If there truly is no such thing as ‘Bad Publicity’ then Google definitely have found a free marketing tool in the form of “Data Breaches”.
We are only a few weeks into 2013 and yet again Google are in the news for another alleged ‘privacy breach’. It would seem that a letter of claim has been sent to Google by Dan Tench a partner at law firm Olswang on behalf of Judith Vidal-Hall, a privacy campaigner and former editor of Index on Censorship.
Google are alleged to have snooped on millions of British internet users by bypassing security settings on their Apple devices, allowing the internet giant to track their browsing habits. Apple devices utilise the Safari browser which is designed to block “cookies” (cookies are small computer files that identify users to websites) to prevent Google and others from tracking a user’s behaviour online. Google appear to have disabled or ignored the safari’s cookie blocker without informing users and therefore had access to users browsing history.
The commencement of legal action in Britain in relation to this incident will not come as a surprise to Google who received a record fine in America of £14m in 2012 for circumventing the privacy setting on the Safari browser which may have allowed Google to track the movements of millions of Apple customers throughout America and Europe. While £14m is a substantial fine this should be considered in relation to Google’s 2012 reported profit of £6.8bn a mere 0.20% of profit!
So should Google be worried?
This latest privacy breach has the potential to cost Google millions of pounds, although it is perhaps likely that the majority of this will be spent in the legal system and not compensating individual users.
Whilst under the Data Protection Act 1998, any person is entitled to compensation payable by the data controller, this provision is only applicable where an individual has suffered damage due to unlawful processing activity. Where entitlement to compensation for damage is applicable additional compensation for distress may be claimed. However, compensation for distress without damage may only be claimed where contravention relates to the processing of data for ‘special purposes’ i.e. journalistic, artistic or literary purposes.
Therefore based on my understanding of the Data Protection Act I find it difficult to imagine what ‘damage’ would have or could occur as a result of Google’s actions. I do however agree that a level of distress and more to the point annoyance will have been caused to a number of individuals. Considering this it seems unlikely that compensation for this alone would be awarded.
The real damage here may have been done to Apple. Users of the Safari browser may now question the validity of its security policy and cookie blocker; but as the Data Protection Act covers us as individuals and not corporate entities it will be up to Apple to fight this one in the courts with Google directly – probably unlikely.
Perhaps the internet giants are now just too big? Regulators just do not have the budgets or resources to engage in long and protracted legal cases with them and to be honest even if they do take on the challenge and win, the maximum fine that the regulator (Information Commissioner’s Office) can levy is £500,000 (a mere 0.01% of Google profit!). Proposed new regulations may raise this to a much more meaningful 2% of Global Turnover – however that’s not the law yet.
So is there something businesses and individuals can learn from this?
As individuals we do have the right to report an organisation if we believe it is processing our data in breach of the various regulations. We can also seek legal redress through the courts. However whilst this might bring personal satisfaction it is unlikely to produce a pot of gold, as even the celebrity cases below have shown;
It’s now clear that the current laws are complex, don’t cover scenarios such as this adequately, don’t levy penalties onerous enough for mega-corporations such as Google to notice – and perhaps most importantly don’t really work from the perspective of the data subject. The proposed EU regulations are intended to fix this but the detail of how these will work is still in development. Until then my advice is simple, vote with your feet – actually keyboard . There are other service providers out there.