A group led by Richard Lloyd, the executive director of consumer body Which?, claims the internet giant unlawfully collected personal information by bypassing the default settings on the iPhone and tracking online behavior of people using the Safari browser between June 2011 and February 2012.
Google then allegedly used the illicitly gathered data in its DoubleClick advertising business, which enables advertisers to target content according to a user’s browsing habits. Such action is a “violation of trust” Lloyd said. He added that the lawsuit is unprecedented and represents “one of the biggest fights of my life.” At this point the lawsuit only applies to data gathered from iPhones. If the case goes against Google it could change the way we use the internet as ad – funded websites will no longer be viable.
The lawsuit, filed in London’s High Court, alleged Google’s hack, known as the ‘Safari Workaround,’ breached UK data protection laws by taking personal information without permission.
“I believe what Google did was simply against the law. Their actions have affected millions, and we’ll be asking the courts to remedy this major breach of trust,” Lloyd told the Guardian. “In all my years speaking up for consumers, I’ve rarely seen such as massive abuse of trust where so many people have no way to seek redress on their own.”
Lloyd, who has set up the group Google You Owe Us, added: “Google owes all of those affected fairness, trust and money. By joining together, we can show Google that they can’t get away with taking our data without our consent, and that no matter how large and powerful they are, nobody is above the law.”
The idea that internet companies are not above the law will surprise Google executives whose actions show they believe Google can choose which laws it obeys, and send shockwaves through the Silicon Valley tech giants, whose profits have been swelled enormously by their being allowed to play fast and loose with privacy and consumer protection laws.
Roughly 5.4 million people in Britain had an iPhone between June 2011 and February 2012 and could be eligible for compensation, according to the claim. Although the size of any payout would be determined by the court, Lloyd said he expected each claimant would receive several hundred pounds.
Lloyd has secured £15.5 million in backing from Therium, a company that funds litigation and has previously backed group claims such as the consumer action against Volkswagen in the scandal over diesel emissions.
A Google spokesperson said: “This is not new. We have defended similar cases before. We don’t believe it has any merit and we will contest it.”
He may well be wrong about that. While Microsoft have always taken a ‘caveat emptor’ approach to security flaws in its producs, Apple guards its intellectual propoerty far more assiduously, and this breach was only achieved with a deliberate hack.
The case is the first time such a collective action – in which one person represents a group with a shared grievance, akin to a US-style class action – has been brought in Britain against a leading tech company over alleged misuse of data.
Google has already paid millions of dollars to US states and the US Federal Trade Commission over the Safari security bypass, which also suggests the smug spokesperson quoted above is on very dodgy ground.