 Gwelch chi. And thank you, to David, for inviting me to this extraordinary event. I see so much knowledge of data protection gathered in the room. Probably about as big a concentration you can get in this country. It's a very welcome scenario to have so many people here to discuss these issues. Dewd raised at the beginning of this session the question of the broad impact of Google Spain. There's absolutely no doubt that Google Spain has an impact across all forms of internet services in a way that is at the moment completely unpredictable. It doesn't work very clearly in practice. I mean, I've just been asking a few people in the course of the day how it is that Google ever manages to process sensitive personal data lawfully. The answer is it doesn't seem to be able to, but it seems to get away with it. Now, how's that someone ultimately is going to try and work that through in the courts or the regulators? But I'm going to focus in my presentation on much two very narrow issues, because from my experience of litigating these issues in the English courts, I think they're possibly of wider significance. But I just want to deal with two aspects. The first is it's been promised, and I'll do it, the case of Vidal Hall in Google, which judgement was handed down today by the Court of Appeal. For those of you who don't know what the case is about, it's to do with something called the safari workaround, and by which Google was able to obtain browser-generated information from users of safari, either deliberately or accidentally, I think there's an issue about that. But obtaining information which they shouldn't have been obtaining, effectively a class action has been brought in England, and it's necessary to serve those proceedings on Google in California. That means under the English Rules of Procedure, you have to get through certain gateways for service out of the jurisdiction. And one of those gateways is to demonstrate that you have a claim for damages. So there's a data protection claim, and the barrier to a claim for damages is section 13 of the Data Protection Act, because as I'm sure everybody knows, that requires you to prove effectively economic loss before you can claim damages for distress. None of the claimants in this case could prove any economic loss. And so if section 13 was read literally, their claims for damages under the Data Protection Act were bound to fail. Incidentally, the civil claims brought in United States over the same issue were all struck out because they were unable to prove economic loss. It's obviously a very different set of laws, but they were crystallised on the same issue. So the issue, the central issue in this part of the judgment for the Court of Appeal was whether or not section 13 covered not just economic damage, but also what was referred to as moral damage. In other words, distress, damage to reputation, and so on. The Court of Appeal, it was accepted by everybody that, read literally, section 13 had that effect. Section 13, there's no way around it. Section 13 required, as a necessary condition, a proof of economic loss. And there was an interesting debate as to whether, under Mali Singh, you could strike words out, or you could strike whole sections out. I said, well, I thought that was impossible. The master of the role said to me, why? And I was slightly at a loss as to how to... Well, it's absolutely obvious you can't go striking out bits of axe by a process of construction. In the end, he accepted that. So that route was closed, but what the Court of Appeal accepted was that, first of all, the word damage in the directive, in article 23 of the directive, covered both material and non-material damage. They based themselves partly on other decisions concerning other directives and concerning the meaning of the word damage in the treaty. But partly, on the general point, that actually what the Data Protection Directive is about is protecting privacy rights, autonomy, dignity, not economic rights. And it would be bizarre if your rights were interfered with, but you had no remedy because only economic damage was protected. So they got to the position of saying, yes, damage in the directive does mean moral damage as well. Yes, section 13 doesn't properly reflect the directive. So what do we do about it? We can't construe it out of existence. And the answer is we disapply it because of article 47 of the charter, which provides for an effective remedy. There is no effective remedy. The EU law takes precedence. So we disapply section 32. So effectively what they've done is the process which is done in constitutional courts, I think everywhere in the world, apart from England and New Zealand, I may have missed somewhere out. But in other words, they strike down laws which are incompatible with more basic and fundamental laws. And effectively what they've done is strike down section 13.2, which has a massive practical impact because what that means is now, in respect of data protection breaches, for the first time you can unarguably claim damages for distress whether or not you've suffered economic loss. Now, does that demonstrate all the point made this morning about the courts being more, I think she mentioned Vidal Hall in passing as an example of the courts being more activist in this field. I suspect not is certainly in relation to the English domestic courts. But I do think they are becoming more constitutionally aware, partly because of the human rights act, and more aware. So applying the charter doesn't now seem something outrageous and foreign as it might have done even five years ago. They think that that's something that is perfect. If that's where the law takes them, that's where they go. So the decision is also important because there's an important discussion of what constitutes personal data. It was mentioned this morning that there's not much of discussion of that in Google Spain. There's actually a bit more of a discussion of that in Vidal Hall. And in particular they accepted that you didn't have to name someone to identify them. I mean an obvious point, because Google argued to the contrary. So that's the first thing I wanted to deal with. The second issue is one that arises out of Google Spain. And it concerns the question of what you do about systematic problems because Google Spain envisages the paradigm cases reporting an individual URL. I mean Mr Costegio reports that there's a URL which links to Vanguardia and contains this information and asks Google to delink it. But what happens if you get the not atypical situation where someone is putting large amounts of the same personal data onto the internet, Google groups or Facebook or onto YouTube or whatever? Is the position that you have to notify Google of every single URL? Or can you get Google to take some more automated procedure? That problem arose in a case called Heglin which I noticed in the notes for this event was mentioned by David. And in Heglin there was some unidentified person who we never worked out what was behind it but they were putting on all kinds of places on the internet thousands and thousands of postings which said that Mr Heglin was a criminal bastard, Nazi pedophile and so on. And they went into a lot of detail about his Nazi pedophile criminal activities. So every time you did a Google search on him these were the first 10 results, was this abusive material. We originally used the procedure under the Google Spain, what Google called the Costegio procedure. Google I think on the first occasion took 58 days to respond. By the time the case was almost due in court they were responding in six hours. I'm sure that was a coincidence. But the issue in that case and the case of a settled set was never resolved. The issue has also come up in other cases is whether Google can be compelled to introduce an automated procedure for detecting particular groupings of texts or particular images and blocking those proactively without being notified of individual URLs. That itself gives rise to an issue which I don't think has been mentioned today but is a very important issue as to the relationship between the e-commerce directive and the data protection directive. Google's position is that the e-commerce directive prevents courts from making proactive orders so that they have to block particular images or particular groups of texts. The position of people who brought the claims against Google is if you read the e-commerce directive it says this doesn't apply to data protection. Now that's an issue which has not been litigated in any court in the EU save for one case in the Italian court of Caercesium where in the pre-Google Spain where the reasoning, if I can dignify it with that word occupies half a page and it may be easier to follow in Italian but in the English translation it's impossible to work out what they mean. But they have said for reasons which are entirely obscure to me that the e-commerce directive despite its express words takes precedence over the data protection directive and therefore Google don't have to take things down unless they have knowledge of them. Anyway, unless you identify the particular URLs. But that's an issue which just as a matter of practicality is going to come up more and more because it's one thing that another problem is images. I mean, for example, the well-known case of Mr Max Mosley there are images relating to him which are all over extracted originally from a video taken by the undercover person working for the news of the world but pop up all the time and what he wants is an active procedure and as some of you may know he brought proceedings in France and in Germany where both the French and the German courts have made orders effectively requiring Google to take proactive steps. This is not a Google Spain question this is a privacy question but he's now brought proceedings in the English courts under Google Spain seeking similar sorts of orders. Now how those cases will ultimately pan out the German case has just gone unappeal judgment is due in five weeks time, I think. The French case is also going unappeal and the English case is continuing. But those are kind of practical issues that arise once the courts in the EU exert jurisdiction over Google as they plainly can as a result of the Google Spain decision. So I'm going to end there but I'm happy to answer questions about either of them later on.