Court rulings in March in two EU member states affirmed the jurisdiction of European courts over foreign companies accused of violating national data protection laws. In the UK, the England and Wales Court of Appeal (EWCA) handed down a historic judgment in Google Inc v. Vidal-Hall & Ors, in a case brought by three users of Apple’s Safari web browser who claimed that Google ignored their privacy settings to profile them and deliver personalized ads. The EWCA, besides finding found foreign companies to be subject to UK data protection law, recognized a new tort of misuse of private information and found that the UK Data Protection Act 1998 failed to correctly implement several sections of the EU Data Protection Directive (95/46/EC) into UK law. In France, the Paris Court of First Instance found that jurisdictional provisions in Facebook's Terms & Conditions notwithstanding, French courts have jurisdiction against foreign companies that collect, process and transfer personal information in France. Both cases underscore how defenses based upon jurisdiction clauses are unraveling.