Could Google Case Make GDPR The Next PPI?
When the BBC news is out there conducting vox pops of how annoying those endless privacy notice updates and ‘let’s stay in touch’ emails are, you know the country is officially fed up and switching off. However, there is a fortuitous piece of timing, as an excellent feature in Wired points out.
It’s pretty rare for Brits to get together to arrange what, in America, would be called a “class action.” But that’s what we have with a “representative action” in front of a court in London this week. More than four million iPhone users are alleged to have suffered from Google operating the “Safari workaround,” which enables the tech giant to glean information from their browsing, despite the browser being set up not to provide it.
The headlines have hinted that the final bill to Google could reach a massive GBP3.2bn, based on an estimate of what “Google You Owe Us” believes the damage to each claimant should be.
There are several challenges — not least Google’s concern over a London court having jurisdiction over the case. Plus, the damage must be shown not only to be done but to have been evenly spread across the claimants, meaning that a single payout to all is merited. The claimants would then have to prove they can reach the 4.4m iPhone owners for the time period concerned (July 2011 to August 2012) so the money can be distributed.
Google, of course, is saying this would be hard to do and that it would also be even harder to show that, if the court does rule their privacy was compromised, each person was impacted in exactly the same way.
So there is some discussion as to whether the case will be allowed to go ahead.
Either way, we could be setting a precedent here. A class action group on privacy is unheard of in the UK, but guess what — those four little letters we’ve been trying to avoid hit home tomorrow.
Just imagine, if you would, that 4.4m iPhone users get compensation for an invasion of their data privacy. That, right there, would give the public a figure to cling on to — a number that a judge has placed against having your personal data taken without your knowledge or consent.
Is it just me, or are we shaping up here for GDPR claims to be the new PPI? You can’t watch tv, read a paper, go online or tune in to the radio without some group asking you to call in so they can see if you were wrongly sold a Payment Protection Insurance plan and so are due for compensation.
Just imagine if this case against Google goes ahead and then further imagine an award is made. Now place that in the context of GDPR and the massive increase in fines for organisations that flout the rules and cause consumers harm.
GDPR becoming the new PPI. It’s a possibility, isn’t it?