When a group of claimants in the UK took on Google for invasion of privacy, they had little idea that the case would become a landmark in the fight to tame the internet giant's intrusion into our lives on the web.
On 27 March 2015, a group of claimants in the United Kingdom, including myself, won what is being called a “landmark victory” against Google Inc. It handles three billion searches a day globally, exercises a virtual monopoly and is valued at around £250 billion. It is also among the world’s biggest advertising agencies with revenue in 2013 of some £49 billion.
After fighting the claim for over two years, Google has been ordered to appear in court in the UK to answer the charges of invasion of privacy by the tracking and collation of browser generated information (BGI) via Apple’s Safari browser. In other words, “hacking” computer searches by getting behind the protections built into Safari on Apple devices – iPhone, iPad and Mac computers – in order to track the user’s browsing preferences. Google is thereby able to determine private information such as age, health issues, gender, sexual interests and preferences, and to sell this information to advertisers who can target the users. This is no different from what is commonly called “stalking”, only on a global scale.
But let’s begin at the beginning. In 2012, Simon Davies, one of the UK’s leading voices on the virtues of privacy, contacted me about the possibility of suing the internet search giant for the invasion of privacy. Three years later, after much to-ing and fro-ing in the British courts, what began as a speculative long-shot has taken wing in the legal imagination, becoming an important test case for the boundaries of privacy law in the UK and, by extension, the EU. This concerns not only the nature of privacy as understood in the context of Article 8 of the European Convention on Human Rights, but the definition of the term “damages’ in the context of the Data Protection Act (DPA) of 1988. For many in the legal profession, the chief significance of the case is in the possibility it opens up of suing non-resident companies and individuals in English courts on privacy-related grounds. This is a game changer and could set a precedent in UK law.
“You have a Mac, don’t you?” said Simon. “Yes, and an iPhone,” I replied. “Have you done much searching on Safari recently?” “More than usual as it happens. My car insurance, driving license and road tax were all up for renewal in November. And I’ve been shopping online, not something I usually do, but with grandchildren’s very specific Christmas demands only available there, I’ve been more active than usual in territory I don’t normally venture into.” All this in addition to my standard use of the internet in pursuit of facts, figures and data-checking familiar to any journalist or editor.
He went on to ask if I’d had been receiving an unusual amount of targeted advertising. Indeed I had! Given that Apple boasts of the superior security of its Safari browser, this was not only unusual, it was alarming. What had been going on? It seemed that Google had circumvented Safari’s default setting whereby cookies – small chunks of text with unique information such as the time of a user’s visit to a site – are accepted only if they come directly from the sites that users are browsing.
According to The Guardian, “Google wanted to use its DoubleClick and other ad systems to track where people go online, so that it can serve ‘relevant’ ads. It also wanted to be able to integrate its Google+ data into that information.” As the US-based Electronic Frontier Foundation (EFF) noted: “That had the side effect of completely undoing all of Safari’s protections against doubleclick.net.” It was, it added, “Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone.”
The thought of making a claim, any claim, against Google was laughable. This was several years before Edward Snowden’s revelations of the NSA and GCHQ snooping activities in June 2013 raised privacy issues to a new level and put them squarely on the public agenda. It also preceded Google’s subsequent settlement with the US Federal Trade Commission (FTC) for the same offence. But it coincided with the revelation of News International’s massive phone hacking of celebrities, politicians, the Royal Family and, above all, of the murdered schoolgirl Millie Dowler. It was this that excited the public imagination and raised the matter of privacy to a new level. Suddenly it mattered in a different way; more personal, more threatening to the ordinary person in the street. The Leveson Inquiry kept the issue on the front pages through much of 2011 and 2012.
What is at stake here? How should we understand privacy in the different contexts in which we live and interact online? What powers should consumers have over their data? How can the power of corporations and advertisers be reined in? We are urgently in need of new definitions and concepts; those that served us even a decade ago are no longer adequate given the exponential advance of digital technology. What does “territoriality” or “residence” mean when Google can stretch out its hand from California and rifle through our data as we sit at our computers thousands of miles away? How can “jurisdiction” be confined to a geographical entity in the age of cyber crime and the global reach of search engines and browsers? What do we mean by “privacy” online when people are giving it away freely, not to say promiscuously, on social networking sites such as Facebook, Instagram and YouTube? And finally, though the case was not brought with this in mind, can “damages” be limited to pecuniary loss alone as apparently determined by the DPA?
The case against Google is not only about holding Google to account, but about beginning to clarify and modernise rules and definitions. Most important, it is about creating the laws needed to hold Google et. al. to account. As Guy Aitchison wrote in Open Democracy: “We are to a great extent playing catch-up. The rapidity of technological change has vastly outpaced the development of our laws, institutions and regulatory systems, along with the articulation of the ethical categories and principles with which to understand and evaluate them.”
Or, as Tim Berners Lee, inventor of the World Wide Web, put it: we need an “online Magna Carta” to protect the web. His “Web We Want” campaign was launched on UN Human Rights Day last year and calls on “ordinary people” to take control of the web and challenge “those who seek to control [it] for their own purposes”. It is within that context that we decided to pursue the present case.
Read the full article in Eurozine here: