Buzzness Unusual, and UK Regulation

September 8, 2010

I had a glimpse of a different future when I read the {news:} this week that Google has come to a settlement in the action brought against it over violations of privacy rights ({read more here:}). The development has led me to think about the role of lawyers, and data protection and privacy lawyers in particular, in ‘helping’ businesses toe the line.

The feature of the Buzz settlement that made for a sharp intake of breath was the percentage of the fees that went to the lawyers representing the seven Gmail users. Apparently ‘The class-action attorneys who brought the lawsuit will split up to $2.5 million’ (the seven claimants got $2,500 each).

Now, I appreciate that there may be readers of this blog post who don’t get out of bed for less than $2 million and for whom the prospect of {i}splitting{/i} a mere $2.5 million creates no excitement. But my guess is that most readers wish they had been in on the split. By way of purely random comparison, the Great Train Robbery netted £2.6 million.

No doubt the lawyers in the case were involved for purely altruistic motives. Certainly various organisations focused on Internet privacy policy and privacy education will benefit to the tune of $6 million. But this settlement and the Facebook Beacon settlement ($6 million to a privacy foundation and over $3 million to the lawyers) give lawyers in the US a very clear financial incentive to monitor the activities of Google and the other giants of e-commerce and social networking. I imagine that the US equivalent of a Claims Direct advert has long since ditched the man falling off the ladder and replaced it with some poor soul whose interest in porn has been negligently revealed to his mother.

Of course, the US class action doesn’t really work in the UK. We can benefit as consumers from actions in the USA (I got £60 from the BA Virgin settlement) and there are proposals for similar remedies in the financial services field, but we have different forms of regulatory incentives here.

One form of regulation that is commonly found in the IT law field is ‘self-regulation’. I feel bound to use quotation marks because I think it is a term that is too often in the same class as self-congratulation (which involves no real congratulation), self-assembly (which in my case is a synonym for falling apart) and self-abuse (which usually involves something altogether different). Broadly speaking, I believe that, while self-regulation is better than no regulation, it only works properly in the real professions rather than where the defining characteristic of the industry is pursuit of profit. There is nothing wrong with the pursuit of profit but the real professions should have a more complicated outlook.

Another of our regulatory incentives is action from the Information Commissioner’s Office. Does the prospect of such action really leave the UK’s e-commerce players shaking in their boots? We have the opportunity to compare like with like when comparing what happened to Google over Buzz and what happened to Google in the UK over their StreetView error. Neither actually seems to have caused any financial loss or any real harm but one cost Google $8.5 million and the other cost them, er, a little damage to their reputation. Which prospect do you think creates the greater likelihood of punctilious observance of legal privacy safeguards? The ICO’s powers have been enhanced and may even soon include the power to pursue prosecutions that lead to imprisonment of offenders (although God forbid that we end up sending careless executives to jail). High fines of FSA proportions may start to change the game but it does not look like happening yet, and certainly not with the ICO’s limited investigative resources.

I do not want to see a US-style society where (approximately) 50% of the population are lawyers suing the other 50%. And I deplore a situation referred to by Professor Eric Goldman of Santa Clara University ‘Unless you’ve dotted every i and crossed every t with respect to privacy, the lawyers are going to have a fiesta. At this point, pretty much every new product release from one of the new dot-coms is going to be accompanied by a plaintiffs’ lawsuit’. But there may be room to combine our more robust attitude to truly pointless law suits with the positive aspects of class actions suits where privacy law is involved. This may have a very positive effect on self-regulation and privacy standards generally.

And if the cost of that is the odd fiesta for IT lawyers, we might just have to live with it.