Google Appeal of U.K. Safari Cookies Ruling OK'd

By Ali Qassim

July 31 — In a case with significant implications for how damages are considered in international privacy litigation, The U.K. Supreme Court July 28 granted Google Inc. permission to appeal part of lower court ruling that concluded that U.K. users of the Safari Internet browser would be able to proceed with privacy claims against the search engine.

The primary concern of companies doing business in the U.K. is that they may be forced to defend claims based not on a showing of actual damages but where a group of plaintiffs allege emotional distress damages, according to a July 30 blog post by Philippe Bradley-Schmieg, an attorney at Covington & Burling LLP in London.

According to Nick Graham, a partner at Dentons in London, the ruling against Google in the U.K. appeals court below “opened the door to the risk of mass claims for data privacy breaches.”

In a July 30 blog post, he said that it isn't hard to imagine that after a large data breach a company might face a million plaintiffs claiming a small sum for associated distress. That “adds up to a big liability,” Graham said.

Google has lost two previous attempts to avoid facing cookies tracing claims in the U.K., including a 2014 ruling by the England and Wales High Court of Justice that Google should face cookies tracking claims in the U.K., and not in Mountain View, Calif, as the search engine had argued.

The Court of Appeal of England and Wales upheld that decision in March. The court said Google's appeal should be dismissed because the claims made by a group of users of Apple Inc.'s Safari browser against Google raised “serious issues which merit a trial”.

But the supreme court said in a July 28 statement that it had accepted two of the three grounds that Google gave for seeking an appeal.

“We are pleased that the Supreme Court has agreed to consider key issues in this complex case,” a Google spokeswoman told Bloomberg BNA July 28.

Two Grounds for Appeal 

Of the three grounds Google gave for seeking an appeal, the supreme court accepted two, including whether the court of appeal was “right to hold that section 13(2) of the Data Protection Act 1998 was incompatible with Article 23 of the Directive.”

In its March ruling, the court of appeal found “it was not possible to interpret section 13 (2) of the Data Protection Act 1998”—which deals with claims for compensation for individuals who face privacy violations—“in a way that was compatible with” Article 23 of the European Union Data Protection Directive (95/46/EC), the supreme court said in a statement.

The supreme court said it also accepted Google's third ground for appeal on whether the court of appeal “was right to disapply” Section 13(2) of the 1998 act “on the grounds that it conflicts with the rights guaranteed” by Articles 7 (right to private and family life) and 8 (right to the protection of personal data) of the EU Charter of Fundamental Rights.

At a London-based law firm's annual data protection workshop held July 1, David Smith, deputy commissioner for the U.K. Information Commissioner's Office, said that courts in the U.K. and in the EU are increasingly taking more seriously Article 8 in the EU Charter of Fundamental Rights.

Court Refuses One Ground

The supreme court, however, rejected Google's first ground for appeal, which questioned “whether the Court of Appeal was right to hold the Claimant's claims for misuse of private information are claims made in tort for the purposes of the rules relating to service out of the jurisdiction.”

One of the clarifications of law made by the court of appeal in March was the classification of the misuse of private information as a tort.

According to the supreme court's order, “this ground does not raise an arguable point of law.”

With assistance from Donald G. Aplin in Washington

To contact the reporter on this story: Ali Qassim in London at

To contact the editor responsible for this story: Katie W. Johnson at