Safari users in the UK can sue Google over alleged privacy violations

The ruling from an appeals court could lead to claims from millions of British users

The U.K. Court of Appeal won't block a privacy lawsuit that alleges Google tracked Safari users without authorization, so the three plaintiffs can continue their legal fight against the search company.

"These claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature, as specified in the confidential schedules, about and associated with the claimants' internet use, and the subsequent use of that information for about nine months," reads the decision, released Friday. "The case relates to the anxiety and distress this intrusion upon autonomy has caused."

In a news release, the plaintiffs' law firm Olswang LLP called it a landmark ruling.

The decision also potentially opens the door to litigation by millions of Britons who used Apple computers, iPhones, iPods and iPads during the relevant period in 2011 and 2012, said the Google Action Group, a not-for-profit company set up to manage the claims of consumers against Google.

The case against Google was filed in June 2013 by U.K. privacy activists and alleges that the search engine giant circumvented security settings in Apple's browser to plant cookies in order to covertly track their online movements and target them with advertising. All this happened without the users' consent and in violation of U.K. data protection law, they said.

In 2012, the U.S. Federal Trade Commission fined Google US$22.5 million to settle government charges that it violated privacy laws when it tracked Safari users. And in 2013, Google paid another $17 million to settle a U.S. court case over the same problem.

But the British privacy activists also wanted the company to be held accountable in the U.K for allegedly abusing people's privacy. Google has argued that it cannot be sued in the U.K. because the country's privacy laws don't apply to it. Instead, Google wants the case brought to California, where it's based.

The U.K. High Court ruled in January last year that U.K. citizens are allowed to sue Google as the case falls within the scope of the country's jurisdiction. Google appealed that ruling, leading to Friday's ruling from the Court of Appeal..

The appeals court also ruled that claimants may recover damages under the U.K. Data Protection Act, the law firm noted.

"This is a David and Goliath victory," said Judith Vidal-Hall, one of the claimants, in an emailed statement, adding that the Court of Appeal has ensured Google cannot use its vast resources to evade English justice.

Anyone who used Safari during the relevant period can now join the claim against Google, Olswang partner Dan Tench said in an emailed statement, adding that the law firm was looking forward to holding Google accountable.

In its ruling, the appeals court also addressed the issue of damages, saying that "compensatory damages may be relatively modest" as they tend to be in claims for misuse of private information and for breaches of the Data Protection Act of 1998, but that "the issues of principle are large."

Google did not immediately respond to a request for comment.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecurityCivil lawsuitslegalprivacy

More about AppleEUFederal Trade CommissionGoogleIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place