Home / News & Resources / Hayes Connor in the news / Supreme Court BLOCKS £3bn mass legal action against Google over claims it secretly tracked millions of iPhone users’ internet activity

Supreme Court BLOCKS £3bn mass legal action against Google over claims it secretly tracked millions of iPhone users’ internet activity

  • Posted on

The UK's highest court has today blocked a £3billion legal action against Google over allegations it secretly tracked millions of iPhone users's internet activity.

Former Which? director Richard Lloyd, who had been supported by the campaign group Google You Owe Us, tried and failed to bring a 'representative action' against the US-based tech giant on behalf of 4.4 million people in England and Wales.

He claimed Google 'illegally misused the data of millions of iPhone users', through the 'clandestine tracking and collation' of information about internet usage on iPhones' Safari browser, known as the 'Safari workaround'. Google's lawyers said there is no suggestion the so-called workaround resulted in any information being disclosed to third parties.

In 2018, the High Court in London ruled that Mr Lloyd could not serve the claim on Google outside the jurisdiction of England and Wales, but that decision was overturned by the Court of Appeal in October 2019 and taken all the way to the Supreme Court.

Mr Lloyd and Google You Owe Us hoped to win between £1billion and £3billion in compensation which could have forced the company to pay each British iPhone user £750.

However, this morning a panel of five Supreme Court justices unanimously allowed an appeal by Google against that decision. Legal experts believe the precedent will make it harder for people to sue tech companies for alleged misuse of smartphone internet data.

Giving the lead ruling, Lord Leggatt said Mr Lloyd's intention that affected i
Phone users could be awarded damages without having to prove financial loss or

The judge said: 'What gives the appearance of substance to the claim is the allegation that Google secretly tracked the internet activity of millions of Apple iPhone users for several months and used the data obtained for commercial purposes.

'But on analysis the claimant is seeking to recover damages without attempting to prove that this allegation is true in the case of any individual for whom damages are claimed.

'Without proof of some unlawful processing of an individual's personal data beyond the bare minimum required to bring them within the definition of the represented class, a claim on behalf of that individual has no prospect of meeting the threshold for an award of damages.'

A Google spokesperson said: 'This claim was related to events that took place a decade ago and that we addressed at the time. People want to know that they are safe and secure online, which is why for years we've focused on building products and infrastructure that respect and protect people's privacy.'

Legal expert Richard Forrest of Hayes Connor said: 'This feels like a missed opportunity to send a powerful message to the big tech companies that it's our data they are handling, not theirs.

'This case focussed on an issue which dates back to the first generations of iPhones in 2011 and 2012 so, in many ways, it was an historical issue but the wider point of how tech companies and all businesses use our data and what they do with it is even more important now than it was then.

'The amount of data we now share via the internet, apps and devices is significantly more than ten years ago and we see way too many examples of data being misused and breaches which compromise the security of customers' most private information.

'Google may have been successful today but it doesn't change the message to all businesses - customers have a right to know that their data isn't being used without their knowledge and is kept safe. Those companies that fall foul of that will rightly continue to be challenged in the courts.'

At a hearing in April, they argued that the landmark ruling could 'open the floodgates' to vast claims brought on behalf of millions of people against companies responsible for handling people's data.

Antony White QC told the Supreme Court that 'a number of substantial representative actions have been commenced seeking compensation for breach of data protection rights' since the Court of Appeal's 2019 judgment.

The barrister also said that 'the true purpose' of Mr Lloyd's proposed claim was 'to pursue a high-profile public campaign for 'accountability' against Google, rather than to obtain redress' for any data breaches.

Hugh Tomlinson QC, representing Mr Lloyd, said: 'The fundamental question in this case is whether the courts can provide access to justice and, potentially, a remedy in cases where a very large number of people are affected by breaches of their data protection rights.'

Mr Tomlinson added that the millions of proposed claimants would 'not have access to justice' if Mr Lloyd's claim was not allowed to go ahead.

He argued that 'the existing state of society, with the mass trade in personal data, requires the court to adapt its practice and course of proceedings to allow the victims of large-scale data breaches access to remedies'.

Mr Tomlinson said doing so would provide the proposed claimants represented by Mr Lloyd 'with access to justice and a remedy which would otherwise be entirely absent'.

Google You Owe Us and Mr Lloyd claim Google bypassed privacy settings on Apple iPhone handsets between August 2011 and February 2012 and used the data gathered to divide people into categories for advertisers.

They say 'browser-generated information' collected by Google included racial or ethnic origin, physical and mental heath, political affiliations or opinions, sexual interests and social class.

Almost a decade ago, Google was reportedly caught secretly placing an advertising tracking cookie on Safari web browsers despite assuring those users that they would be opted out of this tracking by default. The so-called workaround was discovered by Jonathan Mayer, then a graduate researcher at Stanford University.

At the time, Google said that the data collection was accidental and did not mean for the feature to bypass Safari's default security settings. The company settled with the US Federal Trade Commission over the breach, paying a civil penalty of $22.5million in August 2012.

The company also paid $17million to dozens of US states in admitting that it had collected this data for the purposes of advertising while informing users that it wouldn't, though doing so in a settlement which did not accept any liability.

Mr Lloyd brought his claim against Google in 2018 and applied for permission to serve the claim in the UK. Though the High Court initially refused the claim, the Court of Appeal upheld it and said that Mr Lloyd's 'opt-out' style class action was permissible as iPhone users during this period were all victims of wrongdoing and suffered the same loss.

Google appealed against this decision, escalating the case to the UK's Supreme Court.