Posts Tagged Misuse of private information

Lloyd v Google. High Court rejects jurisdiction viz US defendant, interprets ‘damage’ in the context of data protection narrowly.

Warby J inĀ  [2018] EWHC 2599 (QB) Lloyd v Google (a class action suit with third party financing) considers, and rejects, jurisdiction against Google Inc (domiciled in the US) following careful consideration (and distinction) of the Vidal Hall (‘Safari users) precedent.

Of note is that the jurisdictional gateway used is the one in tort, which requires among others an indication of damage. In Vidal Hall, Warby J emphasises, that damage consisted of specific material loss or emotional harm which claimants had detailed in confidential court findings (all related to Google’s former Safari turnaround, which enabled Google to set the DoubleClick Ad cookie on a device, without the user’s knowledge or consent, immediately, whenever the user visited a website that contained DoubleClick Ad content.

In essence, Warby J suggests that both EU law (reference is made to CJEU precedent under Directive 90/314) and national law tends to suggest that “damage” has been extended in various contexts to cover “non-material damage” but only on the proviso that “genuine quantifiable damage has occurred”.

Wrapping up, at 74: “Not everything that happens to a person without their prior consent causes significant or any distress. Not all such events are even objectionable, or unwelcome. Some people enjoy a surprise party. Not everybody objects to every non-consensual disclosure or use of private information about them. Lasting relationships can be formed on the basis of contact first made via a phone number disclosed by a mutual friend, without asking first. Some are quite happy to have their personal information collected online, and to receive advertising or marketing or other information as a result. Others are indifferent. Neither category suffers from “loss of control” in the same way as someone who objects to such use of their information, and neither in my judgment suffers any, or any material, diminution in the value of their right to control the use of their information. Both classes would have consented if asked. In short, the question of whether or not damage has been sustained by an individual as a result of the non-consensual use of personal data about them must depend on the facts of the case. The bare facts pleaded in this case, which are in no way individualised, do not in my judgment assert any case of harm to the value of any claimant’s right of autonomy that amounts to “damage”…”

The judgment does not mean that misuse of personal data cannot be disciplined under data protection laws (typically: by the data protection authorities) or other relevant national courses of action. But where it entails a non-EU domiciled party, and the jurisdictional gateway of ‘tort’ is to be followed, ‘damage’ has to be shown.

Geert.

 

, , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

The High Court accepts jurisdiction in ‘Safari users’ [Vidal-Hall et al v Google] case. European privacy rules bolstered?

Update October 2018 upon revisting the issues I can now add that the claim was settled before the Supreme Court heard the case.

[Postscript 26 august 2015: the UKSC granted Google leave to appeal on 28 July 2015]

[Postscript 27 March 2015: today the Court of Appeal confirmed the High Court ruling. Emma Cross has immediate analysis here.]

In Vidal-Hall et al v Google Inc, the High Court assessed its jurisdiction against Google Inc and found no reason to apply forum non conveniens. Google UK was not involved, the Jurisdiction Regulation (44/2001) does not apply.

Claimants allege that Google misused their private information, and acted in breach of confidence, and/or in breach of the statutory duties under the Data Protection Act 1998 s.4(4) (“the DPA”), by tracking and collating, without the claimants’ consent or knowledge, information relating to the claimants’ internet usage on the Apple Safari internet browser. Applying the Spiliada criteria, Tugendhat J first of all dismissed the relevance of the location of documents, serving Google a dose of its own medicine: ‘In any event, in the world in which Google Inc operates, the location of documents is likely to be insignificant, since they are likely to be in electronic form, accessible from anywhere in the world. ‘ ‘By contrast, the focus of attention is likely to be on the damage that each Claimant claims to have suffered. They are individuals resident here, for whom bringing proceedings in the USA would be likely to be very burdensome (Google Inc has not suggested which state would be the appropriate one). The issues of English law raised by Google Inc are complicated ones, and in a developing area. If an American court had to resolve these issues no doubt it could do so, aided by expert evidence on English law. But that would be costly for all parties, and it would be better for all parties that the issues of English law be resolved by an English court, with the usual right of appeal, which would not be available if the issues were resolved by an American court deciding English law as a question of fact.’ (at 132-233)

Forum non conveniens dismissed – the case can go ahead.

The judgment, in reviewing the prima facie case on the merits, also bolsters the existence of a tort of ‘misuse of private information’ and surely adds to the growing authority of European-based data protection rules.

(On an aside, note the rather delightful observation by Tugendhat J (at 56) that ‘civil law jurisdictions have managed to develop civil liability for breaches of an obligation of confidence in relation to personal information without the benefit of a historical equivalent of the law of equity.’).

Geert.

, , , , , , , , , , , , , , , , , , , ,

2 Comments

%d bloggers like this: