As we reported last year, an English court recognised the existence of a tort of privacy (more accurately, the tort of misuse of private information) in the case of Vidal-Hall v Google. The case involved a group of Google users who sued the search engine alleging that it had misused their private information and acted in breach of confidence by tracking and collating without their consent information about their Internet usage.
Google appealed the case and the Court of Appeal of England and Wales has decided to reject it in a landmark decision that paves the way for future actions against Internet providers for privacy breaches. The Court deals at length with the very interesting question of whether there can be a claim for compensation in data protection without pecuniary loss (short answer, there can). For a more detailed and authoritative analysis of the ruling, you can read this article by Lorna Skinner.
We will concentrate on the first question dealt with by the court, namely whether misuse of private information is a tort. In the first ruling, Tugendhat J went through the case-law history of privacy litigation in England, and concluded that there is such a thing as a tort of misuse of private information. The Court of Appeal describes the history quite well in this para 18:
“Although the issue as framed in this appeal in one sense is a narrow one, it is nonetheless appropriate to look at it in the broader context. Fifteen years have passed since the coming into force of the Human Rights Act 1998 (the HRA) in October 2000, which incorporates into our domestic law the European Convention for the Protection of Human Rights and Fundamental Freedoms (the Convention). And it is a decade now since the seminal decision of the House of Lords in Campbell v MGN  2 AC 457. The problem the courts have had to grapple with during this period has been how to afford appropriate protection to ‘privacy rights’ under article 8 of the Convention, in the absence (as was affirmed by the House of Lords in Wainwright v Home Office  2 AC 406) of a common law tort of invasion of privacy.”
As the above paragraph indicates, the issue is that for many years it was considered that de House of Lords had killed all chances to pursue privacy rights in Wainright, and that this reluctance to protect privacy had been mirrored in Campbell. The issue, as the Court of Appeal accurately describes, is that Campbell decided against the use of beach of confidence, but this is not the same as privacy. In fact, the CA says that it is now possible to bring two different and distinct actions, there is breach of confidence, and there is misuse of private information. They cite Lord Nicholls in Douglas v Hello 3 (OBG v Allan) as clearly stating that the concept of breach of confidence and misuse of private information “now covers two distinct causes of action”.
Then follows a detailed run through the case-law supporting the separation, including McKennitt v Ash  QB 73, Murray v Big Pictures (UK) Ltd  EWCA Civ 446, and Murray v Big Pictures (UK) Ltd  EWCA Civ 446. Following this line of thought, and finding that the Court was not bound by Douglas v Hello 3 or Kitechology with respect to breach of confidence, it was decided that there is no reason not to consider misuse of private information as a tort. The decision reads:
“Against this background, we cannot find any satisfactory or principled answer to the question why misuse of private information should not be categorised as a tort for the purposes of service out of the jurisdiction. Misuse of private information is a civil wrong without any equitable characteristics. We do not need to attempt to define a tort here. But if one puts aside the circumstances of its “birth”, there is nothing in the nature of the claim itself to suggest that the more natural classification of it as a tort is wrong.”
And concludes with the strong statement at para 51:
“We come back then to the question we have to decide. Against the background we have described, and in the absence of any sound reasons of policy or principle to suggest otherwise, we have concluded in agreement with the judge that misuse of private information should now be recognised as a tort for the purposes of service out the jurisdiction. This does not create a new cause of action. In our view, it simply gives the correct legal label to one that already exists. We are conscious of the fact that there may be broader implications from our conclusions, for example as to remedies, limitation and vicarious liability, but these were not the subject of submissions, and such points will need to be considered as and when they arise.”
In my opinion the correct option was chosen, but it is remarkable how the Court of Appeal went to so much trouble to claim again and again that they are not creating a new tort, and that it existed already. It is as if the Court felt the weight of history, and decided not to take their place as the creators of a new actionable tort.
As they say, there will be a lot of implications for tort law, but it seems like we are finally closer to potentially having a redress in law for privacy breaches, call them what we may.
Reading this with Google Spain, it seems like we are witnessing the dawn of the golden age of privacy litigation in Europe. Stay tuned.