The lawsuit’s claimants alleged that Google illegally gathered the personal data of over 4 million iPhone users in the U.K. between 2011 and 2012 by bypassing the default privacy settings on Apple’s smartphones which allowed it to track the online behavior of users browsing in Safari.
Veteran consumer rights campaigner Richard Lloyd, who led the collective 20,000-strong lawsuit, had claimed that Google’s “Safari Workaround” breached the U.K. Data Protection Act by taking personal information without permission, and wanted the tech giant to pay out several hundred dollars in damages to each person affected. As a ballpark figure, a claim by 5.4 million people for £500 each would result in a £2.7 billion ($3.63 billion) payout for Google.
When the case was first brought in November 2017, it was the first time a collective action has been brought in the U.K. against a leading tech company over alleged misuse of data. “Collective action” is where one person represents a group with a shared grievance, similar to a class action lawsuit in the U.S.
However, Google said it was “not new” and vowed to defend itself, having defended similar cases before. “We don’t believe it has any merit and we will contest it,” said the tech giant at the time. On Monday, the court ruled in Google’s favor.
“Today’s judgment is extremely disappointing and effectively leaves millions of people without any practical way to seek redress and compensation when their personal data has been misused,” Lloyd said in a statement.
“Google’s business model is based on using personal data to target adverts to consumers and they must ask permission before using this data. The court accepted that people did not give permission in this case yet slammed the door shut on holding Google to account.”
A similar case occurred in the U.S. in 2012, when Google and several other advertising agencies were discovered to be circumventing privacy protections in Safari for iOS in order to track users through ads on numerous popular websites.
At the time, Safari blocked several types of tracking, but made an exception for websites where a person interacted in some way — by filling out a form, for example. Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google, and thus Safari let Google install a cookie on the user’s phone.
Google halted the practice once it was reported by the Wall Street Journal, but argued that the tracking was unintentional and did not harm consumers. However, that didn’t wash with the U.S. Federal Trade Commission, and the company was forced to pay a record $22.5 million fine over its use of the tactic.