UK users of Apple’s Safari browser have been given the green light to sue Google in the UK for bypassing privacy settings in the browser to track online behaviour.
Google has tried to block the legal action, arguing that there is “no jurisdiction” for the case to be heard in the UK because its consumer services are provided by its US division, not Google UK.
But in a landmark ruling, the UK Court of Appeals has upheld a January 2014 High Court ruling that the UK is an "appropriate" jurisdiction and the case can proceed.
In making its appeal against the High Court ruling, Google’s lawyers claimed the judge had failed to apply legal authority on issues of law that were significant in the privacy area.
But the Appeal Court found that planned legal action against Google raises serious issues which merit a trial because they relate to allegations of secret and blanket tracking and collation of private information.
Analysts say the ruling could set an important precedent for other US internet firms with UK customers.
Google has issued a statement saying that the company is “disappointed” at the decisions and is considering its options.
In 2012, the US Federal Trade Commission (FTC) found Google was exploiting a Safari loophole that enabled it to install monitoring-enabling cookies on web users’ machines.
In August 2012, the FTC fined Google $22.5m for monitoring US Safari browser users, even though they had a "do not track" privacy setting selected.
Read more about data privacy
- The European Court of Justice has begun considering a case brought by privacy campaigner Max Schrems that could decide how Europeans’ data will be shared with US internet firms in future
Google was also forced to pay a separate $17m fine levied by attorneys general in 10 US states over its unauthorised placement of cookies on computers using Apple Safari web browsers from 2011 to 2012.
Lawyers for claimants in the UK want Google to reveal how it used the private information it secretly obtained, how much personal data was taken, and for how long the practice was carried out.
Claimants plan to sue Google for breaches of confidence and privacy, computer misuse and trespass, and breach of the UK Data Protection Act 1998.
They also claim that the company acted contrary to a 2009 amendment to an EU directive which requires consent before cookies are placed on a user's device for advertising purposes
The Appeal Court ruling is the latest setback for Google that has come under increasing scrutiny from data privacy authorities in Europe.
In January 2014, France’s privacy watchdog, CNIL, fined Google €150,000 for failing to conform to local law regarding tracking and storing user information within the three-month deadline it had set.
Over the past year Google has been receiving requests to remove links to personal information from search results after Europe’s top court supported the controversial right to be forgotten in a landmark ruling.
The regulator has asked the company to provide better information to users about how personal data is used after changes were made to its policy.
ICO head of enforcement Steve Eckersley said ensuring data is processed fairly and transparently is a key requirement of the Data Protection Act.