Some new developments this weekend in the case of 12 people in the UK who want to sue Google for secretly tracking their online activity by working around privacy settings in Apple’s Safari web browser. The UK courts released court documents related to the case, giving for the first time more details of the allegations; and Google has apparently finally issued its own response: it wants the complaint to be dismissed in the UK and moved to its own local jurisdiction in California. For all the advances of Android and Google in Europe, the case is liable to become one more publicity problem for the search giant, who has in the past accused of flouting consumer privacy and dodging local taxes, and is also the subject of an EU antitrust investigation over its search practices.
Those who have filed the suit have, unsurprisingly, balked at Google’s suggestion to try their UK case in the U.S.
“What are they suggesting- that they will force Apple users whose privacy was violated to pay to travel to California to take action when they offer a service in this country on a .co.uk site?” notes Judith Vidal-Hall, one of the claimants, in a statement issued today by Olswang, the law firm representing the 12 plaintiffs who collectively call themselves the Safari Users Against Google’s Secret Tracking.
Alexander Hanff, a privacy advocate, tells me that Google’s response “was not a statement of case and therefore cannot be made public.” However, Hanff has been documenting and publicising the case on a dedicated website (the intention, it seems, is to turn this into a potential class action suit, covering millions of people in the UK who use iPhone smartphones, iPad tablets and Mac computers). On that site, he’s published a statement on Google’s response from Olswang: “Google refused to accept service of the lawsuit in the UK, instead forcing the victims to serve on the company in California,” it reads. “The search giant has dismissed the Safari claims as not serious, saying that the browsing habits of internet users are not protected as personal information, even when they potentially concern their physical health or sexuality.”
The claim that the group wants to bring against Google is based on the outcome of a similar case from the U.S., where Google admitted to the use of secret tracking cookies on computers and mobile devices running Safari, which technically has a facility to block these tracing cookies. In 2012, Google ended up paying a $22.5 million fine in that case.
The UK plaintiffs, whose own claim covers between summer 2011 and spring 2012, may be looking to get financial retribution in this case — as you can see in one of the documents released, the amount of damages is still “unspecified” — but just as equally, they appear also to be looking for a wider change of Google’s practices.
“Our letter to the Information Commissioner conveyed our client’s position that fines won’t work and urged him to change Google’s behaviour through an enforcement notice or other alternative sanctions,” Dan Tench, a partner at Olswang, noted in the statement released today. “The response [from Google] was that they found our client’s position simplistic and difficult to implement. But a leading QC disagrees and has advised that the Information Commissioner does have stronger powers.” He adds, possibly with a little more threatening tone, that a stronger stance has been taken by regulators in France — the implication being that defendants may be willing to take this to European regulators if they get no dice in the UK. “We note that France’s regulator, CNIL, has been more robust, announcing a final ultimatum to Google to ensure quickly that its privacy policy complies with European law,” writes Tench. “Our regulator should listen to consumers and recognise that other sanctions are needed to get Google to behave.”
Hanff notes that although Google’s response is not public, should a hearing in the UK go ahead, “it will likely be public so journalists and interested parties would be able to attend.”
The documents in the case that have been published — those from the claimants — provide more detail about the case, including more information about the violation in question: it concerns a “DoubleClick ID Cookie” that was installed on Apple devices and computers. “Google used the ‘Form Submission Rule’ exception within Safari (which allows users to click on Like buttons and similar interactions) to then trick the browser into thinking the user had visited the first party domain that the DoubleClick cookie is sent from allowing Google to set the ID Cookie and update it as a 3rd party cookie via other web sites,” Hanff notes in his summary of it.
We have reached out to Google for more direct comment, as well as to Olswang, and will update this post as we learn more. In the meantime, we’re embedding the full set of documents below.