I am relatively new to the world of social networking, having recently joined Facebook at the behest of a long-time friend who insisted that I enter the twenty-first century. In holding out for so long, I often asked myself why people were so keen to waste hours upon end sifting through mundane status updates and compromising photos. Had more traditional forms of communication such as e-mail and G-chat become passé? This rationale seems unlikely as I continue to use such tools to contact fellow Facebook socializers despite Facebook, itself, providing internal chat and messaging services. Rather, social networking sites serve a far more significant role: ego-boosting and self-realization. You are nobody unless you establish a virtual presence on-line: some of my fellow law school students jokingly question whether I attended school with them over the past two years because we did not become Facebook friends until 2010. In fact, you are nobody unless you have thousands of “friends” - those people who merely approve your friend request, regardless of whether you have actually met that person – or unless you display photographic evidence of your extraordinarily interesting life. However, exposure to such a large audience as well as the ease with which one can transmit data leaves social networkers vulnerable to numerous perils.
You might have gathered from the tone of this blog entry that I remain skeptical of social networking. While I enjoy tracking down old friends and recognize how easily one can organize events and disseminate information, it would be foolish to ignore the many dangers inherent in putting one’s self out there in cyberspace. I will focus briefly on some of the privacy implications related to social networking.
First, how do we jive the seemingly contradictory desire to be seen by others with the expectation that such communication will remain private? Many people join Facebook so as to afford others a glimpse into their lives. Typically such exposure is mundane (e.g. posting recent baby photos or describing what you ate for lunch); much, however, is not so tame (e.g. nude photos, depictions of illicit drug use). Moreover, those who post such controversial information often fail to recognize the consequences of their actions. For example, campus police across the United States have begun patrolling social networking sites in order to bust individuals who portray themselves partaking in various illegal conduct, such as underage drinking (http://www.dailyfreepress.com/news/can-facebook-lead-to-your-arrest-1.924940). I am sure that a majority of those students implicated would be surprised to learn that posting pictures on Facebook would subject them to legal punishment or that the police would even have access to their webpage in the first place despite explicit language to this effect within Facebook’s privacy policy (infra).
Herein lies the problem: social networkers assume that the virtual world in which they create and project their identity and through which they interact with others belongs to them and therefore others must secure the user’s permission to gain access. However, Myspace is not truly mine (or yours). Social networking sites are run by private organizations who adopt and maintain their own privacy policy. Such policies can change over time, negatively impacting reliance interests, and often serve to limit control over user-generated content. According to Facebook’s privacy policy (http://www.facebook.com/policy.php), “certain categories of information…are considered publicly available to everyone…and, therefore, do not have privacy settings.” These categories include “your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to.” In addition, Facebook shares certain personal information with advertisers and marketers and will respond to legal requests to disclose “where [it has] a good faith belief that the response is required under law.”
These limitations on the ability to control private information beg the question whether social networkers have any legally protectable right to privacy outside the parameters set by the social networks themselves? If so, how do we adapt traditional privacy protections to the social networking setting? These questions have no clear answer and courts struggle to address them with increasing regularity. I will conclude by analyzing the common law tort for public disclosure of embarrassing facts as it is likely the most effective means for reigning in unauthorized dissemination of private information.
§ 652D of the Restatment (Second) of Torts provides that “one who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public. While this cause of action is not recognized in all jurisdictions, most states (36) permit plaintiffs to sue for such an invasion of privacy. Plaintiff must prove that the Defendant’s statement was: 1) highly offensive to a reasonable person; 2) contained private facts about the plaintiff's life; 3) was a public disclosure of private facts; and 4) was not of legitimate concern to others. The second prong is most relevant to this discussion. How exactly to characterize information posted to one’s social networking page?
A California court recently held that one who publishes content on Myspace effectively relinquishes any claim to privacy if such information is available to the public at large: “Here, [plaintiff] publicized her opinions about Coalinga by posting the Ode on myspace.com, a hugely popular internet site. [Plaintiff's] affirmative act made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material.” Moreno v. Hanford Sentinel, Inc. 172 Cal.App.4th 1125, 1130, 91. While this case is pretty clear-cut - a defendant need only disprove one of the elements to defeat the tort for public disclosure of embarrassing facts and plaintiff failed to restrict access altogether – things get a bit more hairy when dealing with limited profiles.
Sites such as Facebook and Myspace enable users to take affirmative steps to limit access. The issue is whether such measures constitute a reasonable expectation of privacy. Matthew J. Hodge, in an article titled “The Fourth Amendment and Privacy Issues on the "New" Internet: Facebook.com and MySpace.com,” answers in the affirmative. While Hodge’s article discusses privacy concerns in the context of Fourth Amendment jurisprudence, his analysis is highly relevant to our discussion. Hodge likens limited profiles to “mass e-mails” or to “a bulletin board posted in a building where access is only granted by the user.” 31 S. Ill. U. L. J. 95, 111. In these situations the individual distributing information defines the scope of her audience and, therefore, may reasonably expect (subjectively) that no one else will gain access to that particular posting (NOTE: this explanation does not account for reposting by those granted access). In addition, Hodge notes how, despite social network providers regularly disseminating private information to various third parties, they likely do not have legitimate business interest in culling through the sordid details of individual postings. Therefore, limited profiles are likely deemed to be objectively reasonable, as well.
In sum, privacy protection in cyberspace is necessary to protect us from our own indiscretion and short-sidedness. However, the jury is out on whether traditional common law protections are adequate to accommodate ever-changing technology and constantly evolving computing habits.
You might have gathered from the tone of this blog entry that I remain skeptical of social networking. While I enjoy tracking down old friends and recognize how easily one can organize events and disseminate information, it would be foolish to ignore the many dangers inherent in putting one’s self out there in cyberspace. I will focus briefly on some of the privacy implications related to social networking.
First, how do we jive the seemingly contradictory desire to be seen by others with the expectation that such communication will remain private? Many people join Facebook so as to afford others a glimpse into their lives. Typically such exposure is mundane (e.g. posting recent baby photos or describing what you ate for lunch); much, however, is not so tame (e.g. nude photos, depictions of illicit drug use). Moreover, those who post such controversial information often fail to recognize the consequences of their actions. For example, campus police across the United States have begun patrolling social networking sites in order to bust individuals who portray themselves partaking in various illegal conduct, such as underage drinking (http://www.dailyfreepress.com/news/can-facebook-lead-to-your-arrest-1.924940). I am sure that a majority of those students implicated would be surprised to learn that posting pictures on Facebook would subject them to legal punishment or that the police would even have access to their webpage in the first place despite explicit language to this effect within Facebook’s privacy policy (infra).
Herein lies the problem: social networkers assume that the virtual world in which they create and project their identity and through which they interact with others belongs to them and therefore others must secure the user’s permission to gain access. However, Myspace is not truly mine (or yours). Social networking sites are run by private organizations who adopt and maintain their own privacy policy. Such policies can change over time, negatively impacting reliance interests, and often serve to limit control over user-generated content. According to Facebook’s privacy policy (http://www.facebook.com/policy.php), “certain categories of information…are considered publicly available to everyone…and, therefore, do not have privacy settings.” These categories include “your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to.” In addition, Facebook shares certain personal information with advertisers and marketers and will respond to legal requests to disclose “where [it has] a good faith belief that the response is required under law.”
These limitations on the ability to control private information beg the question whether social networkers have any legally protectable right to privacy outside the parameters set by the social networks themselves? If so, how do we adapt traditional privacy protections to the social networking setting? These questions have no clear answer and courts struggle to address them with increasing regularity. I will conclude by analyzing the common law tort for public disclosure of embarrassing facts as it is likely the most effective means for reigning in unauthorized dissemination of private information.
§ 652D of the Restatment (Second) of Torts provides that “one who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public. While this cause of action is not recognized in all jurisdictions, most states (36) permit plaintiffs to sue for such an invasion of privacy. Plaintiff must prove that the Defendant’s statement was: 1) highly offensive to a reasonable person; 2) contained private facts about the plaintiff's life; 3) was a public disclosure of private facts; and 4) was not of legitimate concern to others. The second prong is most relevant to this discussion. How exactly to characterize information posted to one’s social networking page?
A California court recently held that one who publishes content on Myspace effectively relinquishes any claim to privacy if such information is available to the public at large: “Here, [plaintiff] publicized her opinions about Coalinga by posting the Ode on myspace.com, a hugely popular internet site. [Plaintiff's] affirmative act made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material.” Moreno v. Hanford Sentinel, Inc. 172 Cal.App.4th 1125, 1130, 91. While this case is pretty clear-cut - a defendant need only disprove one of the elements to defeat the tort for public disclosure of embarrassing facts and plaintiff failed to restrict access altogether – things get a bit more hairy when dealing with limited profiles.
Sites such as Facebook and Myspace enable users to take affirmative steps to limit access. The issue is whether such measures constitute a reasonable expectation of privacy. Matthew J. Hodge, in an article titled “The Fourth Amendment and Privacy Issues on the "New" Internet: Facebook.com and MySpace.com,” answers in the affirmative. While Hodge’s article discusses privacy concerns in the context of Fourth Amendment jurisprudence, his analysis is highly relevant to our discussion. Hodge likens limited profiles to “mass e-mails” or to “a bulletin board posted in a building where access is only granted by the user.” 31 S. Ill. U. L. J. 95, 111. In these situations the individual distributing information defines the scope of her audience and, therefore, may reasonably expect (subjectively) that no one else will gain access to that particular posting (NOTE: this explanation does not account for reposting by those granted access). In addition, Hodge notes how, despite social network providers regularly disseminating private information to various third parties, they likely do not have legitimate business interest in culling through the sordid details of individual postings. Therefore, limited profiles are likely deemed to be objectively reasonable, as well.
In sum, privacy protection in cyberspace is necessary to protect us from our own indiscretion and short-sidedness. However, the jury is out on whether traditional common law protections are adequate to accommodate ever-changing technology and constantly evolving computing habits.
Posts
1 comments:
Mr. Billingsworth,
Thanks for a post that is well-worth billing.
The common law public disclosure tort is, as you describe it, one of the key actions available against a privacy intrusion online.
In Moreno, the court did not clearly specify what choices the young woman had made when she posted the original information on MySpace. From the language quoted above, it appears likely that she did not restrict access.
Should the court have decided differently if she had limited the disclosure to friends? What if she had limited it to certain networks? What if her friends numbered in the thousands? Should she expect any privacy in that context? Lior Strahilevitz at Chicago has written interesting work in this vein.
Again, a great post.
AC
Post a Comment