Landmark UK Decision Recognises Misuse Of Private Information As A Tort

Last month, the English Court of Appeal released a landmark judgment in which they concluded that misuse of private information should be recognised as a separate tort.  The case involves a number of English claimants who claim that Google circumvented their privacy settings in Apple’s Safari browser to collect information through cookies between 2011 and 2012.  Google used this information as part of its offering to advertisers, which would allow them to target particular advertisements to the claimants depending on their interests.  This was also contrary to Google’s publicly stated position that they could not track Safari users unless they opted in.  The claimants are arguing that this is a misuse of personal information that breaches the Data Protection Act 1998 (UK). (Google has already been subject to penalties by the US Federal Trade Commission for this incident.)

Legal Issues

In order to serve their claim on Google, whose place of business is outside the jurisdiction of the UK courts, the plaintiffs had to first seek approval through the court.  They needed to establish:

• That there was a serious issue to be tried on the merits;
• There was a good arguable case that their claims came within one of the jurisdictional ‘gateways’;
• That England was clearly or distinctly the appropriate forum for the trial; and
• That overall the court should exercise its discretion to permit service.

The claimants were initially successful in a decision handed down last year, but Google appealed.

Tort or Not A Tort?

One of the critical issues was whether the misuse of private information was a tort (which would be a jurisdictional ‘gateway’) or part of a broader “breach of confidence” claim (which would not satisfy the necessary criteria).   The Court of Appeal noted that these issues are developing and changing rapidly, and that there has been confusion over the proper classification of various privacy issues.  However, the Court dismissed Google’s argument that they should be bound by remarks in Douglas v Hello! Ltd (No 3) [2005] EWCA Civ 595, which suggested that claims based on misuse of private information had been “shoehorned” into the law of confidence.  The Court dismissed the remarks as obiter dicta, and then concluded [at 51]:

Damages Without Pecuniary Loss

The Court also had to consider several other issues, including whether the claimants could apply for compensatory damages without demonstrating pecuniary loss.  The Court found that while the Data Protection Act 1998 seemed to prohibit recovery of damages in these conditions, this was incompatible with various pieces of European Union legislation, including the EU Charter of Fundamental Rights, as well as going against the spirit of the Act overall.

Pauline Walley, writing in the Irish Times, said that:

Google’s appeal was dismissed, with the Court finding the claims raised serious issues which merited a trial.

In Australia

The Human Rights Law Centre noted last year, after the initial case, that while:

Last year, Attorney-General George Brandis explicitly ruled out supporting the creation of a tort of privacy, after the Australian Law Reform Commission released a report recommending one be introduced by statute.  For more information on the report, see TimeBase’s previous article.

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.

Google Inc v Vidal-Hall & Ors [2015] EWCA Civ 311 (27 March 2015)

UK court decision boosts online data protection (Pauline Walley, The Irish Times, 27/04/2015)

UK High Court allows proceedings against Google for privacy breaches (Miranda Webster, Human Rights Law Centre, 14/01/2014)