The UK Supreme Court ruled in favour of Google in a case based on the accusation of a data privacy breach, going against a ruling by the UK Court of Appeals.
The case, involving 4.4 million users, was brought by Richard Lloyd, the former director of Which?, the consumer rights group. Lloyd’s case alleged that between 2011-12, Google cookies collected data on health, race, ethnicity, sexuality and finance on the user’s iPhones via Safari, despite users having a “do not track” privacy setting.
If the ruling had gone against Google, then each individual iPhone owner linked to the case would have received a payment of £750 each, creating a total cost of £3 billion for Google.
Google previously lost a similar case in 2017, when it was fined 2.4 billion euros by the European Union in 2017 for distorting competition among price comparison websites.
Lord Leggatt, in handing down the ruling, did not rule out the case returning as an individual claim rather than as group stating such a case would have a “real chance of success”.
Many UK cyber and liability insurers breathed a large sigh of relief after the ruling, as a successful case would have left them and their clients exposed to future class actions.
Furthermore, as Tim Smith, partner and head of technology, media and telecoms at BLM put it, the ruling also benefitted insurers as they controlled vast quantities of policyholder data, leaving them vulnerable to class actions if the Google case went against them.
Yet, this will not be the last ruling on this issue, as data is becoming more and more a valuable commodity, in particular with the rise of technology such as QR scanning and contactless payment. Many companies rely on gaining access and leveraging data on their consumers to improve their products and increase their market share.
With more consumers and organisations becoming aware of cybersecurity and doing more to protect themselves, there is a large chance that many will ask the question, just what are companies doing with all their data?