At issue is Google's circumvention of Safari's cookie-blocking security feature, exposed by Stanford researcher Jonathan Mayer in February 2012. A group of UK Safari users, led by Judith Vidal-Hall, Robert Hann and Marc Bradshaw and represented by the law firm Olswang LLP, had claimed that Google had "misused their private information, and acted in breach of confidence."
Google was not specifically denying the accusation, but claimed that any action should not be heard in the UK, but rather in the US. It presented various arguments, including "the game would not be worth the candle" (which is used to dismiss cases where the cost of litigation would be out of all proportion to any award of damages). Other arguments claimed that browser-generated information is not private information because it is anonymous; and that the serving of advertisements is protected as freedom of expression under the Convention on Human Rights. One by one Tugendhat dismissed them all.
There are two primary reasons that this is a major ruling. The first is the moral issue, summarized in a statement by Big Brother Watch: "It’s absolutely right people are able to access justice in Britain when the issue concerns a company that has a significant presence here and offers services to millions of British people. This is an important case for privacy regulation, as it involved users making a specific choice about sharing data and being tracked that was not respected by Google."
But the second is a point of law, because this ruling effectively changes English law. In the past, a significant hurdle for privacy cases has been the difficulty in proving measurable harm. Without harm, there can be no damages – so, effectively, misuse of privacy provides no tort in English law ('tort' is a civil rather than criminal wrong that can be taken to court).
This has been changed by Tugendhat. In saying very clearly, "the tort of misuse of private information is a tort within the meaning of ground 3.1(9)" he has effectively created the first new tort in English law for 80 years. And the effect of this could be far-reaching.
Privacy expert Alexander Hanff explains: "with this new tort, the obstacles [in proving actual loss or harm] are far easier to overcome and we could see this judgment being used frequently in the future against not just Google but many of the other multinational tech giants that regularly make non-consensual use of their users' private information. This can only be seen as a significant blow for the online advertising industry which for so many years has operated on an implied consent basis angering privacy advocates, regulators and the public alike."
In attempting to make it difficult for the British claimants to pursue an action for misuse of privacy against Google, Google has potentially made it easier for any company to be sued on these grounds by Brits in Britain. "To call this an 'own goal' would be a monumental understatement," says Hanff.