Submit to Digest

Richard Lloyd v. Google LLC: No Liability for Acquisition and Sale of Users’ Personal Information

Reports Privacy

Lloyd v. Google LLC [2018] EWHC (QB) 2599 (Eng.). Opinion In The High Court of Justice, Queen’s Bench Division, Media and Communications List, Case No: HQ17M01913

Richard Lloyd, filed suit in a representative capacity, seeking damages under the Data Protection Act for Google’s improper use of iPhone users’ personal information during the “Relevant Period” of June 1, 2011 to February 15, 2012. On August 10, 2018, the High Court of the Queen’s Bench Division in England held that Google was not liable for the development and implementation of “DoubleClick Ad cookies” on iPhones during the Relevant Period.

A DoubleClick Ad cookie is a Third-Party Cookie that allowed Google to gather browser generated information through a workaround on the default iPhone web browser, Safari. Unbeknownst to the device’s owner, the DoubleClick Ad cookie would collect and store data from websites visited by users to determine their interests and habits. The data was then used to personally tailor advertisements to specific users illustrated by their individual browsing history.

In 2012, Google paid $22.5 million for such conduct, the largest Federal Trade Commission violation in history. The facts of that domestic case were nearly identical to those of the Lloyd matter. The result abroad, however, was much different.

Justice Warby of the High Court rejected Plaintiff’s arguments for two reasons. First, the Court found that the claim did not provide a basis for compensation under the United Kingdom’s 1998 Data Protection Act (“DPA”). As Lloyd explains, the statutory language of DPA s 13(1) explains that compensation ought to be provided when there is both “contravention of a requirement of the DPA” and damage is suffered. The Court held that data acquisition without consent does not always necessitate a compensable harm. Damage applies to individuals, and there is no individuality in plaintiff’s suit. An allegation for violation of a DPA claim fails when there is no “pecuniary loss or distress.”

The second issue the Court discussed in Lloyd was in regard to the Class as a whole. In particular, the Court determined that not every member of the Class would have the “same interest.” Google argued that every member of the Class must have suffered the exact same damage, and the Court agreed. Inevitably, different members of the Class would have suffered varying degrees of damage given their unique patterns of internet traffic. As a result, some of those included in the Class would not have a cause of action. As the Court here notes, without a uniform breach of duty, there can be no uniform damages. And without uniform damages, there can be no claim. Further, the Court found it impossible to determine who was actually in the Class. The plaintiff presumed acquisition and utilization of the DoubleClick Ad Cookie during the Relevant Period, which may or may not be true. For example, some members of the Class may have acquired the Cookie before the Relevant Period, and thus would be improperly compensated.

After the Court announced its decision, Richard Lloyd released a public statement illustrating his concern: “Today’s judgment is extremely disappointing and effectively leaves millions of people without any practical way to seek redress and compensation when their personal data has been misused . . . and sends a signal to the world’s largest tech companies that they can continue to get away with treating our information irresponsibly.” This sentiment is not solely a foreign issue. In addition to their $22.5 million federal litigation settlement in 2012, Google settled a domestic analogue of the Lloyd case in a multistate action for $17 million a year later, in a manner directly contrasting the High Court's rejection of Lloyd in England. Previous Attorneys General across the United States seem to agree with Lloyd’s sentiments. For instance, Nevada’s previous Attorney General and current Nevada Senator Catherine Cortez Masto stated, “[c]onsumers have the right to make informed decisions with respect to their privacy online, and those choices should be respected.”