In 2012, Google paid $22.5 million to settle an FTC claim that the company “misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking cookies or serve targeted ads to those users . . .” The company bypassed Safari’s cookie-blocking settings, it said, to deliver a “signed-in” user experience.
Google explained that it “used known Safari functionality to provide features that signed-in Google users had enabled,” adding that “advertising cookies do not collect personal information.” Critics took a more skeptical view.
This same conduct is now the subject of a class action lawsuit in the UK. The potential UK class includes 5.4 million people who owned iPhones between June 2011 and February 2012. Google’s hypothetical liability in the matter could exceed $1 billion — considerably higher than the settlement in the US action.
The UK lawsuit is being framed as a privacy case about the “misuse of personal data.” Google says that it believes the suit is meritless and will contest it.
The group pursuing the case is called “Google You Owe Us.” On the group’s website it makes the following statements about the case, called a “representative action” in the UK:
We believe that Google took millions of iPhone users’ personal information illegally in 2011 and 2012. Google did this by bypassing default privacy settings on the iPhone’s Safari browser . . .
We want to ensure that big companies like Google respect our privacy in the future. Our personal information is valuable and it must be used it in a way that is trustworthy and fair.
This case can be seen in the broader context of European privacy complaints against US internet companies. Google and Facebook specifically have been the subject of numerous complaints in different countries.
Europe’s General Data Protection Regulation is coming in May, which will create strict new privacy rules and significant potential liability (millions of euros) for companies that fail to comply or violate its provisions.