Whilst the Data Protection Act 1998 and E-Privacy Directive go a long way to preventing the abuse of personal data, the regime is far from watertight. The adtech industry makes extensive use of “anonymous” tracking to study the browsing activities of consumers and then serve them relevant contextual ads.
It is hard to demarcate precisely between legitimate, anonymous tracking on the one hand and intrusive, abusive snooping on the other. There is a constant tug-of-war between consumers who wish to preserve the sanctity and secrecy of their personal data and internet usage and data traffickers who seek to monetize every snippet of personal information out there.
The current case of Vidal-Hall v Google seems to represent a significant shift in the sands in favour of consumer privacy. A group of claimants has been authorised to bring an action against Google for exploiting privacy flaws in the Safari browser to track and exploit consumer browsing habits. The case is significant as it recognises the nascent tort of “Misuse of Private Information” as a legitimate cause of action. From a legal perspective this is significant as to succeed in a tortious claim there is no need to show any actual loss. In the US, Google has already been fined almost US $40m in relation to this pattern of behaviour. Whereas the current UK cap on Data Protection fines is £500,000, the draft Data Protection Regulation envisages fines equating to the greater of Euros100m or 55 of global turnover.
The dividing line between what is legitimate and what is not is becoming clearer and the online advertising industry needs to tread very carefully.