The scourge of online defamation poses enforcement challenges for victims. So much so that there may be a temptation to begin looking for gatekeepers. The direction of the law appears to be ready to assist.

Consider, for example, the problem of the anonymous blogger. The path to justice requires a number of separate steps. Obtain an order requiring disclosure of subscriber information. Cajole the host of the blog to take down the content. Seek an order to validate service of proceedings on the blogger by email. Finally, pursue default judgment. In Manson v. John Doe, 2013 ONSC 628, the plaintiff followed that route and was awarded C$200,000 in damages and nearly C$50,000 in costs on a motion for default judgment. Whether the judgment will ever be satisfied is unknown.

A more direct route might be to seek compensation is to impose a gatekeeping function on the owner of the website. That route might just become easier. Last year, in Canoë inc c. Corriveau, 2012 QCCA 109, the Quebec Court of Appeal upheld an award of C$150,000 in damages and C$50,000 in punitive damages against the website owner who was found to have been grossly negligent in permitting defamatory statements to remain on the site. The hook was that the website owner failed to enforce promptly a website code of conduct.

More recently, in February, the English Court of Appeal, in Tamiz v. Google Inc., [2013] EWCA Civ 68, held that the host of a blog could be liable for defamatory material in circumstances where the host provided a platform, provided assistance and services relating to the platform, and imposed terms and conditions that enabled it to remove or block service in the event of a breach of the terms. The Court of Appeal held that such a host could become liable for allowing defamatory material to remain on the site once the host had been notified of the defamatory material and had a reasonable period of time to remove the material.

Of course national laws may differ with respect to what constitutes defamation and defences to defamation.  So, as always, it is necessary to seek local guidance before jumping to conclusions.

However, the risk management message is clear. If an organization is operating a platform or interactive site with a social media component where users may post comments, reviews and interact, that organization would do well to review its policies and whether it has the resources and compliance structure to ensure that it monitors the site or at least can respond quickly to complaints.

On January 8, 2012, the U.S. District Court for the Western District of Texas issued a ruling denying a preliminary injunction in a case involving the use radio-frequency identification (RFID) tags embedded in name badges to track students (A.H. ex rel. Hernandez v. Northside Independent School District, 2013 WL 85604 (W.D. Tex.). Ultimately, the court concluded that the religious objections of the student’s family had been accommodated by permitting the student to use a badge that was identical to the badges of other students, except that the RFID tag and battery had been removed.

The court gave significant deference to the school district’s reasons for using the technology and concluded that the use of the RFID technology easily met the requirement that it be rationally connected to a legitimate government interest. Since the school was willing to accommodate the objection to the RFID tag, the issues were reduced to whether the required use of a badge that looked the same as the RFID badges was a form of forced expression in support of the program and whether the student was subjected to significant burdens in opting out of the use of the RFID tag.

Since the case turned on the question of religious accommodation, the court did not review the significant privacy issues in the case, which is unfortunate given the importance of those issues to the maturing legal and social debate regarding the use of geolocation tracking. In Canada, Privacy Commissioners have long been concerned about the use of RFID technology to track individuals. However, it is clear that RFID technology can be used in Canada, provided that an organization is able to justify that the use of RFID technology is reasonable using the Canadian four-part analysis discussed below.

Deployment of the RFID Technology

An RFID tag is a computer chip with a unique identification number. The RFID tag can be active or passive. An active RFID tag contains a power source and a micro antenna that actively transmits the RFID tag information without any user intervention. In this way, the active RFID tag operates differently than an identification card containing a passive RFID tag that must come into close contact with a reader (at least a few feet) in order to be scanned. Instead, the active RFID tag operates without any card holder intervention.

As widely reported, the controversy began when an active RFID tag was embedded into student name badges in a pilot program at a U.S. high school. Employees, students and visitors at the school already wear an identification badge. Schools and buses are equipped with digital cameras. The addition of RFID surveillance meant that the school could obtain geolocation information about the student while on campus. Among the other uses of the RFID tag, it provides for a method of determining daily student attendance, which affects state funding.

The Religious Objection and the Proposed Accommodation

The students’ family objected on religious grounds to wearing the RFID tag. When the student was offered accommodation by having the RFID tag removed, her parents refused on the basis the participation in the program by even wearing the badge without the RFID would run against their religious beliefs. The family argued that the student should be permitted to wear a different badge altogether so that she would not appear to be supporting the program. The family also argued that the proposed accommodation also imposed burdens on the student. In particular, the student was unable to pay for lunch, check out library books, or participate in school activities in the same manner as other students, who could do so using the RFID-enabled badge. This meant that she was singled out.

Rational Connection to a Legitimate Interest

The court agreed that the school district has “a legitimate need to easily identify its students for purposes of safety, security, attendance and funding”. The court held that the RFID badge was rationally connected to meet those needs and was also “a useful tool for the students because it serves as a convenient means of payment for lunch and extra-curricular activities and assists students in checking out library books.”

The court held that any burden imposed on the student was outweighed by the governmental interest “in providing a safe and secure environment for everyone on campus”. The court held:

“Even if Plaintiff could show a substantial burden, the District has a compelling governmental interest that outweighs such burden. In today’s climate, one would be hard pressed to argue that the safety and security of the children and educators in our public school system is not a compelling governmental interest. Mandatory identification badges issued to all students, staff, and visitors further the school’s interest in providing a safe and secure environment for everyone on campus. One could envision many different methods of ensuring safety and security in schools, and the requirement that high school students carry a uniform ID badge issued for those attending classes on campus is clearly one of the least restrictive means available.”

The Canadian Approach

The Office of the Privacy Commissioner of Canada (OPC) has long taken the position that the existence of a legitimate security objective does not automatically justify the use of a surveillance technology. In order to assess the appropriateness of RFID technologies, the OPC uses a four-part analysis:

1. Is the use of the RFID technology demonstrably necessary to meet a specific need?

2. Is the use of the RFID technology likely to be effective in meeting that need?

3. Is the loss of privacy proportional to the benefit gained?

4. Is there a less privacy-invasive way of achieving the same end?

When analysing whether the RFID technology is likely to be effective in meeting a need, the OPC requires that organizations provide an evidentiary basis for the assertion of effectiveness.

Privacy Issues Not Discussed

Although the court in the Texas case noted the efficiency and the convenience of the RFID tag, the privacy issues were largely ignored in the court’s assessment of whether the RFID tag was rationally connected and minimally impairing of the student’s rights to freedom of religious expression and freedom of speech. Among other issues, the court did not assess the following issues, which should be critically examined in any RFID application in Canada:

• Reliability of the Technology. Did the active RFID technology actually fulfil its security purpose? Does the mere fact that the student’s badge is on campus indicate that the student is on campus? Does the fact that the student’s badge is not read as being on campus mean that the student is not on campus? How does the potential for misinformation affect whether the use of the RFID tag is rationally connected to the security concern?

• Security of the School’s Readers. What administrative, technological and physical security systems have been deployed to protect the unauthorized access to and use of the information collected by the RFID system? Does the level of security of the information provided affect whether the system is rationally connected to a security purpose and minimally intrusive?

• Normalizing Tracking. Following previous jurisprudence, the court concluded that the constitutional rights of students in public schools may be different from those of adults in other settings. Does

   this necessarily mean greater tolerance for tracking? Or, might it mean the opposite? Is it important that the state not use the occasion of providing public education to normalize a culture of tracking of future adult citizens?

For information on RFID best practices in Canada, see the OPC’s Consultation Paper on RFID’s in teh Workplace and the Information and Privacy Commissioner of Ontario’s RFID Privacy Guidelines.

On November 15, 2012, the Sexual Orientation and Gender Identity Conference (SOGIC) of the Ontario Bar Association (OBA) held a seminar on “Sexual Orientation & Gender Identity: Managing Personal Privacy and Reputational Risks in an Online Era“. I was invited to participate as a speaker. 

One of my (tongue-in-cheek) messages at the event was that you only have privacy rights for as long as no one is interested in what you are doing. It might be 45 years since the late Rt. Hon. Pierre Trudeau said that the State has no business in the bedrooms of the nation, but the continual parade of sex scandals demonstrates the State and the public still considers to what happens between consenting adults to be very interesting and worthy of opinion. Just open any North American daily newspaper this past week.

Certainly, there are numerous criminal and civil protections for privacy in Canada that Canadians and members of the LGBTQ community can rely on for privacy protections depending on the nature of the breach.  These include public and private sector privacy legislation, Criminal Code provisions (interception of private communications, harassing phone calls, spreading false messages and hate speech), the new tort of intrusion upon seclusion, statutory invasion of privacy torts (in some provinces), appropriation of personality, libel and defamation, nuisance and breach of confidence.

However, these remedies all have significant limitations. Private sector privacy legislation has no teeth when dealing with a non-commercial blogger. All of the court-based remedies require seeking vindication in a public forum. For defamation, the facts and photos might be embarrassing but if the defendant can prove they are true or part of responsible journalism or a qualified privilege defence applies, the subject of the facts and photos has no remedy. Even when privacy rights are vindicated, any monetary remedy is relatively small and the publicity and the digitized record of the event giving rise to the intrusion of privacy is likely, at least at the present time, to continue on with a life of its own unless publication of the intrusion was relatively contained and the operators of the site are willing to take the material down.

My colleagues on the panel were very thought-provoking. Here are some of my “take-aways” for further thinking and discussion:

• There is a gap in privacy protection for employees and job candidates (other than in British Columbia, Alberta and Quebec, public sector employees, and employees of federal undertakings). We are principally relying on Human Rights legislation for moral suasion.

• There is a gap in privacy protection with respect to electoral information gathered by political parties and information collected by elected officials. Can this be justified on the basis of promoting our democratic system of government? Or, do elected officials lose credibility when dealing with private sector privacy mistakes when they have exempted themselves from an obligation to protect the privacy of their constituents?

• We need to have a serious conversation about the “right to be forgotten”. A right of minors might be a useful starting point. Should an indiscreet photo or a story posted by a minor’s friend when the minor is 16 have an unlimited shelf-life on the Internet, or does this impinge too far on freedom of expression?

• The time may soon be ripe to recognize a tort of publication of embarrassing private facts based on the U.S. and New Zealand tort. What will it look like? How do we protect robust freedom of expression and at the same time provide individuals with protection from becoming the subject of targeted shaming by groups who do not share the same values as the target?

• Will the limit of $20,000 for general damages for the tort of intrusion upon seclusion be exceeded in the short-term? Or, will plaintiffs be able to demonstrate successfully to the court that the breach of privacy caused specific economic harm?

• Is the term “privacy” confusing the issue (except to privacy advocates)? Is the main issue systematic and unwelcome private-sector and public-sector surveillance? In other words, a question of control? Is a necessary ingredient of a free society, in the digital age, one in which individuals have protection from the unauthorized use of information that is public in a nominal sense?

Thank you SOGIC for putting on this timely seminar.

From time to time, we comment on developments outside of Canada that may be of interest or relevance to the topics discussed in this blog.

On February 7, 2012, the the Grand Chamber of the European Court of Human Rights issued two decisions (Axel Springer AG v Germany; von Hannover v Germany) involving the balancing of privacy interests and freedom of expression, each of which are protected under the European Convention on Human Rights (“ECHR”).

Article 8 of the ECHR provides that “Everyone has the right to respect for his private and family life …” Article 10 of the ECHR provides that “Everyone has the right to freedom of expression.” Article 10 further provides that freedom of expression includes the freedom “to receive and impart information and ideas.” However, freedom of expression is subject to responsibilities and, therefore, may be restricted “for the protection of the reputation or rights of others …”

The two cases before the European Court of Human Rights concerned well-known personalities who had argued that their privacy rights had been infringed by the publication of photographs and associated stories about them. In one case, the German court had prohibited publication. In the other case, the German court had not prohibited publication. The question for the European Court was whether Germany had fulfilled its obligations under the ECHR in protecting the interests of the parties.

Following previous jurisprudence, the European Court recognized that a person’s image constitutes personal information since it reveals the person’s unique characteristics. Therefore, Article 8 of the ECHR protects the right to control the use of a person’s image, including the right to refuse publication of that image. This right is not obliterated simply because the person is known to the public. Also following prior jurisprudence, the European Court held that freedom of expression is essential to a democratic society and protects information and ideas that may be offensive.

In assessing whether Germany had balanced these competing human rights, the European Court stated that the following factors are relevant. I have grouped related factors for convenience of exposition.

(1) Contribution to a public debate of general interest. A key factor in balancing the these human rights is whether the photograph or article contributes to a public debate of a matter of general interest. This factor is more easily met if the person that is the subject of the photo or article has a role or function that is appropriate for debate in a democratic society.  The European Court held that a private individual unknown to the public is more likely to have a claim protection of his or her right to private life.  By contrast, the role of the press as a “public watchdog” means that a public official will be exposed to scrutiny unless the material relates exclusively to details of the person’s private life and the publication of that material is simply to satisfy public curiosity.

(2) The conduct of the person with respect to protecting privacy.  The European Court concluded that an individual may have diminished expectations of privacy as a result of the individual’s own conduct.  The mere fact of having cooperated with the press on previous occasions will not result in the waiver of right to privacy.  However, the extent to which the person has willingly opened his or her life to public scrutiny will be a factor in assessing the person’s legitimate expectations of privacy.

(3) The context in which the photographs were taken and the content, form and consequences of publication. The European Court recognizes the importance of context.  Photos obtained by illicit activity may fair less well when balancing freedom of expression against privacy interests.  In addition, the manner in which the person is represented, the form of publication and the extent of circulation are relevant to balancing the two freedoms. As the European Court noted, a photograph of an otherwise unknown person may be more damaging than an article.

In the result, the European Court held that freedom of expression trumped the right to privacy of these personalities. In the Axel Springer AG case, the photograph and article were damaging but the information was already public and the person involved had previously spoken to the press about his private life.  In the von Hannover case, the photograph was not damaging and the accompanying articles contributed to a debate of general interest.

The New York Times has published an Associated Press report on the background facts underlying the cases.