Search

Google test case may lead to greater compliance with UK data protection and privacy laws

The UK's laws provide enforceable rights for UK citizens to prevent the misuse of their personal data. These rights are set out in the Data Protection Act 1998, which in turn is based on a EU Directive. Our laws also provide protection against the misuse of a person's private or confidential information.

A particular problem is that many internet sites are often located outside the EU - and the people running them often aren't aware of, and thus don't think about complying with, our data protection and privacy laws. Or, worse, they choose to ignore them.

A recent case involving Google has the potential to change all of this.

It involves three individuals who issued and served legal proceedings on Google Inc, in the USA, alleging misuse of their private information, breach of confidence and breach of Google's statutory duties under the Data Protection Act 1998. They assert these breaches happened when Google tracked and collated, without their consent or knowledge, information relating to their internet usage on the Apple Safari internet browser between summer 2011 and early 2012.

The three are seeking compensation from Google for the distress they suffered when they learned that the information disclosed to Google was used to target them with adverts. In addition, they allege that they suffered distress when they learnt that as the result of such targeted advertisements, third parties whom they had permitted to use their computers or to review their computer screens had seen the adverts. They assert that the adverts reflected their apparent interests (based on the information collected by Google from the computer devices they used) and that the adverts therefore disclosed information about themselves.

The three claimants successfully obtained leave of the English Court to serve the legal proceedings on Google in the USA. Google then applied for an Order that the English Court had no jurisdiction to try the claims and asked that service of the proceedings be set aside. The Court held, for a variety of reasons, that Google's application should be dismissed and that the Courts of England and Wales were an appropriate jurisdiction in which to try the claims.

What this means is that unless the parties now settle the claims, there will be a trial, at which the Court will determine whether or not Google has committed the alleged legal wrongs and is liable to pay compensation to the claimants for the damages they allegedly suffered.

If the claims are successful then no doubt others will claim, as a result of Google's conduct, that they too have suffered similar damage.

Looking more widely, if Google loses this test case then the inevitable publicity may well lead to more non-EU based businesses taking a greater interest in ensuring that they comply with our laws concerning the protection of personal and private data of our citizens. This could be a watershed moment.

The EU is already concerned that the US is not providing an adequate level of protection for the personal data of EU citizens, particularly in light of recent press revelations over the monitoring of the email and telephone traffic of a number of EU citizens. Google's alleged activities haven't exactly helped to put those concerns to rest.