top of page

Google Data Privacy Breach

Updated: Dec 9, 2021

By Alex L


A decision on 10 November 2021 by the UKSC confirmed the rejection of a £3.2bn class action lawsuit against Google for claims of allegedly tracking the online iPhone internet activity of 4.4 million people in England and Wales from 2011 to 2012. Former director of Which?, Richard Lloyd, brought a claim against the defendants for breaking data privacy regulations by collecting data even when the claimants had the “Do Not Track” function turned on.[1]

The current state of the law

The Supreme Court ruled in favour of Google, holding that the Data Protection Act 1998 cited by Richard Lloyd, did not allow damages compensation for data breaches in any case. However, this would not prevent the individual consumers who had their data privacy violated, from individually claiming compensation through courts. Rather, it was the American-style idea of a class action group claim that they were opposed to.[2]

The Outcome

The biggest and most immediate impact is that the relevant users will not be able to claim compensation. Besides the rejection of class action type claims for damages and the subsequent need for individual court petitions, the court’s ruling on ‘opting-out’ of class action suits is unusual. In such cases, claimants will be, by default, part of the suit unless they take positive steps to remove themselves.

This provides some reassurance to technology companies which would otherwise have seen a predicted large wave of data breach claims, although the increase in administrative fees might have also discouraged claimants from launching a suit. A sudden slew of lawsuits would have the repercussions of stunted investment in technology within UK borders, particularly in sectors dealing with processing large amounts of cyber-data.

[1] Dan Milmo and agency, ‘Top UK court blocks legal action against Google over internet tracking’ (The Guardian, 10 Nov 2021),, accessed 29 Nov 2021


bottom of page