Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Loses Ruling In Safari Tracking Case

Posted by Soulskill on from the permission-for-lawyers-to-make-money dept.

mpicpp sends this report from CNET: The floodgates are now open for UK users to sue Google over privacy violations tied to tracking cookies. In a landmark ruling, the UK's Court of Appeal has dismissed Google's request to prevent British Web users from suing the company over tracking cookies and privacy violations. The decision was announced Friday, according to the BBC. In spite of default privacy settings and user preferences — including an opt-out of consent to be tracked by cookies — Google's tracking cookies gathered information on Safari browser users for nine months in 2011 and 2012.

34 of 56 comments (clear)

  1. Google's attourneys should be kicked out of the ba by gurps_npc · · Score: 3, Insightful
    They had the gall to say their illegal invasion of privacy was OK because their was no financial harm?

    By that logic, some freak could put a camera in their shower - or worse their KID'S shower and not get punished.

    Yes, I know that much of the Internet based business hates privacy and tries to pretend it doesn't exist, but that is the enitre reason why we put those laws in place.

    --
    excitingthingstodo.blogspot.com
  2. On what grounds could one sue? by Wootery · · Score: 1

    On what grounds could one sue? I imagine it would be quite hard to prove real damages with a price-tag attached.

    Also, we don't have class-action lawsuits in the UK.

    Also, the new BBC News design looks truly awful on Firefox+NoScript on desktop. Not an improvement, BBC.

    1. Re:On what grounds could one sue? by Lunix+Nutcase · · Score: 3, Insightful

      On what grounds could one sue?

      Probably under data privacy laws.

      I imagine it would be quite hard to prove real damages with a price-tag attached.

      They don't need to show financial hardship:

      Google argued the point was moot because consumers suffered no financial hardship due to the practice. The UK's Court of Appeal disagreed. According to the court's judgment:

      "These claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature [...] about and associated with the claimants' Internet use, and the subsequent use of that information for about nine months. The case relates to the anxiety and distress this intrusion upon autonomy has caused."

    2. Re:On what grounds could one sue? by Merk42 · · Score: 1

      Also, the new BBC News design looks truly awful on Firefox+NoScript on desktop. Not an improvement, BBC.

      Seems to work surprisingly well for no JavaScript.

    3. Re:On what grounds could one sue? by Anonymous Coward · · Score: 1

      he case relates to the anxiety and distress this intrusion upon autonomy has caused."

      Autonomy? This in a nation with CCTV cameras every 10 yards or so...

    4. Re:On what grounds could one sue? by macs4all · · Score: 1

      On what grounds could one sue? I imagine it would be quite hard to prove real damages with a price-tag attached.

      Also, we don't have class-action lawsuits in the UK.

      Perhaps "Breach of Contract"? I am SURE, even without looking, that, buried deep down on Google's site, is some document that starts "By using this service, you agree to the following terms and conditions..."

      You don't have Class Actions in the UK? How telling...

    5. Re:On what grounds could one sue? by macs4all · · Score: 1

      People seem to forget a lot of the time that when you bring a civil suit you need to show at least two things: evidence that the party you're suing did wrong and that you suffered in some way as a result which allows you to seek relief through the courts. I think its going to be hard for anyone to show how Google's actions hurt them.

      You are wrong. At least in the U.S.

      Doing wrong = Liability.

      Harm to the Plaintiff = Damages.

      They aren't the same. But having said that, the Defendants (Respondents) will likely move for either Summary Judgment or a "Directed Verdict" if the Plaintiff cannot allege actual harm.

    6. Re:On what grounds could one sue? by macs4all · · Score: 1

      he case relates to the anxiety and distress this intrusion upon autonomy has caused."

      Autonomy? This in a nation with CCTV cameras every 10 yards or so...

      I know; I thought that was funny, too.

      But maybe the British Courts are swinging the pendulum the other way, now...

    7. Re:On what grounds could one sue? by gstoddart · · Score: 1

      Perhaps "Breach of Contract"? I am SURE, even without looking, that, buried deep down on Google's site, is some document that starts "By using this service, you agree to the following terms and conditions..."

      Honestly, it doesn't matter WTF is in Google's ToS if those terms violate the local law.

      Google can whine and bitch all they want, but you can't embed something illegal into a contract.

      The UK privacy laws always trump Google, no matter what Google wants to claim. Especially since Google has localized versions for most countries they operate in.

      They simply can't claim to be exempt from the law. Terms of service are not magical ... they couldn't say that you agree to indentured servitude either.

      In this case, Google said "fuck it, we don't care if you've opted out".

      Though, admittedly, this was partly helped by the fact that Apple incompetently implemented blocking of 3rd part cookies. Basically everybody figured out how to bypass that.

      --
      Lost at C:>. Found at C.
    8. Re:On what grounds could one sue? by robsku · · Score: 1

      Emotional distress caused by invasion of privacy sounds viable to me, however IANAL.

      Considering that I personally, as well as several people I know, experience anxiety from what we know - and what we *don't* know about things we know - about cyber privacy invasions by corporations and nations (as well as cracker, terrorist and/or criminal organizations) tracking, profiling, spying, trading the information, etc. etc. - I don't find hard at all to believe that proving harm caused by illegal actions of this short would not necessary be that hard.

      After all, you have to remember, these laws came from peoples demand because they felt threatened by them. Is it then hard to see how a court could see violations of such crimes having caused harm?

      --
      In capitalist USA corporations control the government.
    9. Re:On what grounds could one sue? by whoever57 · · Score: 1

      You don't have Class Actions in the UK? How telling...

      It's not so simple. The following is an amateur explanation of how things work. Perhaps someone can explain it better?

      The UK has loser pays on legal fees. Once one person wins a lawsuit on a common basis, others can expect to win also. If the company lost those cases in court (as would now be very likely), the company would be liable for both sides' legal bills in lots of individual cases. So, after losing one representative case in what would be class action in the USA, a defendant has a very strong incentive to settle the others. People who would be in a class in the USA can band together to fund the initial representative case.

      --
      The real "Libtards" are the Libertarians!
    10. Re:On what grounds could one sue? by sumdumass · · Score: 1

      Well, "he was shooting everyone in the room so I shot him" is often a valid defense. However, I think that might be an outlier to your otherwise valid point.

    11. Re:On what grounds could one sue? by macs4all · · Score: 1

      You don't have Class Actions in the UK? How telling...

      It's not so simple. The following is an amateur explanation of how things work. Perhaps someone can explain it better? The UK has loser pays on legal fees. Once one person wins a lawsuit on a common basis, others can expect to win also. If the company lost those cases in court (as would now be very likely), the company would be liable for both sides' legal bills in lots of individual cases. So, after losing one representative case in what would be class action in the USA, a defendant has a very strong incentive to settle the others. People who would be in a class in the USA can band together to fund the initial representative case.

      Thanks for the explanation, that does help.

      But I still don't like the "Loser Pays" rule, when there is a big difference between the resources of an individual trying to sue a well-heeled company (let alone the government) with the sheer legal might to run roughshod over almost any arguments or experts the lowly individual might bring to the bar. But that's a discussion for another time.

    12. Re:On what grounds could one sue? by mysidia · · Score: 1

      I think its going to be hard for anyone to show how Google's actions hurt them.

      Buyer's remorse. Example scenario:

      Google used cookies to track me and display the most effective advertising that most greatly appealed to my preferences and was most persuasive to me.

      Because the advertisement shown was more persuasive; they talked me into purchasing X with a more persuasive Ad, even though buying X was not worth it.

      I would not have purchased it, if the more persuasive ad wasn't shown as a result of tracking me and tailoring ad selection to my vulnerabilities (preferences).

      Therefore, Google should be responsible for my lost $$$ in non-refundable digital purchases.

  3. And who *ever* bought "Don't be evil"? by Anonymous Coward · · Score: 4, Insightful

    Google started in the gutter as a fucking AD AGENCY, and they went downhill to selling every detail of your private life they can get their grubby hands on.

    Their fundamental business is to wring every last bit of privacy from you and SELL IT.

    Don't tell me you EVER thought "Don't be evil" was anything other than a marketing slogan concocted by - get this - an ad agency.

    1. Re:And who *ever* bought "Don't be evil"? by JustSomeProgrammer · · Score: 3, Insightful

      All of them. Just because I don't pay with money doesn't mean I don't pay something.

    2. Re:And who *ever* bought "Don't be evil"? by Rob+Y. · · Score: 1

      Y'know, I hate advertising as much as the next guy. But whether or not selling ADs is 'evil', for the thousadth time - they don't sell information. There are others out there that doubtless do. Google has pretty brilliantly come up with a way to monetize the information you provide without selling it directly, and while performing useful services. The results are sometimes creepy, but it doesn't help to mischaracterize the process. They sell advertising in order to provide the 'junk' you mention (presumably the users of gmail, search, youTube, Android, etc don't think of them as junk) - not the other way around. And your kind of hyperbole just makes you look dumb, paranoid - or paid by Microsoft to somehow justify the same exact behavior by their parallel services.

      Whether the case at hand is particularly egregious or not (I haven't paid enough attention to know), the hysteria contained in phrases like "thinly veiled ruses to get information on me and sell it" and "they are *not* a technology company" puts me in the tiresome position of defending them against bullshit charges (as if they really need my defense). So, I guess I'll stop - and simply lament how moronic so much of the commentary on Slashdot has become. I've been on here long enough to remember when it was often quite enlightening...

      --
      Posted from my Android phone. Oh, I can change this? There, that's better...
  4. Re:Google's attourneys should be kicked out of the by Impy+the+Impiuos+Imp · · Score: 1, Troll

    If people opted out and were still tracked, that's fair game for suing.

    Now what's the damages? A government trying to duplicate Chrome + Google search engine could not do so, and you'd probably have been taxed a hundred pounds per taxpayer in a failed attempt to do so.

    So I'd offer to settle to keep allowing you to use Chrome and Google for free, or get the hell off and go to IE and Bing.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  5. Wrong target by Martin+S. · · Score: 3, Interesting

    This problem was caused by a bug in Safari that ignored the no tracking setting and accepted and returned the cookies. This court case is just absurd. The target should be Apple not Google.

    1. Re:Wrong target by Anonymous Coward · · Score: 4, Insightful

      Except Google went out of their way to exploit this bug to so they could use their cookie to further their business goals. This was no ‘accidental’ situation where they happened to get cookies, they adjusted their code to trigger the bug.

    2. Re:Wrong target by Anonymous Coward · · Score: 1

      There's something to this. AFAIK, the conversation between browser and server went like:

      Goog: Hey, I got this cookie here. Store it for me?
      Browser: Sure, send it on over!
      Goog: OK! Give it back later. Cool?
      Browser: Cool.

      Information wants to be free. You can't very well blame google for remembering information you sent them. This reminds me of people who post shit on Facebook for everybody to see, then get upset when later on, somebody sees it. You don't want that to happen, then don't post it! Same concept here.

    3. Re:Wrong target by clonehappy · · Score: 1

      Why not both? Apple should be held accountable for their software ignoring the flags set by the user (if that's actually the case, and I'll get to that later), but Google should be held accountable for exploiting a weakness in someone else's systems.

      If I were to exploit a bug for profit, I'd get to look forward to federal PMITA prison. When large corporate conglomerates do the same thing, they get to laugh about how they didn't cause anyone financial losses, so they should get away scot-free.

      That being said, the "Do Not Track" flag was never a setting that stopped tracking cookies from being set by websites, it was an extra flag sent along with your request that said "Pretty Please with Sugar on Top, Don't Track Me, Okay Guys?", which any websites were free to (and I assume they all did anyway, especially Google) ignore. I don't ever remember a setting in Safari that disallowed cookies but wasn't "Private Browsing" mode. Private Browsing just clears everything when you close the browser, so the only other setting could be the "Do Not Track" flag.

      Which anyone who was paying attention should have realized was completely bogus to begin with.

    4. Re:Wrong target by Richard_at_work · · Score: 1

      Yeah, let's go with that logic next time a major healthcare website is hacked and your private data is suddenly plastered everywhere.

      Or, let's realise there is no restriction on how much blame there is to go round, and we blame Apple for having bugs in their software, and we blame Google for going out of their way to exploit a bug in Apples software.

      Google deserves to be slapped down for this.

    5. Re:Wrong target by BadgerRush · · Score: 2, Insightful

      You are terribly misinformed about what the "no tracking" flag means. It is not a setting meant to change how the browser stores information or behaves, and it is definitely not some equivalent of a "disable cookies" setting. Instead the no tracking flag is meant to be sent on a HTTP header as a way to inform the server that the user doesn't wan't to be tracked, it is a way for users inform the server that they are actively opting-out of any and all tracking.

      So there was no bug in Safari, browsers with no tracking enabled are still supposed to keep accepting and returning cookies (unless that was specifically disabled elsewhere), after all there are more uses for cookies than only tracking. The real "bug" (more like crime) was Google ignoring the user's explicit wishes and keeping tracking users even after said users explicitly opted-out, informing Google trough the proper channel (the no tracking flag).

    6. Re:Wrong target by macs4all · · Score: 1

      This problem was caused by a bug in Safari that ignored the no tracking setting and accepted and returned the cookies. This court case is just absurd. The target should be Apple not Google.

      Haters gotta hate, don't they?

    7. Re:Wrong target by Just+Some+Guy · · Score: 2

      The target should be Apple not Google.

      That's a stupendous way to end software development overnight. Yes, Apple had a bug. All software has bugs. They clearly intended for a different outcome and surely never expected Google to actively attack it.

      Of the two, Apple made a mistake but acted with good intentions (at least on the surface, but there's no point going full tinfoil because then there's no point having a conversation about it). Google acted maliciously, and if someone's going to be held accountable for this then it should be them.

      In before "lol fanboy": I would say exactly the opposite if, say, iCloud.com exploited a bug (not a feature: a bug) in Chrome to do the same thing. In this specific case, Apple seems to have acted honorably and Google unhonorably.

      --
      Dewey, what part of this looks like authorities should be involved?
    8. Re:Wrong target by _merlin · · Score: 3, Informative

      No, you're describing the "do not track" header, and that's not what this is about. This is about circumventing the "accept 3rd-party cookies" setting. Google used a nasty piece of JavaScript to simulate a user form submission so they could store a cookie that would otherwise be rejected.

    9. Re:Wrong target by alvinrod · · Score: 1

      Information wants to be free.

      Information is inanimate and doesn't want anything. If you believe otherwise feel free to post your banking information and medical history because apparently that wants to be free as well.

      Please, won't you think of the information?

    10. Re:Wrong target by Anonymous Coward · · Score: 1

      You're wrong that there was no bug:
      Greenhalgh says that Apple’s Safari web browser is especially vulnerable to the exploit. While clearing cookies on Mozilla’s Firefox, Google Chrome, or Opera also erases HSTS flags, deleting the super cookies, there’s no way to do so on Safari on iOS devices.

      Read more: http://www.businessinsider.com/super-cookies-hsts-security-private-2015-1#ixzz3VgIBUc8H

      and you're wrong how the do not track header functions:
      There are no legal or technological requirements for its use. As such, websites and advertisers may either honour the request, or completely ignore it.[25] The Digital Advertising Alliance does not require its members to honor DNT signals. "The Council of Better Business Bureaus and the Direct Marketing Association will not sanction or penalize companies or otherwise enforce with respect to DNT signals set on IE10 or other browsers."[26]
      http://en.wikipedia.org/wiki/Do_Not_Track

      Tracking and cookie acceptance/retention, in this context, are inextricably intertwined.

  6. There is no need to prove "further" damage by Anonymous Coward · · Score: 2, Informative

    Privacy law are quite stronger in EU. The fact that the privacy was breached *IS* the damage. there is no need to prove damage beyond the breach.

    1. Re:There is no need to prove "further" damage by Anonymous+Brave+Guy · · Score: 1

      However, we don't normally award punitive damages in civil cases here in the UK, so even if there is a definitive judgement at some stage that Google was invading privacy and failing to protect personal data, it seems unlikely they will suffer more than a token slap on the wrist from a privacy regulator provided that they cease and desist (as it appears they already have). Unfortunately, civil trials here are not very effective at recognising damage that comes in forms other than actual financial loss and doing much to compensate for it and/or discourage similar behaviour in the future.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  7. Expect successful suits in Canada by WillAffleckUW · · Score: 1

    Expect successful lawsuits in Canada, where Privacy is a Constitutional Right, and eventually in the US by EU/UK and Canadian citizens protected against such actions by the EU/US and US/Canada Data Treaties.

    (note: if you don't like that they have more rights in the US than you do, don't sign treaties giving them such rights next time)

    --
    -- Tigger warning: This post may contain tiggers! --
  8. Re:Google's attourneys should be kicked out of the by Anonymous Coward · · Score: 1

    You seem to be unaware this is a civil case. In a civil lawsuit, you sue for damages. The examples you gave are criminal actions. People can go to jail for violating criminal laws even if no one was harmed at all. That distinction is fundamental to Western legal systems and you really should learn the basics some time.

  9. In Australia... by bug1 · · Score: 1

    In Australia government will be suing corporation for not spying on their users. (metadata retention laws)