Honesty; I prefer for the government itself to fine Google instead of stuff like this.
And with the new regulations that's more likely that it has ever been before.
A barrister for the Information Commissioner's Office hinted the regulator would stop enforcing the law on data breaches if the Supreme Court sides with Google in a case about class-action lawsuits. The startling threat was made on behalf of the ICO by barrister Gerry Facenna QC, who was intervening on the authority's behalf …
The odds of any ordinary person receiving a payout from Google are remote...
And that is the problem. Even with a win, the payout will be minimal. As usual, the lawyers will make the most money.
If there was any fairness, then the big guy must pay the little guy such that the big guy will think twice before ever again making the same mistake. These cases are pocket money for the big guys and profitable for the lawyers. That is bad for society and bad for our sense of fairness.
Remember that the purpose of a class action is not to get restitution for the victims, but to financially punish the perp. Often the action is against companies nickle and diming loads of people, so an individual may only have been screwed for a small amount, so not worth suing for even in small claims.
In that sense, it actually doesn't matter where the money goes, as long as the sum is large enough to deter.
You are course welcome to do that. But the company will simply settle just before the court date for the tiny amount that you were scammed, and you are out the legal fees unless you want to spend a pile of time learning how to go pro se. Alternatively, do a small claim, likely get deafult judgement when they don't bother to turn up... but they won't pay either, so you have to apply for bailiffs etc. It's not worth it, companies who that, hence... classes.
Ok, fine. Lets do the math then: 1000000 plaintiffs in the class where each gets awarded $50.
That'll be 50 MegaBucks for Google. Lets face it, it is no punishment for them, really. About half of that goes to the lawyers who have a fantastic payday. And all the rest get a voucher, which you must run through multiple levels of redemption, bureaucratically play ping-pong and finally are instructed that your only option is to spend the voucher for services at Google.
So, how does that punish the perp?
"And all the rest get a voucher, which you must run through multiple levels of redemption, bureaucratically play ping-pong and finally are instructed that your only option is to spend the voucher for services at Google."
I've heard of "vouchers" being issued as compensation in US cases. I've never heard of that ever happing in a UK case. I suspect a UK judge would not take kindly to a "damages" payment to a victim being a voucher of some value only being redeemable through the defendants sales or services division. After all, I could be a victim of Google and deserve compensation, but I never have and likely never will directly purchase anything from Google. A voucher would be useless to me.
I am of the opinion that when a company is fined by the government or loses in a class-action lawsuit that some of the money must come from the CEO's wallet; if it is multi-national company, then out of the wallet of the top guy in that country. And not just a small amount either. The amount needs to be equal to several months salary. If you fine a company, it is just a write-off or the fine is extracted from the customers. But, if you fine the person responsible, then he will make sure not to do this again because it affects him personally.
> "Mr Lloyd is the trustee of the funds," explained Tomlinson. "He would hold it on trust for a member of the class. The trustee is entitled to remuneration for getting in the trust's property. It is on that analogy, we say, one of the costs of getting in the trust property is the cost of funding the litigation."
Yes I decide my own salary for looking after your money. What about it?
I wonder whether Mr Lloyd is (or would be) the sole trustee of the funds, and what legal redress other people in the class action would have to obtain their share, or argue about whether the sponsor was entitled to the 50% they claim when the class members had not actually formally agreed to that apportioning of any damages.
Agreed with ICO -- if one has to prove damages (i.e. their data used for identity theft most likely) rather than that the company violated data privacy laws, then I could see ICO saying "the hell with it" and not enforcing the law at all. Showing abusing privacy is easy, showing it lead to identity theft or other actual damages is difficult. The thing is, once the identity theft occurs, the company could be sued for real damages anyway, so obviously the point of the privacy law is to provide more protection than that.
True, but the end effect is exactly the same. If Google win this one, then the ICO will be largely powerless to do anything - because, as said, it would be very hard in most cases to prove a causal link between "bad guy did this, punter suffered that (damage)". Even if (for example) there's a mass leak of private information from a company that includes (say) all the information necessary for identity theft on a massive scale, and then there are loads of cases of identity theft and fraud immediately afterwards, unless you caught the fraudsters and they fessed up - it would be impossible to say that the identity theft occurred as a result of the data breach and could not have been as a result of any other data breach.
As it stands now, the company is on the hook for the data breach itself which is a fairly easy case to prosecute. If Google win this case, then the company will not be liable for any damages for the breach, and will be able to avoid any damages for the effects as it would simply be able to say "prove the identity theft wasn't triggered by something else" as a defence.
And so the ICO would effectively be powerless to enforce data protection law - simply because it would be virtually impossible to prove the causal link between data loss and victim damage.
" the ICO would effectively be powerless to enforce data protection law "
Whereas today they theoretically have the power to enforce data protection law but in practice are unable to make anything significant stick. Not in a way that prevents further similar offences anyway.
Discuss, using both sides of the Cambridge Analytica balance sheet.
Congratulations on very clear exposition of these fascinating legal proceedings. .... Long John Silver
El Reg have proven themselves masters in the genre, Long John Silver, with the Autonomy/Hewlett Packard case another very recent journalistic triumph too.
It is almost impossible to find such in any of the mainstream media news offerings, which is sad indictment of the sort of rags and comic they have become.
It is not without its inherent deadly dangers though, this deliberate keeping of populations in the dark about everything truly that is going on all around them, and causing elite executive office systems administrations and universal security services more anxiety and problems than they can handle or prevent exploding into greater conflict and chaos beyond status quo command and control.
For then, even the tiniest of small leaks of something quite revolutionary and games changing evolutionary, subsequently discovered to have been known about for any length of time, but ignored and never reported on, is going to be major problem which will be easily able to collapse and destroy extant systems, if it is decided it is best to do so.
Google previously argued in the case that in law there should be a difference between loss of control and damage, saying that even though it caused the loss of control of millions of Safari users' data it shouldn't be held liable because there is no coherent proof anyone suffered damage (in the legal sense) as a result.
And Google would/could/should also additionally suggest and state, there is never ever any readily accessible apparent evidence to prove anyone suffered damage (in the legal sense) as a result.
Is there a hibernating, status quo future master plan, fully dependent on a "successful" prosecution, to also indict, on not totally dissimilar charges, the likes of a Bing or a Yandex, a DuckDuckGo or an Amazon, or a Baidu, to name but five metadatabase stores of valued information and potential income streams, for how would be fair and equitable and lawful not to then?
This post has been deleted by its author
Thank you again for the excellent reporting. El Reg is one of the best sources for very readable court reports at the moment.
Regarding the case, having spent quite a lot of time thinking about it, I rather hope this proposed funding model fails. Taking things to court as a profit centre* is abhorrent. In general, the whole concept of class-action is wrong. I understand how they developed, and that there is a need for some way of holding big companies to account, but I don't think this is it. It needs proper consideration, not the greed of venture capitalists, to come up with a proper solution.
* I'm not talking about lawyers' fees here - taking cases like this through the courts is time-consuming and requires expert lawyers and researchers, plus a lot of staff, resources, etc. Experts always cost money, regardless of what area. Also, whilst a case like this rolls on for years, other, smaller cases that pay the bills can't be taken. I'm not saying that some of the costs couldn't be mitigated (not keeping chambers in the most expensive parts of London would help), but, if the actual breakdowns of costs is analysed, it isn't that bad.