The tort of misuse of private information - another English export19 February 2014 | Public & Product Liability
The claimants allege that Google acted in breach of confidence, misused private information and breached the UK Data Protection Act 1998 (DPA) by gathering information about their internet usage on Apple Safari browsers without the users knowledge or consent for the purpose of targeting advertisements.
In order to establish that the UK has jurisdiction to hear the matter, the claimants were required to show that the act of tracking and collating information was being performed in the UK, and that there was a claim in tort where the damage was sustained within the UK. The English High Court so considered whether a breach of confidence, misuse of private information and breach of the DPA amounted to a claim in tort.
The High Court, in line with recent English authorities, recognised the emergence of the tort of misuse of information, and that the claim did indeed amount to a claim in tort. The court accepted that the dispute was one to be decided in England. The judgment does not go on to consider the elements of the tort nor does it clarify whether or not it is actionable per se, that is without having to establish damage suffered as a result of the misuse of private information.
Google attempted to argue that the information was not in fact private because it was anonymous, being kept separately to information from which an individual could be identified. The High Court described this submission as “surprising” given that the information would not be gathered unless it was of value and could be used to target advertising toward its users. Google has since ceased tracking Safari users but has indicated it will appeal the High Court’s decision.
In the past, Google has faced US regulatory sanctions for the same practice of collecting information from Safari users and has been fined $22.5 million by the US Federal Trade Commission for misrepresenting to Safari users that it would not track their usage in order to direct targeted advertising to them.
For those in the UK and its colonies, this latest case has potential significant ramifications. Will the UK courts apply the common law in a way so as to protect internet users from covert surveillance by large organisations? This case will no doubt raise issues regarding the extent to which “big data” is collected and used.
The High Court put a dampener on the possibility of class actions against Google for misuse of private information when it observed that not all information that can be deduced or obtained based on a person’s internet usage will be private information. For example, if a lawyer’s screen displayed advertisements from which it could be inferred that he or she was a lawyer, then that would not disclose information that was private even though it might be personal. Only complaints regarding particular information about particular individuals displayed on particular occasions will be such as to give rise to a duty not to misuse such information.
There is no common law right to privacy in Australia. However, Australian courts do recognise an action for breach of confidence which was the starting point for the development of the tort of misuse of information in the UK. Given the global reach of Google and other organisations monitoring internet usage, it would seem to be only a matter of time before Australian courts will be asked to consider whether individual users are entitled to privacy online.