Privacy & Information Security Law Blog

On July 28, 2015, the UK Supreme Court announced its decision to grant permission in part for Google Inc. (“Google”) to appeal the England and Wales Court of Appeal’s decision in Google Inc. v Vidal-Hall and Others.

As we reported previously, the claimants in this case were users of Apple’s Safari browser who argued that during certain months in 2011 and 2012, Google collected information about their browsing habits via cookies placed on their devices without their consent and in breach of Google’s privacy policy. The Court of Appeal ruled on two important issues.

The first issue was whether or not there was a tort of “misuse of private information” under English law. The Court of Appeal upheld the lower court’s decision and affirmed that there is such a tort under English law, but that this is not a new cause of action. Rather, the Court of Appeal stated that its approach “simply gives the correct legal label to one that already exists.”

The second issue was whether damages under Section 13(2) of the Data Protection Act 1998 (the “Act”) can be awarded in circumstances in which the claimant has not suffered any financial harm. The claimants argued that they had suffered anxiety and distress, but did not allege that they suffered financial harm. The Court of Appeal held that, on a literal interpretation, Section 13(2) of the Act does not permit any damages in the absence of financial harm, but noted that it does not appear to be compatible with EU Data Protection Directive 95/46/EC (the “Directive”). The Directive permits claims for damages without financial harm. Building on the evolution of English case law in this area over the last decade, the Court of Appeal held that the claimants could recover damages from Google without showing financial harm, regardless of language to the contrary in Section 13(2) of the Act.

Subsequently, Google applied for permission to appeal to the Supreme Court on the following grounds:

• whether the Court of Appeal was right to hold the claimant’s claims for misuse of private information are tort claims for the purposes of the rules relating to service of the proceedings out of the jurisdiction;
• whether the Court of Appeal was right to hold that Section 13(2) of the Act was incompatible with Article 23 of the Directive; and
• whether the Court of Appeal was right to decline the application of Section 13(2) of the Act on the grounds that it conflicts with the rights guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights.

The Supreme Court refused permission to appeal on the first ground on the basis that it does not raise an arguable point of law, but granted permission to appeal on all other grounds. It is anticipated that the Supreme Court will hear the appeal during 2016.