet activity would “open the floodgates” to mass data protection claims if it’s allowed to go ahead, the Supreme Court has heard.
Open the floodgates
Former Which? director Richard Lloyd, supported by campaign group Google You Owe Us, wants to bring a “representative action” against the US-based tech giant on behalf of around 4.4 million people in England and Wales.
He claims Google “illegally misused the data of millions of iPhone users” through the “clandestine tracking and collation” of information about internet usage on iPhones’ Safari browser, known as the “Safari workaround”.
Lloyd and Google You Owe Us hope to win between £1bn and £3bn in compensation for alleged breaches of the Data Protection Act.
The High Court initially ruled that Lloyd could not serve the claim on Google outside the jurisdiction of England and Wales in October 2018, but that decision was overturned by the Court of Appeal in October 2019.
On 28 April, Google’s lawyers said that landmark ruling could “open the floodgates” to vast claims brought on behalf of millions of people against companies responsible for handling people’s data.
Antony White QC told the Supreme Court that “a number of substantial representative actions have been commenced seeking compensation for breach of data protection rights” since the Court of Appeal’s judgment.
Claims “brought on behalf of hundreds of thousands, and, at least in one case, millions, of individuals” have recently been launched against Facebook, TikTok and Google-owned YouTube, the court heard.
“Profound and far-reaching”
White said, in written submissions, that allowing such claims to be brought could have “profound and far-reaching implications across all civil litigation”.
He argued that, under data protection laws, “compensation is only available for ‘damage’ suffered as a consequence of the (data) breach, and not for the breach itself”.
White added that “the technical matters which gave rise to the ‘Safari workaround’ were rectified many years ago”.
He told the court:
In circumstances where the alleged breaches have long ago ceased and a remedy already exists for any financial loss or distress caused by those alleged breaches, there is no need to fashion any further remedy for individuals who have neither suffered any financial loss or distress nor experienced any ongoing infringement of their rights.
White also said that “the true purpose” of Lloyd’s proposed claim was “to pursue a high-profile public campaign for ‘accountability’ against Google, rather than to obtain redress” for any data breaches. He added:
The absence of any attempt on the part of any of the millions of class members to seek redress from Google is a telling reflection that the subject matter of the claim is not important to the individuals on whose behalf the claim is brought.
Harvesting users
Hugh Tomlinson QC, representing Lloyd, said in written submissions:
The fundamental question in this case is whether the courts can provide access to justice and, potentially, a remedy in cases where a very large number of people are affected by breaches of their data protection rights.
Tomlinson added that the millions of proposed claimants “will not have access to justice” if Lloyd’s claim was not allowed to go ahead. He said “data is now central to the operation of the post-industrial economy”, and that “the foundation of (Google’s) business is trading in the personal data of its users”.
Tomlinson also said personal data is “a valuable asset” to Google, “as demonstrated by the fact that the appellant in fact exploited the data for its own economic advantage”.
He argued that “the existing state of society with the mass trade in personal data requires the court to adapt its practice and course of proceedings to allow the victims of large-scale data breaches access to remedies”.
Tomlinson said doing so would provide the proposed claimants represented by Lloyd “with access to justice and a remedy which would otherwise be entirely absent”.
Divide and categorise
Google You Owe Us and Lloyd claim Google bypassed privacy settings on Apple iPhone handsets between August 2011 and February 2012 and used the data gathered to divide people into categories for advertisers.
They say “browser-generated information” collected by Google included racial or ethnic origin, physical and mental heath, political affiliations or opinions, sexual interests, and social class.
Google’s lawyers say there is no suggestion the so-called Safari workaround resulted in any information being disclosed to third parties.
The hearing, which is being livestreamed on the Supreme Court’s website, is due to finish on 29 April and it’s expected the court will give its ruling at a later date.