Google is fighting a new legal battle over data-privacy challenges in the United Kingdom and argues that the company can’t be held accountable to U.K. privacy laws because Google is an American company based in the United States.
That position, however, is not going over well with British authorities or with a group of Britons who filed a lawsuit in their country in connection with Google’s past handling of personal data on their iPhones, according to an Aug. 18 report in The (London) Telegraph.
“The company is facing a landmark group legal action by Britons angry over the way it circumvented settings on the iPhone to track their Web usage,” reported The Telegraph. In July 2012, Google was fined $22.5 million for similar behavior in the United States by the Federal Trade Commission (FTC) after Google used code to bypass Apple Safari Web-browser privacy settings that blocked user tracking cookies by default.
In response to the latest British claims, however, Google argued that it isn’t covered by British privacy laws, saying there is “‘no jurisdiction’ for the case to be heard [there] because its consumer services are provided by Google Inc., based in Silicon Valley, rather than Google U.K.,” according to the story.
Several of the claimants in the lawsuit told The Telegraph that they are angry about Google’s response. “It seems absurd to suggest that consumers can’t bring a claim against a company which is operating in the U.K. and is even constructing a $1 billion headquarters in London,” Marc Bradshaw, one of the claimants, told the paper.
Google has asked that the case be dismissed and will get a hearing on its request in October, according to The Telegraph.
In the U.S. case in 2012, the government alleged that Google had used special code to bypass Safari privacy settings that blocked user tracking cookies by default, which then enabled the browser to accept cookies. Google disabled the code soon after reports of the issue surfaced, and stated at the time the situation was unintentional and that the ad cookies did not collect personal information.
Several IT analysts contacted by eWEEK, however, say that they think Google is essentially grasping at straws.
“Who does Google think they are?” asked Dan Olds, principal analyst with Gabriel Consulting, mocking the company for even arguing such a position in Britain. “They can’t do this, especially since they have a presence in the country. This is not going to work. I think companies have tried this before and it has been disappointing.”
And if such a legal argument were ever accepted, said Olds, companies would begin lining up to incorporate themselves in remote places like Antarctica, so they could be free of legal liability wherever they do business around the globe. “That would be a really nice way to go,” he said sarcastically.
Another analyst, Dan Maycock of Slalom Consulting, said that in similar cases involving other companies and other nations, he doubts that Google can win its claim in the U.K.
“I think it’s a surprise that they are arguing this,” said Maycock. “I think it’s a bit ludicrous that they would say something like that. For them to try to say ‘we are not based there, that you can’t prosecute us,’ it’s kind of a fool’s errand. I’m not sure what they are trying to gain by doing this.”
Google Fighting UK Government on Privacy
In addition, said Maycock, Google risks potential backlash from users, many of whom already use and buy many Google products. “For Android use in Britain, for example, if people are saying that Google can do whatever they want to do and there will be no legal repercussions, they wouldn’t feel good about that.”
Alan Webber, an analyst with Altimeter Group, called the Google legal claim “an interesting tactic,” but said he thinks it will be a hard sell.
“That being said, they’re going to have a hard time arguing this, given that Google pays some taxes there,” said Webber. “If you are paying taxes there, how can you say you are not covered by other laws? I think this is all attorney-speak.”
On the other hand, Webber said, he can understand Google’s position that since it already paid a similar fine in the U.S., it needs to try to stop such suits from spreading around the world. “I don’t really blame them. It’s been $22 million in the U.S. and then this British case on top of that. If they are liable in the U.S. and the U.K., who says they are not liable in other places, like Singapore and Thailand?”
The British case is one of several ongoing privacy cases involving Google in Europe. In France, this past June, Google was given 90 days to amend its policies about how the company deals with users’ data or face large fines. Five other EU nations made similar threats to Google. The deadline was issued by France’s National Commission for Computing and Civil Liberties (CNIL), which is France’s data-protection agency.
The controversy over privacy and Google’s user policies has been simmering for some time. In May 2012, French regulators accused Google of not being cooperative with investigators looking into privacy issues concerning the company and its practices there. The CNIL had sent Google a questionnaire about the new privacy policy in March 2012, but the agency complained that Google’s answers were “often incomplete or approximate.” A follow-up survey also left questions remaining.
Earlier this April, France and five other European nations announced that the slow pace of Google’s progress on privacy issues caused them to plan their own steps to ensure improved data privacy for their citizens. That could mean hefty fines and deeper investigations into Google’s actions on user privacy. A European task force being led by the CNIL has been waiting since October 2012 for satisfactory progress from Google on how the search giant would make privacy improvements to protect users of its online services.
In January 2012, Google announced major changes to its data-privacy policies, which folded 60 of its 70 previously separate product privacy policies under one blanket policy and broke down the identity barriers between some of its services to accommodate its then-new Google+ social network, according to an earlier eWEEK report. Google’s streamlining came as regulators continued to criticize Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols. The Google privacy policy changes went into effect March 1, 2012.
In April 2013, Google was hit with an $189,167 fine in Germany for collecting user data without fully disclosing the practice as Google Street View vehicles combed German streets collecting information for its maps from 2007 to 2010. A similar case in the United States was resolved in March when a $7 million settlement was reached between Google and the U.S. government to end a probe into the Street View imaging program, which for three years collected personal information on users wirelessly as the Street View vehicles drove around taking photographs. The $7 million fine against Google was designed to resolve investigations that were under way by some 30 state attorneys general over the controversial Street View program.
Google’s progress on developing clearer, better-known policies regarding how it will use any of the personal data belonging to its users has become a sore point with many governments around the world, which say that the search giant is not moving quickly enough to address such privacy concerns. Google could potentially be fined about $1 billion for shortcomings in its data-privacy policies in Europe.