Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Google Responds to British Lawsuit: UK Privacy Laws Don’t Apply

Google Responds to British Lawsuit: UK Privacy Laws Don’t Apply
Google Responds to British Lawsuit: UK Privacy Laws Don’t Apply

Lawyers acting for the claimants – Olswang LLC – issued a statement saying that “Google has told British consumers taking legal action against it for privacy breaches that it does not have to answer to the English courts and that UK privacy laws don’t apply.”

Google has refused to accept service of the lawsuit in the UK. If the High Court accepts its argument, Olswang will need to continue action in California, and the individual claimants will be forced to travel to California to testify. One of these claimants, Judith Vidal-Hall, commented, “Google’s position on the law is the same as its position on tax: they will only play or pay on their home turf. What are they suggesting – that they will force Apple users whose privacy was violated to pay to travel to California to take action when they offer a service in this country on a .co.uk site? This matches their attitude to consumer privacy. They don’t respect it and they don’t consider themselves to be answerable to our laws on it.”

Alexander Hanff, a UK-based privacy activist who has been monitoring the lawsuit on the Google Lawsuit website, is unhappy but unsurprised at Google’s response. He had warned Olswang of this possibility just a few days ago: "If they file a defence on jurisdictional grounds (as in the UK High Court has no jurisdiction in California) how do Olswang plan to deal with that?” 

Olswang admitted that it was a possibility, but that “we would resist that and there would be a hearing in which that would be decided.” The difficulty is that Olswang filed against Google Inc rather than Google UK. Hanff hopes that “given the Court already granted permission for the complaint to be served to Google Inc. in California, that they will follow through and reject Google's defence.”

He also suggests that there are grounds for doing so. In 2009 Facebook initially resisted a Canadian claim against it on similar jurisdictional grounds, but later complied. More specifically, however, Hanff describes a January 2013 meeting (which he attended) in Brussels. “Julie Brill, a Commissioner at the Federal Trade Commission,” he says, “accepted that EU laws and EU countries do have extraterritorial jurisdiction with regards to enforcement of their laws. She explained that it would be ridiculous to suggest otherwise given that the US assume and have exercised those same extraterritorial powers in the enforcement of the SAFEWEB Act and furthermore that it would be hypocritical to deny European laws the same reach.”

Marc Bradshaw, another of the claimants, commented, “If consumers can’t bring a civil claim against a company in a country where it operates, the only way of ensuring it behaves is by having a robust regulator.” He wrote to the UK’s Information Commissioner asking him to impose “effective sanctions to rein in Google” and to ensure it complies with the law. “The response,” notes Dan Tench, a partner at Olswang, “was that they [the ICO] found our client’s position simplistic and difficult to implement. But a leading QC disagrees and has advised that the Information Commissioner does have stronger powers.”

Details of the lawsuit can now be got from the Google Lawsuit website. Hanff explains that “Parts 9 & 10 get into the meat of the claim with details of how Google manipulated a feature in Safari in order to place the DoubleClick ID Cookie on Apple devices and computers. It explains that Google used the ‘Form Submission Rule’ exception within Safari (which allows users to click on Like buttons and similar interactions) to then trick the browser into thinking the user had visited the first party domain that the DoubleClick cookie is sent from allowing Google to set the ID Cookie and update it as a 3rd party cookie via other web sites.”

The news of Google’s refusal to accept service in the UK, and the public availability of the British claim against it, comes within days of the US Consumer Watchdog revealing that Google believes the third party doctrine (that email users have no expectation of privacy) applies in the US.

What’s Hot on Infosecurity Magazine?