Here is an interesting development in privacy law. The High Court of England and Wales has confirmed the existence of a new Tort, the tort of misuse of private information. In the case of Vidal-Hall & Ors v Google Inc  EWHC 13 (QB), a group of users have sued Google alleging that the search engine giant “has misused their private information, and acted in breach of confidence, and/or in breach of the statutory duties under the Data Protection Act 1998” by tracking and collating without their consent information relating to their Internet usage. Google responded that the English court has no jurisdiction to try these claims and applied for an order declaring such a fact.
Tugendhat J was tasked with answering whether Google Inc can be the subject of litigation in English courts. The Civil Procedure Rules (CPR) allow for an injunction to be served in another jurisdiction if:
“(2) A claim is made for an injunction ordering the defendant to do or refrain from doing an act within the jurisdiction.
(9) A claim is made in tort where (a) damage was sustained within the jurisdiction; or (b) the damage sustained resulted from an act committed within the jurisdiction.”
In other words, the judge needs to be satisfied that the acts are being performed within England and Wales, and there has to be a claim in tort where the damage is sustained within the jurisdiction. So the judge had to consider whether misuse of private information, breach of confidence and breach of DPA statutory duties amount to a claim in tort. Tugendhat J first referred back to Campbell v MGN  2 WLR 1232 where Lord Nicholls established that breach of confidence was better encapsulated by another concept, that of misuse of private information, and commented that the tort, however labelled, “affords respect for one aspect of an individual’s privacy”. Tugendhat J also referred to Douglas v Hello  EWCA Civ 595 and Imerman v Tchenguiz  Fam 116 as other cases where the tort of misuse of private information had been mentioned.
The judge then concluded that “the tort of misuse of private information is a tort” within the meaning of the CPR rules, and therefore it would be possible to serve an injunction to Google outside of the court’s jurisdiction. Although the claim for breach of confidence is not a tort, it could still be subject to some relief by other grounds, and therefore it could also be enough to serve an injunction to Google. Tugendhat J therefore declared that the matter at hand “is a serious issue to be tried in each of the Claimants’ claims for misuse of private information”.
This is a very important ruling for various reasons, but mostly because it seems to finally confirm the existence of the tort of misuse of private information, which had been hinted at in other cases. We will be following the developments with interest.
I wonder if this gives us the scope to now sue GCHQ?