UK Google Lawsuit Raises Big Questions

UK Google Lawsuit Raises Big Questions

Privacy rights are a divisive issue. If you’re worried that big tech companies are taking too many liberties with our  personal information, then you might be very happy to see the lawsuit that’s gaining steam against Google in the UK—and if so, the British courts have your back. A Court of Appeal just decided that the lawsuit will go forward despite Google’s protests.

However, the issue at the heart of the lawsuit isn’t what you’d expect. No one spied on anyone, and no consumer information was sold to advertisers. In fact, Google’s offense looks a lot more like a technical workaround than a privacy breach. But this workaround could end up costing them tens of millions of pounds.

Functionality, or Privacy Violation?

Google stands accused of violating security settings on Safari, Apple’s web browser (both mobile and OS X versions). Supposedly, Google products like Gmail or Youtube would gather user data even if Safari’s privacy protections settings said not to. That sounds pretty bold, even for a giant tech corp.

But that’s not the whole story. Let’s say you have a Google account that you use on those sites. When you show up at Gmail.com, do you want to have to log in each and every time? Or do you want Google to recognize you, and take you straight to your account? Almost all users want the latter, so much so that if Gmail didn’t remember them, it would seem like a bug.

So the data Google needed—and that it’s accused of circumventing privacy protections to get—is the answer to a simple question: are you logged into a Google account? And should we be showing you that account right now?

Google says that is the only data it used from the secure browsers, that it was used only temporarily, and that it was completely anonymized. So Google couldn’t tell any personal information about the user and couldn’t use any of it for advertising—or any other purpose.

A Strange Case

Obviously, we don’t need to take Google at its word about what data it used or how. But the lack of stolen personal information isn’t the only unusual thing about this privacy case. Google says the case shouldn’t go to court at all.

That’s because the lawsuit is being brought under the UK’s Data Protection Act, which lays out guidelines for privacy lawsuits. One of the requirements of the law, Google says, is that privacy lawsuits must involve financial harm to consumers. There is no financial harm alleged in the suit against Google—consumers lost nothing from how Google handled their data.

That’s why Google has asked twice for the case to be dismissed, but it lost. The Court of Appeals decision was the final word, and the lawsuit will definitely go forward now. British consumers will get their day in court to try to win damages from Google.

Given that consumers lost nothing and the case doesn’t meet the Data Protection Act criterin, it seems strange that the court gave the green light.

Deeper Questions

Google has already paid big money to settle the same allegations in the US, and given the political climate in Europe it’s unlikely Google will win there either. European nations are hitting Google from every side over privacy fears (as I’ve covered before). The onslaught is fueled at least in part by outrage over America’s NSA surveillance, over which Google had no control.

As much as Europeans value their privacy, however, I find myself feeling a little baffled by the case. It leaves me wondering two things:

  1. If Safari’s privacy protection measures failed to protect user data, why isn’t Apple facing a lawsuit?
  2. Do UK judges really want to set a precedent of allowing lawsuits that don’t meet legal criteria, just to satisfy public outcry?

But the courts have already spoken, and I would expect Google to try to settle as soon as possible.