The U.K. data protection watchdog, the ICO, has intervened in a court case brought against Google on privacy grounds by a group of U.K. Internet users because it is interested in how aspects of the case might help clarify questions around the jurisdiction of national data protection law vis-à-vis Internet giants, which are invariably based overseas.
The U.K. web users bringing the case, which has been ongoing since the start of 2013, allege that Google used cookies to track their browsing activity via Apple’s Safari browser in 2011 and 2012 against their wishes. The case follows an earlier class action law suit against Google in the U.S. which was thrown out because the judge said the plaintiffs could not prove they had suffered any harm.
However the FTC did slap Google with a penalty of $22.5 million for secretly bypassing Safari privacy settings in order to harvest intel to sell to advertisers.
Google’s legal strategy to fight the case in the U.K. has included attempting to have the complaint dismissed and moved to its own jurisdiction of California, claiming it processes information outside the U.K. and therefore that U.K. data protection law does not apply.
Earlier this year the U.K. High Court rejected that argument and permitted the case to be heard here. Google then went to the Court of Appeal to try to overturn the ruling — and it’s at this point the ICO has intervened by submitting written evidence to the court.
A spokesman for the ICO told TechCrunch it is interested in the case because it raises issues about the jurisdiction for serving civil claims on foreign companies. He said the specific question of interest here is: when Google is processing personal information in the U.K. at what point is it covered by U.K. law and when might that data processing be considered to be outside U.K. law.
The ICO has submitted written evidence to the High Court to provide clarification about what is classed as personal data, under the U.K.’s Data Protection Act, and on when personal data processing is taking place.
“The ICO’s intervention in this case is limited to assisting the court in interpreting the Data Protection Act, which this office is responsible for regulating. The key area we are intervening on is the definition of personal data,” the spokesman said in a statement.
The U.K. court case is interesting because it may have wider implications for online privacy, given that it is seeking to determine what personal information is being processed by Google and also what part of that processing is caught under U.K. law.
“There’s still this uncertainly, really both in the U.K. and outside the U.K., of when big online companies process personal information are caught by national law and when they’re caught by law — in this case — in America,” the spokesman noted.
Another issue the case is addressing is whether U.K. data subjects can claim compensation for non-material damage — so whether they can sue a company for a privacy infringement that has not resulted in personal financial loss. In other words, the same issue which brought down the lawsuit against Google in the U.S.
A website set up by privacy advocate Alexander Hanff to cover the progress of the U.K. case notes that the court must also take EU law into consideration, and points to EU case law examples being cited by the plaintiffs’ legal team that do not differentiate between material and non-material damage — and thus might support the suit being brought.
The case continues, with a ruling not likely until next year. If the class action succeeds Google could face many more such claims in the U.K.