Skip to main content

Cookie grumbles

A recent Court of Appeal decision has made many website operators sit up and take note.

A recent Court of Appeal (“CofA”) decision has made many website operators sit up and take note.  Their concern stems from the CofA upholding a decision which permitted three English nationals to bring a claim in England against Google Inc (a US based corporation) for misuse of personal data.

This is a potentially far reaching decision for all website operators who use cookies on their websites.  The use of website visitors’ private information has become even more precarious.

The background of the case is that three English nationals claimed that Google Inc misused their private information and personal data in contravention of the Data Protection Act 1998 (“DPA”).  It is claimed Google Inc’s use of Apple’s Safari web browser security settings entailed the installation of cookies without the consent of users.  It is further alleged that data collected by the cookies relating to users’ online behaviour was sold by Google Inc to advertisers for the purposes of targeted online advertising.  Such advertising was viewable on the claimants’ devices and, it is claimed, within the sight of third parties.

Aside from the commercial and reputational considerations of website operators relating to the use of cookies to obtain private information, there are also further legal considerations.  In addition to the use of cookies governed by the Privacy and Electronic Communication (EC Directive) (Amended) Regulations 2011, website operators should be alive to the impact of this case.

The CofA held that the misuse of private information is a tort while damages should not be limited to pecuniary damage (that is, the typical compensatory damage), which could potentially increase damages awards substantially.  Furthermore, the CofA held that cookie-collected behavioural data may be considered as ‘personal data’ for the purposes of the DPA.  Unsurprisingly, this potentially opens the floodgates for claims relating to breaches of the DPA.

Undoubtedly, this case may have a major impact upon the behaviour of many website operators and online advertisers.  However, it is clear that it is more important than ever to comply with law relating to data and to respect the privacy of visitors to your website.  Honesty is the best policy – only use private information in accordance with your website’s Privacy and Cookie Policies.  And ensure that such policies comply with relevant laws.

If you are interested in finding out more about the impact of this case, or have any other queries about the Data Protection Act, please contact Sean Crotty, Partner in the Corporate department, on 0151 242 6517, or email