The tech giant wins an appeal against a claim that it unlawfully collected personal data of millions of iPhone users
Google has just scored a major court win after the United Kingdom’s Supreme Court has thrown out a mass action lawsuit where the company could have ended up paying billions in compensation to millions of iOS Safari users.
The court allowed the tech giant’s appeal against a so-called ‘representative action’ spearheaded by Richard Lloyd, a former director of UK consumer watchdog Which?, and backed by a campaign group called ‘Google You Owe Us’. The case, which is now blocked from proceeding, stated that the tech giant misused the data of iPhone users around a decade ago, violating data protection principles under the UK’s Data Protection Act 1998.
“The claim is based on the factual allegation that, for several months in late 2011 and early 2012, Google secretly tracked the internet activity of some 4 million of Apple iPhone users in England and Wales and used the data collected without the users’ knowledge or consent for commercial purposes (by enabling advertisers to target advertisements at users based on their browsing history). The DPA 1998 has since been replaced by the UK General Data Protection Regulation supplemented by the Data Protection Act 2018, but it was in force at the time of the alleged breaches and applies to this claim,” read the court’s documents.
Had the legal action been allowed to continue, the company might have ended up paying up to £3 billion (approximately US$4 billion) in damages to the four million iPhone users – some £750 (some US$1,000) per person.
However, the court ruled that the action didn’t prove that the users suffered material damage or mental distress as a result of their data being collected. “[…] without proof of these matters, a claim for damages cannot succeed,” reads the decision.
The keenly-anticipated ruling is likely to have far-reaching implications for how data privacy litigation cases are going to be handled in the UK in the future. Indeed, it may also have legal ramifications for many other companies that handle users’ personal data.
Additionally, a ruling against the tech giant might have opened the doors to other similar class-action-like lawsuits in the United Kingdom against companies who are seen as running afoul of data protection laws.
Expert commentary
ESET cybersecurity specialist Jake Moore acknowledged as much, saying: “Although this may have indeed opened the floodgates on millions of claims, it highlights the power behind these technology giants and once again the data engine behind these business models. The privacy debate places more onus on the user and we need to take more care with our personal information ourselves.”
According to Moore, people’s data is always at risk of being preyed upon since it is the internet’s currency or financial backbone. He went on to add that there are ways for netizens to control the flow of their data and protect it, for example by opting for more privacy-centric apps. However, they need to delve into the platforms’ privacy and security settings and not just trust blindly that the apps are ‘private by default’.
“Tracking is big business but there are tricks to reduce tracking available such as using VPNs, privacy-focused messaging services, and even the use of the dark web making us more anonymous. However, contextual advertising still persists and even though we may request limited tracking, it is impossible to completely evade all tracking online,” Moore concluded.