Skip to main content


The High Court grants permission for Google to be served with data protection claim outside of the jurisdiction

Mr Justice Bean sitting at the High Court of Justice has given permission for Google to be served with a claim form outside of the jurisdiction.  The claim, brought by Mr Daniel Hegglin, relates to anonymous abusive and defamatory postings concerning him on the world wide web.  When the claimant’s name was typed into the Google search engine, these postings were retrieved in the snippets.   He is seeking an injunction against Google, who is joined as the second defendant in proceedings, under s.10 and s.14 of the Data Protection Act 1998 to prevent this from happening in the future and a Norwich Pharmacal Order to allow him to identify the posters.

At the application hearing on 31 July 2014, Mr Justice Bean considered whether the English court was the correct forum for the dispute (given that Google is an American company and the claimant is resident in Hong Kong) and whether there was a good arguable claim against Google.   Counsel for Google, Mr Caldecott QC, argued that it was necessary to demonstrate that the conduct complained of (i.e. the retrieval of the postings in the Google snippets) will be continued or repeated before an injunction could be granted.  At paragraphs 15 and 16 of the judgment, Mr Justice Bean disagreed stating:

“Google has indeed been co-operative rather than obstructive, but the question of whether it is doing all that it can, or all that can be done, to prevent re-publication of this offensive material is an issue for trial.

The claimant’s cause of action for the statutory torts created by the Data Protection Act is clearly established in principle and there is at least a good arguable case for the grant of some form of injunction against the second defendant.  What the width of that injunction should be is a question for trial.”

The Judge made specific reference to the recent European Court of Justice case of Google Spain SL, Google Inc. v Agencia Espanola de Proteccion de Datos (AEPD) and Mario Costeja González (Case C-131/12) when considering whether England was the appropriate forum for the claim.  He said:

“….the claimant has business interests as well as a home within the jurisdiction, and the defamatory material damages or risks damaging his reputation here.  As for Google, this claim comes in the wake of the important decision of the European Court of Justice at Luxembourg in the Costeja Gonzalez case.  This established that Google Inc. is the data controller for the purposes of the European Directive in relation to its provision of web search facilities.  The court held that Article 4(1) of the directive is satisfied when the operator of a search engine sets up in a Member State a branch or subsidiary intended to promote and sell advertising space offered by the search engine and which orientates its activity towards the inhabitants of that country.

I accept the submission of Mr. Tomlinson that, on this basis, there is at least a good arguable case that Google is under an obligation, enforceable in this jurisdiction, to comply with the requirements of the 1998 Act when processing the claimant’s personal data, both when hosting a website on which such data appears or in the circumstances described in the ECJ’s decision when operating a seach engine such as on which his data is processed.”

The full judgment, Daniel Hegglin –and- (1) Persons Unknown (2) Google Inc [2014] EWHC 2808 (QB) can be accessed here.   The trial has been fixed for 24 November 2014.


Legal Disclaimer

Articles are intended as an introduction to the topic and do not constitute legal advice.