£3bn Google sueball over Safari Workaround bounces through UK Court of Appeal

Warning shot at big tech firms, says one-time Which? director

Google has lost its attempt to squash a High Court lawsuit that could see the firm stung for £3bn over its exploitation of a loophole in Apple's Safari browser.

The Court of Appeal, sitting at London's Royal Courts of Justice this morning (PDF), upheld former Which? director Richard Lloyd's attempt to start a not-quite-class-action sueball rolling in Google's direction.

"This case," said Sir Geoffrey Vos, chancellor of the High Court and also a Court of Appeal judge, "seeks to call Google to account for its allegedly wholesale and deliberate misuse of personal data without consent, undertaken with a view to commercial profit."

Back in 2018, the High Court threw out Lloyd's lawsuit because the £1.5-£3bn he is claiming on behalf of a representative "class" of people was more likely to go to lawyers and the venture capital fund backing Lloyd, rather than the people actually affected by the Safari Workaround devised by Google.

Mr Justice Warby, the first judge, noted that Google's alleged role "in the collection, collation, and use of data obtained via the Safari Workaround was wrongful, and a breach of duty." However, he dismissed the suit anyway, refusing Lloyd permission to start it in London instead of in an American court with jurisdiction over Google. In addition to that, he also said that Lloyd's "representative class" of people didn't all have the same legal interest in the case, something the Court of Appeal has now reversed.

"The represented class," ruled Sir Geoffrey, "are all victims of the same alleged wrong, and have all sustained the same loss, namely loss of control over their BGI [browser-generated information]." BGI is the personal data at the heart of the case, which will proceed to a full trial at some point next year.

During legal arguments at a Court of Appeal hearing earlier this year, Vos was rather sceptical of Google's case, as we reported at the time.

Lloyd, who heads up a campaign group called "Google You Owe Us", is effectively re-running an old legal case from the start of the decade. Called Vidal-Hall v Google, that case hinged on the so-called Safari Workaround.

Back in the mists of time (well, 2010-11), the Safari browser's maker, Apple, set it to block ad-tracking cookies by default. This displeased ad giant Google, for obvious reasons, which wanted to snuff out the default blocking so it could track Safari users and beam ads at them, thus earning money from advertisers.

Happily for Google (and unhappily for Apple fanatics) its techies found a way of bypassing the blocking: hence the Safari Workaround was born. That allowed Google to plant tracking cookies on iOS devices without the user's knowledge or consent. As we reported last year about a US judgment in Safari Workaround-related litigation, Google has since spent tens of hours' worth of profits to make people complaining about this shut up and go away.

Happy with that, says Lloyd

Speaking to The Register after judgment was handed down, Lloyd himself said the judgment was a "hugely important step" that "changed the law" and would let "large numbers of consumers have redress" for the apparent misuse of their personal data.

"Google tried to stop this happening in the English courts," he told us, adding that the judgment "fired a warning shot at big tech firms that they can't break the law; I'd expect more data controllers to be more careful."

The judges refused Google permission to appeal against today's judgment, but the ad tech firm has the option of asking the Supreme Court. ®

Similar topics

Other stories you might like

  • Google Pixel 6, 6 Pro Android 12 smartphone launch marred by shopping cart crashes

    Chocolate Factory talks up Tensor mobile SoC, Titan M2 security ... for those who can get them

    Google held a virtual event on Tuesday to introduce its latest Android phones, the Pixel 6 and 6 Pro, which are based on a Google-designed Tensor system-on-a-chip (SoC).

    "We're getting the most out of leading edge hardware and software, and AI," said Rick Osterloh, SVP of devices and services at Google. "The brains of our new Pixel lineup is Google Tensor, a mobile system on a chip that we designed specifically around our ambient computing vision and Google's work in AI."

    This latest Tensor SoC has dual Arm Cortex-X1 CPU cores running at 2.8GHz to handle application threads that need a lot of oomph, two Cortex-A76 cores at 2.25GHz for more modest workloads, and four 1.8GHz workhorse Cortex-A55 cores for lighter, less-energy-intensive tasks.

    Continue reading
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

    What was that about hackable tractors?

    The US CISA cybersecurity agency has warned that the Darkside ransomware gang, aka BlackMatter, has been targeting American food and agriculture businesses – and urges security pros to be on the lookout for indicators of compromise.

    Well known in Western infosec circles for causing the shutdown of the US Colonial Pipeline, Darkside's apparent rebranding as BlackMatter after promising to go away for good in the wake of the pipeline hack hasn't slowed their criminal extortion down at all.

    "Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory," said the agencies in an alert published on the CISA website.

    Continue reading
  • It's heeere: Node.js 17 is out – but not for production use, says dev team

    EcmaScript 6 modules will not stop growing use of Node, claims chair of Technical Steering Committee

    Node.js 17 is out, loaded with OpenSSL 3 and other new features, but it is not intended for use in production – and the promotion for Node.js 16 to an LTS release, expected soon, may be more important to most developers.

    The release cycle is based on six-monthly major versions, with only the even numbers becoming LTS (long term support) editions. The rule is that a new even-numbered release becomes LTS six months later. All releases get six months of support. This means that Node.js 17 is primarily for testing and experimentation, but also that Node.js 16 (released in April) is about to become LTS. New features in 16 included version 9.0 of the V8 JavaScript engine and prebuilt Apple silicon binaries.

    "We put together the LTS release process almost five years ago, it works quite well in that we're balancing [the fact] that some people want the latest, others prefer to have things be stable… when we go LTS," Red Hat's Michael Dawson, chair of the Node.js Technical Steering Committee, told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021