Google Respond to UK Lawsuit.

I have just received a press release from the Olswang team running the lawsuit against Google Inc.

The interesting thing about the response is just two days ago I predicted it to one of Olswang's Senior Associates via email where I asked:

"If they file a defence on jurisdictional grounds (as in the UK High Court has no jurisdiction in California) how do Olswang plan to deal with that? This is the defence they issued against my claim over the change to their privacy policy – they stated that my claim against Google UK was against the wrong party and the case should be filed against Google Inc. in the California courts."

And the response from Olswang was as follows:

"If they filed a defence on jurisdictional grounds then, if our claimant clients instructed us to, we would resist that and there would be a hearing in which that would be decided. We have filed against Google Inc (not Google UK) so they might say that the UK is not the appropriate forum and our claimants should go to California."

Now according to the press release, that is exactly what Google have done. I argued just over a year ago that Google should be forced to answer to the courts in the jurisdiction where a complaint is filed especially if they have an office there and that it is a mockery of our judicial system if they are permitted to evade judicial process by hiding behind a parent company in California.

So what does this mean for the case? Well as Olswang explained to me via email they will now seek a hearing to discuss the jurisdictional issues and the outcome of that hearing will determine whether or not the case moves forward.

UK citizens are not the first to be told by global tech giants that they cannot sue them in their own jurisdiction. The same issue was the main subject of a recent academic paper written by Christopher Parsons et al at the University of Victoria in Canada [ Link ] where a number of cases have been brought by Canadian authorities against social network companies in the US:

"In one wide-reaching decision in 2009, the OPC announced that Facebook had violated various provisions of PIPEDA (Privacy Commissioner of Canada, 2009b). Facebook initially resisted the question of jurisdiction - and, at the time, lacked physical offices in Canada - but finally cooperated (without prejudice) in the investigation and made changes as a result of the OPC’s investigation report and subsequent audits. Since 2009 the company has opened Canadian offices and, in 2011, the OPC opened another investigation addressing online tracking linked to “Like buttons” and “social plug-ins.” However, the precedent established in the first investigation suggests that a company’s physical presence is not necessarily a determining factor in establishing whether the Commissioner has jurisdiction."

And also in the case of Google Buzz:

"Working with foreign regulators, the OPC has successfully enforced Canadian privacy law on other American companies. In 2010 the Commissioner partnered with the Federal Trade Commission to investigate Google’s ‘Buzz’ product"

Furthermore, in January 2013 in Brussels at an event I attended along with many other privacy experts, Julie Brill, a Commissioner at the Federal Trade Commission accepted that EU laws and EU countries do have extraterritorial jurisdiction with regards to enforcement of their laws. She explained that it would be ridiculous to suggest otherwise given that the US assume and have exercised those same extraterritorial powers in the enforcement of the SAFEWEB Act and furthermore that it would be hypocritical to deny European laws the same reach. She even stated that the Federal Trade Commission were open to begin discussions with the relevant authority in Europe to introduce a policy of mutual enforcement actions - that is to say the FTC filing enforcement actions against US companies for breaching EU laws and vice versa. So clearly the FTC (the same regulator that fined Google $22.5 million for the Safari issue in the United States) agree that UK Courts already have the extraterritorial jurisdiction they need to bring this case.

So with all that said, we will have to see how the hearing goes and whether or not the High Court accept these arguments and allow the case to go forward - I would hope that given the Court already granted permission for the complaint to be served to Google Inc. in California, that they will follow through and reject Google's defence.

Below if the full press release:

"Google’s answer to British lawsuit: Your privacy laws don’t touch us"

"Google has told British consumers taking legal action against it for privacy breaches that it does not have to answer to the English courts and that UK privacy laws don’t apply. Legal documents filed by the company in response to a claim by three people backed by the campaign group, Safari Users Against Google’s Secret Tracking, show that Google will contest the right of Safari users in the UK to bring a case in the country they live in and where they use Google’s service.

The search giant has dismissed the Safari claims as not serious, saying that the browsing habits of internet users are not protected as personal information, even when they potentially concern their physical health or sexuality.

Judith Vidal-Hall, one of the claimants, is appalled by this:

“Google’s position on the law is the same as its position on tax: they will only play or pay on their home turf. What are they suggesting- that they will force Apple users whose privacy was violated to pay to travel to California to take action when they offer a service in this country on a site? This matches their attitude to consumer privacy. They don’t respect it and they don’t consider themselves to be answerable to our laws on it.”

Google refused to accept service of the lawsuit in the UK, instead forcing the victims to serve on the company in California. Their claim is based on Google’s admission that tracking cookies were installed on the computers and mobile devices of people using Apple’s Safari internet browser even when they had expressly chosen to block them. These cookies allowed Google to secretly track the browsing activities of millions of Safari users, without their knowledge, and to collate and use that data.

The practice was only stopped when a law student and security researcher noticed Google’s activity and published an exposé in the United States. Google paid a record $22.5million settlement to the US Federal Trade Commission to settle charges.

Marc Bradshaw, another claimant, believes this latest development is just another ruse by Google to avoid responsibility for its actions:

“It seems to us absurd to suggest that consumers can’t bring a claim against a company which is operating in the UK and is even constructing a $1 billion headquarters in London. If consumers can’t bring a civil claim against a company in a country where it operates, the only way of ensuring it behaves is by having a robust regulator. But the UK regulator, the Information Commissioner's Office, has said to me that all it can do is fine Google if it breaks the law, but Google clearly doesn’t think that it is bound by that law. Fines would be useless – even if Google agreed to pay them - because Google earns more than the maximum fine in less than two hours. With no restraint Google is free to continue to invade our privacy whether we like it or not.”

Mr Bradshaw wrote to the Information Commissioner asking him to impose “effective sanctions to rein in Google” and to ensure it complies with the law. The internet giant is pooling data from all of its products giving it a comprehensive record of each internet user’s preferences.

Dan Tench, a partner at Olswang, the law firm acting for the claimants, said:

“Our letter to the Information Commissioner conveyed our client’s position that fines won’t work and urged him to change Google’s behaviour through an enforcement notice or other alternative sanctions. The response was that they found our client’s position simplistic and difficult to implement. But a leading QC disagrees and has advised that the Information Commissioner does have stronger powers. We note that France’s regulator, CNIL, has been more robust, announcing a final ultimatum to Google to ensure quickly that its privacy policy complies with European law. Our regulator should listen to consumers and recognise that other sanctions are needed to get Google to behave.”

In the letter to the Commissioner, Mr Bradshaw proposed a number of alternative sanctions. These include ordering:

 Plain English warnings on Google's search home page explaining how and why data is collected and tracked;
 Reversing Google's merger of all data across its services or, if that isn't possible, deleting all illegally merged data, with deletion independently verified; and
 A prominent apology to be placed on the Google search home page.

Marc Bradshaw continues:

“Google is one of the largest companies in the world with huge financial resources and access to the most expensive lawyers around the world. Regulators must rise to this challenge and rein in Google. If they fail, every internet user in this country will suffer and the right to online privacy could be lost forever.”