Landmark judgement in data privacy law

At the end of May, the Court of Appeal upheld last years ruling from the Vidal Hall v Google case that classified the misuse of personal information as a tort, allowing three individual claimants to continue their proceedings against Google.



Ms Vidal Hall and two other parties claimed that Google collected personal data without their knowledge or consent to sell on to advertising companies.

 Google, who appealed the ruling, are being accused of the misappropriation and the misuse of Internet users’ Browser-Generated Information (BGI) via Apple's Safari browser.  By using programmes that subverted the default settings of the browser, Google allegedly collected personal data using cookies; something that caused particular controversy as Apple promoted the sale of its devices on the basis that Safari’s default privacy settings prevented such tracking.

What does the ruling mean?

The ruling now means that if claimants can show they have suffered personal distress as a result of their private data being breached, they no longer need to show proof of financial loss as well.

This decision is bound to increase the risk that data controllers will find themselves facing "distress" claims from individuals in the aftermath of a breach of the 1998 Data Protection Act.

A further interesting ruling is that BGI may constitute personal data. The Court of Appeal did not decide the issue, but held that there was at least a “serious issue to be tried”.

It is a pivotal judgement in data privacy law that will have financial implications for international companies breaching data privacy laws. Michael Gardner of Wedlake Bell adds that it “will also be of interest to businesses that collect and use data from internet and App users via cookies, such as information about their browsing habits, sites visited, locations etc.”

Legally procured user data meanwhile, is increasingly sought after and key to a successful digital marketing strategy. A recent Econsultancy report based on a survey of 2,000 digital marketers and ecommerce professionals shows that data is viewed as the most important factor when trying to understand the customer journey, ranking higher than people, culture, processes and organisational structure. Turning customer data into insights and then effecting changes and improvements based on these insights is key in helping to drive your business strategy smartly.

 So how can you make sure you aren’t breaking any privacy laws?

 Consider the following tips to help ensure you are on the right side of the law:

  • Both the government and consumers are demanding transparency. 84% of UK consumers trust companies that are transparent about their online data practices and 75% would buy more from those companies. Develop a transparency strategy that informs the consumer about your online data practices in a meaningful way that is both comprehensive and clear.
  • Have a Privacy and Cookie statement on your site, explaining what types of personal information will be gathered when you visit the website and how this information will be used.
  • If you are processing personal information, register with the Information Commissioner’s Office (ICO) under the DPA.
  • Always obtain your customer’s consent before disclosing any information about them to third parties.
  • Invest in SSL certificates for your business.

In the face of this high demand for personal user information, data privacy remains a developing area of the law, and for now businesses looking to exploit data in the online sphere will need to tread carefully along a fine line that the government is still in the process of working out.

If you’d like help developing a successful digital marketing strategy for your business, please get in touch.