UK Supreme Court denies privacy class action against Google
November 15, 2021
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
UK Supreme Court Denies Privacy Class Action Against Google
The UK Supreme Court held that a class action lawsuit alleging unlawful data collection for ad targeting in 2011 and 2012 could not be served against Google on the basis that the lawsuit failed to allege sufficient proof of individual financial damage or distress or unlawful basis on an individual basis. The action alleged that Google collected iPhone user data for ad targeting without proper notice or consent in violation of the Data Protection Act (a predecessor to the UK GDPR). The lawsuit sought damages of £750 per person, or approximately £3 billion total.
WHY IT MATTERS
Although the lawsuit alleged violations of the UK Data Protection Act, which was replaced by the UK GDPR and is no longer in effect, the UK Supreme Court’s ruling may have general implications for class action lawsuits in the UK. Parliament has not enacted legislation providing for class actions, except in the field of competition law. However, the case against Google was brought based on a longstanding Civil Procedure Rule that allows a claim to be brought by representatives of others who have the same interest in the claim.
The UK Supreme Court held that, although this action could have been brought as a representative action, to establish whether Google was in breach of the DPA as a basis for pursuing individual claims, it could not be brought seeking a uniform sum of damages to be awarded to each class member because, in this case, the DPA requires that an individual suffer damage, and the court interpreted damage to mean material damage or mental distress, which would require proof of such damage and unlawful processing of personal data on an individual basis. That ruling was very specific to the DPA, however, which means that a different outcome may arise from class action claims under laws that don’t require proof of individual damage.
European Commission questions independence of Belgium DPA
The European Commission sent an opinion to Belgium for failing to ensure full independence of its Data Protection Authority in violation of the GDPR, citing that some members of the Belgian DPA either report to a management committee depending on the Belgium government, have taken part in governmental projects, or are members of the Belgium Information Security Committee. The GDPR requires that a Member’s DPA be free from any external influence or incompatible occupation. The Commission has given Belgium two months to take relevant action, after which it may decide to refer the case to the Court of Justice of the European Union.
WHY IT MATTERS
We learned earlier this month that the Belgian DPA will be soon issuing a draft ruling against IAB Europe in connection with its TCF Framework for the digital advertising industry. It’s unclear how or whether this development may impact the makeup or mentality of the Belgian DPA and resulting decision-making.
Israel Pushes Forward Privacy Amendments
Israel’s Ministerial Committee on Legislation approved a proposal to promote amendments to the country’s Privacy Protection Law. The amendments, among other things, expand the administrative enforcement of the Privacy Protection Authority, including the authority to impose financial sanctions.
WHY IT MATTERS
Israel’s Privacy Protection Law includes some similarities to the EU’s GDPR, including a requirement to obtain informed consent to collect personal data from data subjects. The existing law does allow for certain administrative fines, but the amendments would reportedly expand such authority, presumably giving covered businesses more incentive to adopt practices compliant with the law.
Companies Roll Out Ad Targeting Changes
Three industry developments were announced this week.
Meta (the parent company of Facebook) announced plans to remove “Detailed Targeting” options that relate to sensitive topics, starting January 19, 2022. This will prevent advertisers from targeting ads to a refined group of people based on causes, organizations or public figures that relate to health, race or ethnicity, political affiliation, religion or sexual orientation, a feature currently available through Facebook’s Detailed Targeting option.
You.com, a new “private” search engine, launched in public beta testing, promising no ad targeting, no data sales to advertisers, and a platform that puts “you in control”, giving the user an option between a personalized or private experience. The platform is currently ad free but says that it may have private ads in the future.
TransUnion and Audigent reportedly announced a partnership to offer a cookieless, addressable ad targeting solution based on Audigent’s consolidated publisher first-party data combined with TransUnion’s TruAudience data.
WHY IT MATTERS
As consumer and regulatory privacy demands heighten, we are seeing an increase in industry developments having a domino effect on one another, limiting or eliminating options, and creating new solutions in response to replace the old.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
TikTok faces latest class action over pixel trackingJune 5, 2023
A class action lawsuit was filed against TikTok in...
Google to require that publisher partners use Google-certified CMP for EEA/UKJune 2, 2023
Google announced that they will soon require their publisher...
FTC asserts that COPPA does not preempt state law claimsMay 31, 2023
Google argued in its appeal that all state-law claims...
Latest White Papers
Benchmark Report: US Privacy ComplianceAugust 19, 2022
The current state of publisher compliance with CCPA, and...
Ebook: A Publisher’s Guide to Vendor List CurationDecember 16, 2021
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.