Blow to Google and online retailers’ use of personal data
In the recent decision of Google Inc. v Judith Vidal-Hall and others  EWCA Civ 311, the High Court has found in favour of 3 UK individuals in respect of their claim against US-based Google Inc.
The decision involves a claim that Google exploited Apple Safari’s web browser security settings to install cookies in order to track Safari’s online user behaviour without their consent.
The blow to Google could have huge consequences as the Court potentially paves the way for claims for mere distress in addition to the usual pecuniary damages available for such Data Protection Act 1998 claims. Such subjective claims could cause huge headaches for data controllers everywhere as “distressed” online users (who haven’t otherwise suffered a financial loss) are suddenly able to claim compensation.
The decision also raises the question as to whether behavioural data collected by third party cookies is “personal” data, even when it fails to directly identify an individual. Online retailers will need to be careful with any personal data that they come into contact with as the digital landscape slowly changes.
By way of procedural background, the proceedings arose because of the need to serve Proceedings out of the jurisdiction on Google in the US and there is yet to be full trial, which will now take place in England, unless Google can successfully appeal the decision.