Blog
Why does software ownership matter? Six key legal takeaways for tech businesses
Christopher Perrin
The Supreme Court has recently granted Google permission to appeal the Court of Appeal’s decision in Lloyd v Google [2019] EWCA Civ 1599. In summary, Google are appealing the Court of Appeal’s unanimous decision granting Mr Lloyd permission to serve his representative action on Google outside of the jurisdiction.
The Supreme Court hearing is yet to be listed, and may not take place until 2021, however, in the meantime, we take a look back at the history of this landmark action that has significant implications for data protection law and practice.
High Court
In Lloyd v Google [2018], the High Court refused to permit a class action for compensation against Google. Mr Lloyd alleged that between 2011 and 2012 Google had used its ““DoubleClick cookie” technology to secretly track the internet activity of Apple iPhone users and then collated, used and sold the data, all in breach of the Data Protection Act 1998 (“DPA”). This method is known as the “Safari Workaround”.
The claim was brought in a representative capacity on behalf of all other individuals who had used devices which meant they were subjected to the Safari Workaround without their knowledge and consent. It was also claimed that the (as yet unidentified) class had all suffered the same damage. The claim brought by Mr Lloyd, who is relying on an “opt-out” style of class action, is considered to be on behalf of an estimated 4.4 million iPhone users. Whilst there was no dispute it was arguable that Google’s alleged role was wrongful, and a breach of duty, the claim is unique in that Mr Lloyd does not allege any financial loss or distress, but an infringement of data protection rights leading to the loss of control of personal data. A successful action could widen the scope of data protection claims to include awards of compensation where there is no proof of distress or material damage, but evidence of a loss of control over personal data.
The High Court dismissed Mr Lloyd’s application for permission to serve Google outside of the jurisdiction on the grounds that Mr Lloyd (and other members of the class) had not suffered material damage or distress.
Court of Appeal
Mr Lloyd appealed to the Court of Appeal, which overturned the High Court’s decision and held that the claim could proceed on the basis that all individuals within the representative action will have suffered the same deprivation of their rights flowing from the loss of control over their personal data. Mr Lloyd was subsequently granted permission by the Court of Appeal to serve Google outside the jurisdiction.
Supreme Court
The Supreme Court has now granted permission to Google to appeal the Court of Appeal’s decision. The appeal will relate to all issues previously addressed by the Court of Appeal, and specifically:
- Whether a non-trivial breach of the DPA which does not cause any material damage or distress can amount to an award of compensation deriving from the loss of control of personal data experienced by the members of the representative action;
- Whether under CPR 19.6(1), also known as the “same interest” requirement, it must be possible to identify the members of a class, when pursuing a representative class action; and
- Whether the Court of Appeal erred in their interference with the High Court judge’s discretion in his ruling which denied permission for the claim to brought as a representative action under CPR 19.6.
This case is an important indication on the limits of bringing a class action for data breaches following the inception of the General Data Protection Regulations (“GDPR”). When the GDPR came into force on 25 May 2018, many thought that it would pave the way for a surge in class actions. This is because the regulations made it easier for individuals to bring claims for compensation against data controllers and processors. Whilst this hypothesis is due to be tested by the Supreme Court, the decision is is unlikely to restrict access to justice for those claimants who properly meet the requirements of a class action.
You may also be interested in:
We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
You may also be interested in:
Blog
Enhancing Public Accountability: Key Elements of the Public Office (Accountability) Bill 2025
Kirsty Cook
Blog
HMRC Covid scheme amnesty: action by 31 December 2025
Waqar Shah
Share insightLinkedIn X Facebook Email to a friend Print