The case against Google - Court Documents
High Court of Justice - Queen's Bench Division. Claimants (redacted) vs Google Inc. - Claim Number: HQ13X03128
Olswang LLC recently sought permission from the High Court in the UK to serve their claim on Google Inc. in California. This is an important step in the process as under English civil procedure rules you can’t serve on a defendant outside of the jurisdiction without the permission of the court - which means the High Court has looked at the case and seems to deem it significant enough to grant permission to serve.
The paper work for the case has now entered the public domain so we will take this opportunity to look at the "general particulars of claim". It should be noted that none of the documents include any response from Google - to my knowledge, Google have yet to file a defense or respond to the claims - but then (as the attached paper work shows) they failed to respond to pre-litigation questions as well.
General Particulars of Claim
This document contains the general arguments and allegations against Google Inc. It provides the background on what happened, how it happened and why the lawyers think the law has been broken and specifically which sections/principles of specific laws.
Part 1 explains the period of time that the complaint relates to, which it defines as the "the Relevant Period" which is summer 2011 - spring 2012. It also explains who Google Inc. are and that they owned DoubleClick throughout the relevant period.
Part 2 explains why the claimants are bringing the claim, in that Google allegedly tracked and collated information on the claimants' Internet activities during the relevant period without the "knowledge or consent" of the claimants and contrary to a public statement by Google Inc. that "such activity could not be conducted in relation to Apple Safari users unless they had actively chosen to allow this to happen.". This is an important point as it is the basis of a claim for "aggravated damages" which we will come to later in the article. Part 2 ends explaining that Google Inc. then sold this data to advertisers - which means they profited from these activities.
Parts 3 and 4 go on to explain a little about what a browser is and how it works as well as what cookies are and what they are used for. But part 5 goes into detail about Apple's Safari browser and how it works, specifically how it blocks third party cookies by default and some exemptions to the blocking policy. This part is important because it illustrates how Google Inc. allegedly exploited flaws in Safari to bypass privacy settings which is discussed in detail later in the document.
Part 6 gives a background on DoubleClick - how much Google bought it for, how much of Google's revenues are produced through DoubleClick and how much revenue Google made in 2011. All important information in establishing how Google profited through bypassing the privacy settings of hundreds of millions of Apple Safari users around the world.
Part 7 goes deeper into how DoubleClick is able to track individual Internet users and gives a detailed description of how it works, what data it collects via the ubiquitous DoubleClick ID cookie. It further explains the type of inferences that can be made as a result of the ID Cookie collated data - again this is an important part of the document as it will be used to show that the collected data is the type of data covered by the Data Protection Act 1998.
Part 8 explains the facility offered by Google for users to Opt-Out of DoubleClick tracking and how the same facility is not available to Apple Safari users (because Apple Safari blocks third party cookies by default).
Parts 9 & 10 get into the meat of the claim with details of how Google manipulated a feature in Safari in order to place the DoubleClick ID Cookie on Apple devices and computers. It explains that Google used the "Form Submission Rule" exception within Safari (which allows users to click on Like buttons and similar interactions) to then trick the browser into thinking the user had visited the first party domain that the DoubleClick cookie is sent from allowing Google to set the ID Cookie and update it as a 3rd party cookie via other web sites. (Obviously web browsers don't think but for the lack of other simplistic language, I have used the work "thinking" to explain the technical deception allegedly used by Google Inc.). In 10.3, the lawyers claim that as a result of these technological deceptions, Google Inc.'s public statement "about the effect of the Safari default settings upon its ability to send the DoubleClick Cookie to Safari browsers, was false." Again, this is important because it establishes that Google Inc.'s statement should be seen as deceptive which as stated earlier adds weight to a claim for aggravated damages.
Part 11 clarifies that the claimants were using Safari with default settings during the relevant period and part 12 states that as a result were affected by Google Inc.'s alleged deception allowing them to collect personal and/or private information relating to the claimants.
Parts 13 and 14 talk about the misuse of the claimants private information given that the claimants had a "reasonable expectation of privacy" irrespective of whether or not the claimants had any knowledge of Safari's default settings; the exceptions in Safari which were manipulated by Google Inc.; or the statement by Google regarding Safari's third party cookie blocking feature as a means to block the DoubleClick ID Cookie.
Part 15 asserts that because Google was aware or should have been aware that the claimants' private information was confidential that Google Inc. "acted in breach of Claimant's confidence."
Parts 16 to 18 discuss at length how Google Inc.'s behaviour was in breach of various principles under the Data Protection Act 1998 those being Data Protection Principles 1, 2, 6 and 7 (see Information Commissioner's Office web site for a complete list and description of the 8 Data Protection Principles).
The rest of the document discusses damages under Section 13 of the Data Protection Act - which allows a claim for damages in the event that a claimant has suffered damage or distress and references the Claimant Specific Particulars of Claim for information on how each individual claimant suffered distress. It further goes on to explain how Google Inc. should have known that they were collecting private and personal data in breach of confidence due to the shear volume of data they had stored from Safari users - knowing full well (as illustrated by their public statement about Safari's third party cookie blocking policy) that the default settings in Safari prevented the collection of such data. The lawyers claim that the situation was further aggravated because despite knowledge that the data was being collected, Google Inc. made no effort to stop this collection until it was reported in the press many months after it started after the situation was exposed by an independent researcher.
The claim looks pretty damning for Google and refusing to answer pre-action correspondence doesn't bode well for them either. Whereas it is very unusual for damages to be awarded under the Data Protection Act for distress alone (normally damage needs to be illustrated along with distress) in this case, the High Court already clearly believes this is an important case otherwise they would not have granted permission for Google Inc. to be served in the first place due to jurisdictional issues. But when you add in all the other information, such as Google's allegedly deceptive public statement about how to opt out of DoubleClick in Safari; Google's alleged deliberate manipulation of the "Form Submission Rule" to circumvent the privacy settings in Safari; Google's profits from the data and the sensitivity of the data (personal, private and sensitive) - I think the case should be a good candidate for the Court to award such relief.
One thing is very clear, if they do, then this would open up the floodgates for many more claimants in the future as the number of Apple Safari users in the UK alone is potentially millions (iPhone Sales). It will be interesting to see what Google Inc. submit for their defense and as soon as it is available I will post in a future article.
Please note I haven't talked about the Claimant Specific Particulars of Claim document because it basically re-iterates the General Particulars of Claim, just in the context of each individual claimant.
If you would like to read the legal papers yourself, I have uploaded them to Scribd so you can read them online - please note this is a third party site and it uses tracking technologies for advertising.
If you would like to download the documents for reading offline without visiting Scribd you can download them directly from this site without any concerns of tracking using the following links: