Google Loses Ruling In Safari Tracking Case 56
mpicpp sends this report from CNET:
The floodgates are now open for UK users to sue Google over privacy violations tied to tracking cookies. In a landmark ruling, the UK's Court of Appeal has dismissed Google's request to prevent British Web users from suing the company over tracking cookies and privacy violations. The decision was announced Friday, according to the BBC. In spite of default privacy settings and user preferences — including an opt-out of consent to be tracked by cookies — Google's tracking cookies gathered information on Safari browser users for nine months in 2011 and 2012.
Google's attourneys should be kicked out of the ba (Score:4, Insightful)
By that logic, some freak could put a camera in their shower - or worse their KID'S shower and not get punished.
Yes, I know that much of the Internet based business hates privacy and tries to pretend it doesn't exist, but that is the enitre reason why we put those laws in place.
Re: (Score:1, Troll)
If people opted out and were still tracked, that's fair game for suing.
Now what's the damages? A government trying to duplicate Chrome + Google search engine could not do so, and you'd probably have been taxed a hundred pounds per taxpayer in a failed attempt to do so.
So I'd offer to settle to keep allowing you to use Chrome and Google for free, or get the hell off and go to IE and Bing.
Re: (Score:1)
If people opted out and were still tracked, that's fair game for suing.
Now what's the damages? A government trying to duplicate Chrome + Google search engine could not do so, and you'd probably have been taxed a hundred pounds per taxpayer in a failed attempt to do so.
So I'd offer to settle to keep allowing you to use Chrome and Google for free, or get the hell off and go to IE and Bing.
Spoken like a true "Glad to be surveilled" Brit.
Re: (Score:1)
On what grounds could one sue? (Score:2)
On what grounds could one sue? I imagine it would be quite hard to prove real damages with a price-tag attached.
Also, we don't have class-action lawsuits in the UK.
Also, the new BBC News design looks truly awful on Firefox+NoScript on desktop. Not an improvement, BBC.
Re: (Score:2)
People seem to forget a lot of the time that when you bring a civil suit you need to show at least two things: evidence that the party you're suing did wrong and that you suffered in some way as a result which allows you to seek relief through the courts. I think its going to be hard for anyone to show how Google's actions hurt them.
You are wrong. At least in the U.S.
Doing wrong = Liability.
Harm to the Plaintiff = Damages.
They aren't the same. But having said that, the Defendants (Respondents) will likely move for either Summary Judgment or a "Directed Verdict" if the Plaintiff cannot allege actual harm.
Re: (Score:2)
Emotional distress caused by invasion of privacy sounds viable to me, however IANAL.
Considering that I personally, as well as several people I know, experience anxiety from what we know - and what we *don't* know about things we know - about cyber privacy invasions by corporations and nations (as well as cracker, terrorist and/or criminal organizations) tracking, profiling, spying, trading the information, etc. etc. - I don't find hard at all to believe that proving harm caused by illegal actions of this sh
Re: (Score:2)
I think its going to be hard for anyone to show how Google's actions hurt them.
Buyer's remorse. Example scenario:
Google used cookies to track me and display the most effective advertising that most greatly appealed to my preferences and was most persuasive to me.
Because the advertisement shown was more persuasive; they talked me into purchasing X with a more persuasive Ad, even though buying X was not worth it.
I would not have purchased it, if the more persuasive ad wasn't shown as a result o
Re:On what grounds could one sue? (Score:4, Insightful)
On what grounds could one sue?
Probably under data privacy laws.
I imagine it would be quite hard to prove real damages with a price-tag attached.
They don't need to show financial hardship:
Google argued the point was moot because consumers suffered no financial hardship due to the practice. The UK's Court of Appeal disagreed. According to the court's judgment:
"These claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature [...] about and associated with the claimants' Internet use, and the subsequent use of that information for about nine months. The case relates to the anxiety and distress this intrusion upon autonomy has caused."
Re: (Score:1)
he case relates to the anxiety and distress this intrusion upon autonomy has caused."
Autonomy? This in a nation with CCTV cameras every 10 yards or so...
Re: (Score:2)
he case relates to the anxiety and distress this intrusion upon autonomy has caused."
Autonomy? This in a nation with CCTV cameras every 10 yards or so...
I know; I thought that was funny, too.
But maybe the British Courts are swinging the pendulum the other way, now...
Re: (Score:2)
Well, "he was shooting everyone in the room so I shot him" is often a valid defense. However, I think that might be an outlier to your otherwise valid point.
Re: (Score:2)
Also, the new BBC News design looks truly awful on Firefox+NoScript on desktop. Not an improvement, BBC.
Seems to work surprisingly well for no JavaScript.
There is no need to prove "further" damage (Score:2, Informative)
Re: (Score:2)
However, we don't normally award punitive damages in civil cases here in the UK, so even if there is a definitive judgement at some stage that Google was invading privacy and failing to protect personal data, it seems unlikely they will suffer more than a token slap on the wrist from a privacy regulator provided that they cease and desist (as it appears they already have). Unfortunately, civil trials here are not very effective at recognising damage that comes in forms other than actual financial loss and d
Re: (Score:2)
On what grounds could one sue? I imagine it would be quite hard to prove real damages with a price-tag attached.
Also, we don't have class-action lawsuits in the UK.
Perhaps "Breach of Contract"? I am SURE, even without looking, that, buried deep down on Google's site, is some document that starts "By using this service, you agree to the following terms and conditions..."
You don't have Class Actions in the UK? How telling...
Re: (Score:2)
Honestly, it doesn't matter WTF is in Google's ToS if those terms violate the local law.
Google can whine and bitch all they want, but you can't embed something illegal into a contract.
The UK privacy laws always trump Google, no matter what Google wants to claim. Especially since Google has localized ve
Re: (Score:2)
It's not so simple. The following is an amateur explanation of how things work. Perhaps someone can explain it better?
The UK has loser pays on legal fees. Once one person wins a lawsuit on a common basis, others can expect to win also. If the company lost those cases in court (as would now be very likely), the company would be liable for both sides' legal bills in lots of individual cases. So, after losing one representative case in what would be cl
Re: (Score:2)
It's not so simple. The following is an amateur explanation of how things work. Perhaps someone can explain it better? The UK has loser pays on legal fees. Once one person wins a lawsuit on a common basis, others can expect to win also. If the company lost those cases in court (as would now be very likely), the company would be liable for both sides' legal bills in lots of individual cases. So, after losing one representative case in what would be class action in the USA, a defendant has a very strong incentive to settle the others. People who would be in a class in the USA can band together to fund the initial representative case.
Thanks for the explanation, that does help.
But I still don't like the "Loser Pays" rule, when there is a big difference between the resources of an individual trying to sue a well-heeled company (let alone the government) with the sheer legal might to run roughshod over almost any arguments or experts the lowly individual might bring to the bar. But that's a discussion for another time.
And who *ever* bought "Don't be evil"? (Score:4, Insightful)
Google started in the gutter as a fucking AD AGENCY, and they went downhill to selling every detail of your private life they can get their grubby hands on.
Their fundamental business is to wring every last bit of privacy from you and SELL IT.
Don't tell me you EVER thought "Don't be evil" was anything other than a marketing slogan concocted by - get this - an ad agency.
Re:And who *ever* bought "Don't be evil"? (Score:4, Insightful)
Re: (Score:2)
Y'know, I hate advertising as much as the next guy. But whether or not selling ADs is 'evil', for the thousadth time - they don't sell information. There are others out there that doubtless do. Google has pretty brilliantly come up with a way to monetize the information you provide without selling it directly, and while performing useful services. The results are sometimes creepy, but it doesn't help to mischaracterize the process. They sell advertising in order to provide the 'junk' you mention (presu
Wrong target (Score:4, Interesting)
This problem was caused by a bug in Safari that ignored the no tracking setting and accepted and returned the cookies. This court case is just absurd. The target should be Apple not Google.
Re:Wrong target (Score:4, Insightful)
Except Google went out of their way to exploit this bug to so they could use their cookie to further their business goals. This was no ‘accidental’ situation where they happened to get cookies, they adjusted their code to trigger the bug.
Re: (Score:1)
There's something to this. AFAIK, the conversation between browser and server went like:
Goog: Hey, I got this cookie here. Store it for me?
Browser: Sure, send it on over!
Goog: OK! Give it back later. Cool?
Browser: Cool.
Information wants to be free. You can't very well blame google for remembering information you sent them. This reminds me of people who post shit on Facebook for everybody to see, then get upset when later on, somebody sees it. You don't want that to happen, then don't post it! Same
Re: (Score:2)
Information wants to be free.
Information is inanimate and doesn't want anything. If you believe otherwise feel free to post your banking information and medical history because apparently that wants to be free as well.
Please, won't you think of the information?
Re: (Score:2)
Why not both? Apple should be held accountable for their software ignoring the flags set by the user (if that's actually the case, and I'll get to that later), but Google should be held accountable for exploiting a weakness in someone else's systems.
If I were to exploit a bug for profit, I'd get to look forward to federal PMITA prison. When large corporate conglomerates do the same thing, they get to laugh about how they didn't cause anyone financial losses, so they should get away scot-free.
That being sa
Re: (Score:2)
Yeah, let's go with that logic next time a major healthcare website is hacked and your private data is suddenly plastered everywhere.
Or, let's realise there is no restriction on how much blame there is to go round, and we blame Apple for having bugs in their software, and we blame Google for going out of their way to exploit a bug in Apples software.
Google deserves to be slapped down for this.
Re: (Score:3, Insightful)
You are terribly misinformed about what the "no tracking" flag means. It is not a setting meant to change how the browser stores information or behaves, and it is definitely not some equivalent of a "disable cookies" setting. Instead the no tracking flag is meant to be sent on a HTTP header as a way to inform the server that the user doesn't wan't to be tracked, it is a way for users inform the server that they are actively opting-out of any and all tracking.
So there was no bug in Safari, browsers with no t
Re:Wrong target (Score:4, Informative)
No, you're describing the "do not track" header, and that's not what this is about. This is about circumventing the "accept 3rd-party cookies" setting. Google used a nasty piece of JavaScript to simulate a user form submission so they could store a cookie that would otherwise be rejected.
Re: (Score:1)
You're wrong that there was no bug:
Greenhalgh says that Apple’s Safari web browser is especially vulnerable to the exploit. While clearing cookies on Mozilla’s Firefox, Google Chrome, or Opera also erases HSTS flags, deleting the super cookies, there’s no way to do so on Safari on iOS devices.
Read more: http://www.businessinsider.com/super-cookies-hsts-security-private-2015-1#ixzz3VgIBUc8H
and you're wrong how the do not track header functions:
There are no legal or technological requirement
Re: (Score:2)
This problem was caused by a bug in Safari that ignored the no tracking setting and accepted and returned the cookies. This court case is just absurd. The target should be Apple not Google.
Haters gotta hate, don't they?
Re: (Score:3)
The target should be Apple not Google.
That's a stupendous way to end software development overnight. Yes, Apple had a bug. All software has bugs. They clearly intended for a different outcome and surely never expected Google to actively attack it.
Of the two, Apple made a mistake but acted with good intentions (at least on the surface, but there's no point going full tinfoil because then there's no point having a conversation about it). Google acted maliciously, and if someone's going to be held accountable for this then it should be them.
In bef
Expect successful suits in Canada (Score:1)
Expect successful lawsuits in Canada, where Privacy is a Constitutional Right, and eventually in the US by EU/UK and Canadian citizens protected against such actions by the EU/US and US/Canada Data Treaties.
(note: if you don't like that they have more rights in the US than you do, don't sign treaties giving them such rights next time)
In Australia... (Score:2)
In Australia government will be suing corporation for not spying on their users. (metadata retention laws)