Johannesburg High Court rules on Facebook defamation

The innocuous looking case of H v W which was handed down in the South Gauteng High Court on 30 January 2013 is anything but. Judge Willis’ 30 page judgment recognises the harm a Facebook post can do to a person’s reputation and throws the weight of the Court behind the person defamed (and who can afford the legal fees).

Update: Here are a few thoughts which are partly a summary and partly what I think is really interesting about this case. Be sure to read the post itself, though, there is a lot to unpack in this case.

Back to Wits with Aaron and Ashley-19

The innocuous looking case of H v W which was handed down in the South Gauteng High Court on 30 January 2013 is anything but. Judge Willis’ 30 page judgment recognises the harm a Facebook post can do to a person’s reputation and throws the weight of the Court behind the person defamed (and who can afford the legal fees).

What the judgment says


Judge Willis’ judgment begins with some background information (the names of the parties were redacted to prevent further harm). W (the “respondent”) published an open letter to H (the “applicant”) on Facebook “for public consumption” which included the following paragraph:

I wonder too what happened to the person who I counted as a best friend for 15 years, and how this behaviour is justified. Remember I see the broken hearted faces of your girls every day. Should we blame the alcohol, the drugs, the church, or are they more reasons to not have to take responsibility for the
consequences of your own behaviour? But mostly I wonder whether, when you look in the mirror in your drunken testosterone haze, do you still see a man?

Judge Willis continues and explains that –

The applicant is an insurance broker who is separated from his wife. The respondent had been a close friend of the applicant. This friendship extends back from the time before the applicant married his wife. In terms of a Deed of Trust, the applicant and his wife had jointly appointed the respondent to be the guardian of their three minor children in the event that both the applicant and his wife died or became incapacitated before their children attained their majority. The applicant had provided the respondent with guidance in starting her current business venture. The respondent had lent the applicant money to tide him over certain financial difficulties.

The applicant and his estranged wife are engaged in a divorce action. The applicant’s estranged wife is presently residing with the respondent. The applicant’s wife left him to stay with the respondent on 14 January, 2012. The applicant pays for the children’s medical aid, extra mural classes, stationery and a full time tutor to assist them. The three minor children born of the marriage between the applicant and his estranged wife are Z, born in 1997, M, born in 1999 and C, born in 2001. These minor children have been residing with the applicant for the last few months. The two minor daughters are both ‘friends’ on Facebook with the respondent. A ‘friend on Facebook’ is a ‘term of art’ to which I shall later refer. The applicant and the respondent were friends on Facebook but, consequent upon the applicant’s wife leaving him and moving into the home of the respondent, the applicant has ‘defriended’ the respondent.

The applicant complains that the posting in question publishes information which portrays him as:

(i) A father who does not provide financially for his family;

(ii) A father who would rather go out drinking than caring for his family;

(iii) A person who has a problem with drugs and alcohol.

The applicant’s attorney, in her letter dated 28 February 2012 addressed to the respondent, referred to the possibility of a claim for damages. The respondent claims that she posted the posting not to defame the applicant but in order for the applicant to reflect on his life and on the road he had chosen.

The law the Court relied on

The lawyers involved in the matter conducted what appears to be fairly substantial research on the law on defamation online and with reference to Facebook. Judge Willis relied fairly heavily on two academic articles by –

The Court quoted extensively from Roos’ article, largely as a means to understand Facebook and its mechanics. Although reliance on Roos’ article and her explanation of how Facebook works may not be integral to the judgment, it is unfortunate. Roos appears to have a fairly limited understanding of how Facebook and its privacy settings work and this gives the impression that activity on Facebook is unavoidably more public than it need be. One example of this is Roos’ explanation of Facebook’s primary privacy options:

In Facebook there are three privacy settings to choose from for information other than the user’s name, profile picture, gender and networks. Users can choose to make other information visible to “everyone”, or to “friends of friends”, or to “friends only”. It is important to recognise that a “friend” on Facebook is someone you have listed as a “contact” – such persons are not necessarily friends in real life.

Users can control their visibility to some extent by using the privacy settings to make personal information available only to friends, and of course by limiting the number of friends or contacts they add to their networks. In general, however, most users give out an extraordinary amount of information.

The last part about people sharing a lot of information is true, of course, but what Roos missed is that users can also share fairly selectively using Facebook lists which stand apart from the default “Public”, “Friends”, “Friends except acquaintances” and “Only me”. To be fair to Roos, though, her article was published in 2012 and Facebook’s privacy controls have changed since then and, in many respect, have become somewhat more secure in some respects, and have eroded protections like users’ privacy by obscurity. That said, she made a few good remarks about what I see as privacy’s contextual nature:

In the context of SNSs, one could argue that subscribing to an SNS and completing your profile information is similar to appearing in a public place. The Internet is a very public place, and Facebook clearly warns subscribers that their privacy cannot be guaranteed. However, in my opinion the privacy settings that one choose, should also be taken into account when considering whether a person has really chosen to disclose his or her information to an indeterminate number of persons. If you chose to reveal your personal information to “Friends Only” and if you limited the number of friends that you added, it could be argued in my opinion that you did NOT choose to reveal your information to an indeterminate number of persons. You have, in fact, revealed your personal information to a limited number of people. If one of your Facebook Friends then further discloses personal information that was provided by you in these circumstances, I would argue that you should have a delictual claim for infringement of privacy.

Roos made another important point to bear in mind when considering whether a person’s right to privacy has been infringed is similar to a defamation analysis (and which Judge Willis touched on in his judgment):

It should also be remembered that the wrongfulness of an infringement of privacy is negated by the presence of a ground of justification. Neethling identifies the following traditional grounds of justification as relevant to the right to privacy: necessity, private defence, consent to injury, and performance in a statutory or official capacity. Another ground of justification which is relevant to privacy is the protection of legitimate interests, including the public interest.

In the context of SNSs, consent is a particularly relevant ground of justification. Whenever the user discloses personal information on his webpage, he or she consents to the publication of that private information. However, in order to be valid the consent must meet certain criteria.

She then went on to discuss the parameters of the consent required to justify a privacy infringement. Essentially, consent must be informed although in light of the Protection of Personal Information Bill, we can adopt the Protection of Personal Information Bill’s defintion of “consent” as –

any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information

Unfortunately Roos’ understanding of Facebook’s privacy controls and how it works, generally, is limited as expressed by her article and Judge Willis has accepted her explanation as a complete and accurate exposition of privacy on Facebook. This will likely, and unfortunately, colour future Court judgments regarding Facebook privacy issues. One inaccurate statement is Judge Willis’ understanding that –

Accordingly, although one can control one’s own Facebook profile but there is no method, within the Facebook system itself, by which one can control what other people place on their profiles about
oneself and who can look at that.

This is not really correct. Users have the ability to exercise a fair amount of control over whether other users can post their personal information and tag them (Roos seems to have largely misconstrued how tags can be restricted and controlled by the person being tagged).

After exploring Twitter briefly, Judge Willis turned to established case law in South Africa including authority for the proposition Roos expressed that a privacy infringement can be justified in a similar way that defamation can be justified and a more recent Supreme Court of Appeal judgment in the 2004 Mthembi-Mahanyele v Mail & Guardian case which, according to Judge Willis –

affirmed the principle that the test for determining whether the words in respect of which there is a
complaint have a defamatory meaning is whether a reasonable person of ordinary intelligence might reasonably understand the words concerned to convey a meaning defamatory of the litigant concerned

The Court, in the Mthembi-Mahanyele case set out the test for defamation as follows (and cited a 1993 case in the then-Appellate Division of Argus Printing and Publishing Co Ltd v Esselen’s Estate) –

The test for determining whether words published are defamatory is to ask whether a ‘reasonable person of ordinary intelligence might reasonably understand the words . . . to convey a meaning defamatory of the plaintiff. . . . The test is an objective one. In the absence of an innuendo, the reasonable person of ordinary intelligence is taken to understand the words alleged to be defamatory in their natural and ordinary meaning. In determining this natural and ordinary meaning the Court must take account not only of what the words expressly say, but also of what they imply’

Referencing one of the justifications for (or defences to) defamation, namely that the defamatory material be true and to the public benefit or in the public interest, Judge Willis drew an important distinction that is worth bearing in mind –

A distinction must always be kept between what ‘is interesting to the public’ as opposed to ‘what it is in the public interest to make known’. The courts do not pander to prurience.

The Court moved on to explore another justification, fair comment. In order to qualify as “fair comment” –

the comment “must be based on facts expressly stated or clearly indicated and admitted or proved to be true”

The person relying on this justification must prove that the comment is, indeed, fair comment and “malice or improper motive” will defeat this justification or defence, regardless of its demonstrably factual nature. In this particular case, the Court found that W acted maliciously and she was unable to prevail with this defence.

The Court’s finding

Flowing from the Court’s finding that W’s Facebook post was defamatory and unlawful, Judge Willis considered a procedural issue. H instituted proceedings on motion, which means that H used an expedited approach relative to the more conventional trial action and sought a court order requiring W to remove the post and stop posting about H (the very simplied and incomplete version). Normally an applicant instituting motion proceedings would be asked to explain to he Court whether there is “an absence of similar protection by any other ordinary remedy”. W’s legal team pointed out (as respondents frequently do) that H could have sued her for damages (monetary losses) through a trial action.

Judge Willis considered this argument and took a pretty important step in developing the common law that governs these sorts of proceedings. He said the following:

It is in respect of the remedy where infringements of privacy take place in the social media that the common law needs to develop. The social media form a subset of the electronic media but are not coextensive with it: the social media are all part of the electronic media but not all the electronic media are social media. The electronic media were, almost certainly, beyond the imagination of the court when Setlogelo v Setlogelo was decided in 1914. Not only can items be posted and travel on the electronic media at a click on a computer in a moment, in an instant, at the twinkling of an eye, but also they can, with similar facility, be removed therefrom. This can also be done at minimal cost. The situation is qualitatively different from the scenario where newspapers have been or are about printed in hardcopy and distributed. The law has to take into account changing realities not only technologically but also socially or else it will lose credibility in the eyes of the people. Without credibility, law loses legitimacy. If law loses legitimacy, it loses acceptance. If it loses acceptance, it loses obedience. It is imperative that the courts respond appropriately to changing times, acting cautiously and with wisdom.

He went on to explain that –

[t]he historical reluctance of the courts to interdict publication in the media has its roots only in the issues relating to technology and economics that arise from ‘stopping the press’ but also a concern about the social consequences of stopping the free flow of news and information. This concern about the ‘chilling effect’ of court orders on freedom of expression has been manifested in the case of National Media Limited v Bogoshi recently decided in the SCA.

This is an interesting perspective. Just as social media accelerates the rate at which people can share (and remove) their thoughts, it also addresses the courts’ concerns about ordering that defamatory materials be removed from these social services because the costs involved are minimal. Ironically, though, litigation remains a pretty costly exercise so this must also factor into litigants’ cost analysis. For the courts, though, it would seem that the social Web removes an obstacle to judicial activism when it comes to defamation. Of course it isn’t just about the economics involved, courts will continue to assess the relative value of one party’s right to freedom of expression when weighed against the other other’s right to dignity, for example. As Judge Willis points out –

resolving the tensions between every human being’s constitutionally enshrined rights both to freedom of expression and to dignitas is all about balance. In the case of Le Roux v Dey Freedom of Expression Institute and Another as amici curiae) the Constitutional Court emphasized the need to take into account the context in which a publication occurs.

W’s advocate attempted to argue that H could take the matter up with Facebook itself as a violation of its terms and conditions but Judge Willis wasn’t convinced. He didn’t feel there was anything before him to “assure me that Facebook would comply with such a request”. He further noted James Grimmelmann’s argument that “it is better for the courts to focus on users rather than Facebook itself if intrusions on privacy are effectively to be curbed”. Essentially, “if one wants to stop wrongdoing, it is best to act against the wrongdoers themselves”.

Media reports about this case referenced the orders H sought against W which included a prohibition on W “posting any information pertaining to the applicant on Facebook or any other social media”. Judge Willis refused to grant this order as he said he has “no way of knowing for certain that there will be no cicumstances in the future that may justify publication about the applicant”. I think he made the correct decision there and this means that these complaints will have to be dealt with on a case by case basis with careful consideration of each case’s merits.

The Court also refused to grant orders placing W under arrest if she fails to comply with the order and that the Sheriff of the court be ordered to remove the offending post. Instead W was ordered to remove the posts and pay H’s costs. As a practical matter, Judge Willis made the following point:

Those who make postings about others on the social media would be well advised to remove such postings immediately upon the request of an offended party. It will seldom be worth contesting one’s obligation to do so. After all, the social media is about building friendships around the world, rather than offending fellow human beings. Affirming bonds of affinity is what being ‘social’ is all about.

A few more interesting points

Judge Willis went on to deal with public figures and the prospect of having to deal with a flurry of relatively minor complaints after this judgment.

With respect to public figures, he pointed out that while they enjoy a right to privacy, “[t]here is legitimate public interest in the affairs of public figures” and this means that they may not enjoy the same degree of protection as citizens not in the public spotlight when it comes to defamation online. As Judge Willis put it –

Trenchant commentaries on the performances of politicians as politicians, entertainers as entertainers, musicians as musicians, artists as artists, writers as writers, poets as poets, sports stars as sports stars will generally pass legal muster, even if posted in the social media. When it comes to freedom of expression in South Africa, there are oceans in which to swim and upon which to sail as freely as the wind blows.

When it comes to the prospect of being inundated by defamation claims (my words), the Court referenced the National Media Limited v Jooste case and Judge of Appeal Harms’ comments that –

the question of whether private facts are worthy of protection is determined by reference to ‘ordinary or reasonable sensibilities and not to hypersensitivities’.

Similarly, Grimmelmann has referenced the legal maxim de minimis non curat lex which Judge Willis translated as “the law is not concerned with trivia”. Ultimately, the cost of litigating, even when it comes to motion court proceedings of this nature, will stem the flow of applications to court. Litigation remains a costly exercise and this cost may not always be warranted, regardless of how hurtful the comments may be. This is especially so in the context of motion court proceedings where courts tend not to grant damages as relief because of how these motion court proceedings work.

Lastly, the judgment didn’t deal with another complication: the infamous Streisand Effect. This phenomenon kicks in regardless of your entitlement to protect legitimate rights. It has the ability to effectively negate the practical value of a court order such as the one Judge Willis granted and should always be carefully considered and weighed up against the risks in any matter. There are going to be cases where it is better to walk away and focus on damage control and other cases where it is worth risking the phenomenon and going to court. A critical factor will be whether the legal advice you take is adequately informed about not only the law but the social Web dynamics to form a better risk assessment before you pull the trigger.

This case is an important one. It advances the law dealing with social Web issues and, if it is upheld or applied by other (and higher) courts, it will change the tone for how courts will deal with issues like online defamation and privacy.

Pitfalls of demanding employees’ social network access credentials

I receive questions now and then about the legalities of employers demanding access to prospective employees’ access credentials for their social networks. I haven’t had a chance to prepare a post on this (I believe there are two big pitfalls for employers and this practice is most likely unlawful) so I recorded a few thoughts instead.

Employers engaging in this practice are exposing themselves to substantial liability and claims of rights infringements. It’s just a bad idea and should be actively discouraged.

Your cloud assets and profiles after you die

Imel Rautenbach recently asked me what happens to your content and profiles in the cloud when you die. Its an important question and I’ve started hearing it a lot lately. There are a couple reasons for this. The first reason that comes to mind is that people are increasingly concerned about what happens to their Facebook and Twitter profiles after they pass away? As ephemeral as these profiles and their content may seem, for many people these services (and other social Web services) document a person’s thoughts and life experiences. Facebook with its Timeline feature is specifically designed to become a social and interactive life journal where you effectively maintain a media rich narrative of your life and your connections.

In some cases these social services will offer family and friends a way to keep a deceased person’s profile alive in a suspended state. Facebook, for example, can memorialise a profile:

When a user passes away, we memorialize their account to protect their privacy. Memorializing an account sets the account privacy so that only confirmed friends can see the profile (timeline) or locate it in search. Friends and family can leave posts in remembrance. Memorializing an account also prevents anyone from logging into the account.

Dormant social media profiles and accounts could prove to be fertile ground for identity thieves going forward, especially if the late user didn’t make use of the relevant privacy controls to restrict access to sensitive personal information.


Another reason why its important to think about your assets in the cloud is that we are increasingly storing significant amounts of data on cloud services. These data include photos and other multimedia as well as business and financial data. There are a variety of services which make it very easy to keep our data in the cloud and at a relatively low cost. You may use Evernote to store important information about insurance policies and bank accounts or Dropbox to store vital business and personal documents. Services like Backupify help you back up a variety of cloud based services and Amazon S3 gives you access to vast amounts of storage space at a pretty low cost.

Until now families sorting through a deceased family member’s estate would have had to collate and work through assorted files and paper documents, that will likely change. Families are finding themselves faced with disparate digital archives which often contain the sort of information they require to manage and wind up an estate. It is very possible that a person could die and leave very little paper-based information which a family would require to manage and wind up the estate because all of that data would be digitally stored in the cloud. The challenge is that the only person who tends to know how to access those accounts has passed away, taking those details with him or her. One option would be to contact the service concerned, armed with proof of the person’s passing, and ask for access. Another is far simpler and requires some planning.

Services like LastPass and 1Password offer convenient and secure ways to manage passwords for all these cloud services. They offer tremendous security benefits because they rely on a master password to securely pass your account specific access credentials to the relevant service. This means you don’t have to type in your username and password every time and risk that being intercepted. If you are not using one of these services, you should seriously consider it. Aside from the security benefits, these services also offer a way for your family members to access your cloud services when you are gone. One strategy is to give your master password and username to your spouse and a second trusted family member or friend. Provided they keep that information securely, it will provide them with a convenient way to access your important data after you are gone. Just remember to pass along any password or other access credential updates!

Unfortunately your cloud services profiles and accounts are not the sorts of assets you can hand down to your heirs. The rights you have to access and use these services tend to be personal rights which tend to terminate when you die and can longer exercise any rights. The nature of these profiles and accounts is that they are closely associated with a person’s identity, unlike assets like a house which can be transferred to a different person and in which owners tend to have “real” rights which are formally registered. One implication of this is that these profiles and accounts could be terminated when the services concerned learn of your death so it is essential that you give your family and, where appropriate, close friends access to these digital assets.

As an aside, it looks like legislators are starting to look into how best to deal with these digital assets after death. StThato pointed this out to me:

What parents can do to better protect their children’s privacy online

School children singing, Pie Town, New Mexico (LOC)

Our children are growing up with digital devices and an increasingly social Web and are, in the process, sharing their personal information, oblivious to the risks. Parents are increasingly finding themselves in foreign territory with no real idea where to begin to address their children’s privacy. This post is intended to give parents an overview of the privacy frameworks in place and some of the factors to bear in mind.

Protection of Personal Information Bill

This is a draft Bill, making its way through Parliament at the moment. It gives the right to privacy in the Bill of Rights more substance. The Bill focuses on privacy as in informational self-determination, as opposed to privacy as in secrecy. It establishes a framework for what personal information can be collected from whom and what can be done with that personal information. I wrote about this in my post titled “Privacy is about choice“:

Privacy has become more about informational self-determination – each person’s ability to decide what becomes of their personal information. Facebook has been a bit of a cowboy with users’ personal information for some time now and the primary concern, as I see it, is that Facebook has decided, from time to time, to expose more of users’ profile information to the public Web and make that level of disclosure a new default. It has also progressively changed its privacy policy to allow for greater transparency. What it has done is severely limit users’ choices to the point where their choice has become whether to include information on their profiles or not, bearing in mind that any of their personal information could suddenly be made public.

While the Bill is still subject to change, we can draw on a few of the trends in the Bill:

  • Personal information can only be collected with the data subject’s consent, generally speaking (the term “data subject” is the term used for the person whose personal information is collected);
  • Data subjects’ consent must be informed and this means the party collecting the personal information must inform the data subject what personal information is being collected and what it will be used for (this is the rationale for detailed privacy policies);
  • Personal information should only be used for the purpose it is collected for and should either be destroyed or anonymised (the Bill talks about “de-identifying” personal information)
  • ; and

  • Personal information should be kept secure and only disclosed where the data subject consents to disclosure or where required by legal authority.

Children’s personal information is subject to a further requirement. By children, I am talking about children under the age of 18 (a person is legally recognised as an adult, a major, when that person turns 18 – there are exceptions, though, relating to an incapacity or inability to manage the person’s own affairs). The February 2011 draft of the Bill (the current draft as I type this) requires prior consent from a “competent person” before collecting and using a child’s personal information. A “competent person” is defined as follows:

A “competent person”, for purposes of paragraph (a), means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child

The position with children is different to general personal information processing because it requires prior consent from that competent person (usually a parent or guardian). In practice this can be a little tricky to obtain for various reasons. The first reason is that, when it comes to the major social networks, its not clear that the Protection of Personal Information Bill applies to those social networks. That said, the provisions dealing with data transfers outside South Africa require that countries this personal information is transferred to subscribe to similar personal information protection principles in their laws.

Consumer Protection Act

The Consumer Protection Act highlights another reason obtaining consent from children for collection of their personal information is tricky. As I pointed out in my post “Why Website terms and conditions matter“, a website’s terms and conditions is a contract between the site’s visitors and users and the site owner. This implies that the parties to this contract have the legal ability to enter into a contract in the first place (this is also known as “contractual capacity”). Section 39 of the Consumer Protection Act deals with this issue when it comes to children:

Agreements with persons lacking legal capacity

39. (1) An agreement to enter into a transaction, or for the supply of any goods or services, to or at the direction of a consumer—

(a) …
(b) is voidable at the option of the consumer, if—

(i) at the time the agreement was made the consumer was an unemancipated minor;
(ii) the agreement was made without the consent of an adult responsible for that minor; and
(iii) the agreement has not been ratified by either—

(aa) an adult responsible for that minor; or
(bb) the consumer after being emancipated or becoming an adult.

(2) Subsection (1) does not apply to an agreement if the consumer, or any person acting on behalf of the consumer, directly or indirectly, by act or omission—

(a) induced the supplier to believe that the consumer had an unfettered legal capacity to contract; or
(b) attempted to obscure or suppress the fact that the consumer did not have an unfettered legal capacity to contract.

What this means is that a child can enter into a contract with a social network but the parent or guardian whose consent is necessary to ratify or confirm the contract can effectively void that contract. Bear in mind that the contract here probably includes a privacy policy in terms of which the child presumably confirmed that the “competent person” concerned had consented to the social network collecting the child’s personal information. The risk to the social network is that the parent or guardian would decide to void the contract between the child and the social network and, effectively, negate the consent to the social network’s collection of the child’s personal information. This presents a practical challenge to social networks when it comes to applying contractual terms to children’s access to their services and their collection of children’s personal information.

Social networks

The major social networks and services like Facebook and Google’s various services cater for children accessing their services. Facebook’s protections are more robust than Google’s in many respects. Facebook limits who can see children’s Facebook activity. According to Facebook’s Safety Centre –

The only people who can see what teenagers post are their Facebook friends, friends of friends and networks (like the school they attend). We maintain added protections and security settings for teenagers (aged 13-17) that ensure their profiles and posts don’t show up in public search results. Similarly, if teenagers share their location through Places, only their Facebook friends can see it.

Parents should spend some time reading through the information provided in social networks’ privacy information pages. Here are a couple that will probably be pretty relevant:

General tips

Parents should acknowledge that their children are digital natives. Digital is an important part of their daily lives and will be increasingly important in almost all aspects of our daily lives, including the business environment. Trying to block access to this may not work, either for long or at all. Instead parents should engage with their children as much as possible about the services they are using and educate them about the very real risks of disclosing too much information about themselves.

While many parents are unfamiliar with the services their children are using, perhaps even intimidated by those services, they should make every effort to find out more. Often this means creating their own profiles on some of these services and “friending” their kids (even though this would probably mortify your teenagers) so you can keep an eye on what they are doing. That said, children can probably manipulate privacy settings to hide their activities so it falls to parents to learn as much as they possibly can about services like Facebook, Twitter, Google+ and Mxit and what these services’ privacy practices are.

Parents are users too and they should bear in mind that their social activities can comprise their children’s privacy. I wrote about this is a post titled “The privacy myth” a while ago (the post’s main theme is that privacy as in secrecy is a myth online) –

There are two strategies which can help mitigate the effect of the Internet on personal privacy. The first is to proactively manage your identity online. This means using services like ClaimID to create coherent and comprehensive personal profiles online and taking steps to differentiate aspects of your personality from those that either have no link to you or which are misrepresentations or misuses of your identity.

Another simple, yet powerful, strategy is to decide in advance which items of your personal information will never be disclosed online, ever. This strategy depends on the principle that what you don’t disclose can’t be disseminated and misused. Examples of personal information never to disclose may include your identity number, your home address, your home phone number, your children’s school and so on. Particularly sensitive personal information should be closely guarded from disclosure at all times and this requires vigilance.

The major social networks have improved their privacy practices quite a bit in the last few years. There is a common perception that Facebook is inherently insecure but its worth bearing in mind that children may be more at risk when they are out and about in public compared to when they are using Facebook with their privacy settings responsibly configured.

Protecting your children’s privacy is not easy and it is more about controlling what is disclosed and how its used rather than keeping it hidden altogether. That said, it can be done but it require diligence and attentiveness.

Update: I have come across a couple sites dealing with children’s safety online which may be informative:

The trouble with online defamation

I frequently receive calls or emails from people asking for help with online defamation, usually on Facebook. The people who contact me are often at their wits’ end and want to sue the people defaming them, thinking that will fix the problem. Unfortunately, that can often make it worse. The challenge with online defamation is that the usual legal approach can aggravate the harm being suffered and the better course of action doesn’t necessarily fix anything. Dealing with online defamation is often a matter of damage control and this is primarily due to the social Web’s nature.

Pro-abortusdemonstratie / Pro abortion demonstration

Social networks like Facebook, Twitter and Google+ empower their users to express themselves on a scale typically not seen before the Web became social. This has shifted power dynamics in profound ways. We recently saw how Facebook and Twitter played important roles in the Arab Spring in Egypt and other countries in the Middle East. It is important that the social Web remain as free and accessible as possible because a free social Web is a powerful tool for freedom generally. At the same time, the social Web, like most tools, has darker applications and defamation online is one of those applications.

Of course, that is an oversimplification. A form of expression can be defamatory and be justifiable and permissible if, on its face, it harms its target’s reputation and yet its publication serves a legitimate purpose. When people contact me about defamation online (the term they often use is “slander”), the published material is often not justifiable and is motivated by malice.

The typical legal response to this sort of defamatory material (or any defamatory material, for that matter) is to demand its removal and that the publisher take some form of remedial action to address the harm caused. The problem is that adopting this approach to defamatory statements or material published online can aggravate the situation far more than the person harmed could have anticipated.

Two case studies illustrate this phenomenon well. The first and older case study involves the performer, Barbara Streisand, and her efforts to stop photographs of her coastal home from being published after it was photographed during a coastal survey. Despite her most efforts, photographs of her house were published online, repeatedly. This case study gave the phenomenon its name: the Streisand Effect. A number of subsequent stories validated and reinforced the Streisand Effect including the 2007 Digg-AACS Encryption Key controversy and, more recently, the 2011 Ryan Giggs-UK “Superinjunction” controversy. Both of these more recent case studies illustrate the challenge of adopting a classic legal approach to a social Web problem. In the 2007 Digg controversy, Toshiba’s attorney at the time, Michael Avery, summed up this challenge as follows:

If you try to stick up for what you have a legal right to do, and you’re somewhat worse off because of it, that’s an interesting concept.

When it comes to defamation online, particularly on social networks like Facebook, defamatory statements’ harmful impact may only be exacerbated by adopting a traditional legal approach. This isn’t to say that the defamation isn’t unjustifiable, harmful and actionable but the very real possibility that addressing this misconduct like a conventional legal problem could drastically inflame the situation, and the resulting harm, is an important consideration when planning a response. What is required is a more flexible approach having regard to the specific dynamics involved as well as the platform used. There is no single approach which will be appropriate for all cases.

So what can be done? From an organizational perspective, implementing an Online Reputation Management solution may make a lot of sense. Companies may be defamed too and this defamation frequently results in reputational harm. Simply monitoring keywords and phrases is part of the process which should also include a more detailed strategic plan for dealing with negative and positive sentiment as well as legal input throughout the process to anticipate and cater for potential legal issue which may arise. From an individual perspective, responses may include reporting abuse with the platform’s proprietor; laying criminal charges; engaging directly; not taking any active steps for the time being and, when left with little choice, having an appropriately worded demand letter prepared and sent to the culprits.

There are other challenges facing online defamation cases which can be similarly difficult to overcome. One concern is that defamers may be publishing under a pseudonym and are effectively anonymous. This presents a fundamental difficulty because you can only really take action against a known party and if the culprit has used pseudonymous handles and names for his or her profiles, email addresses and other identifiers, suing will be a practical impossibility. Another, very real, concern is the cost of legal action relative to the harm suffered. In the case of individuals, litigation costs are frequently prohibitive; potential damages generally less than they may expect and costs recoveries are cold comfort after a protracted and expensive campaign. Costs are less of an issue for companies which tend to be more able to afford these costs but the challenge here is that taking action may lead to a disproportionate increase in the harm suffered making legal action more of a “principle” based decision which is rarely the ideal motivation for legal action.

A lawyer’s role in these sorts of case is less to rush in, guns blazing, and more to get a handle on the situation and help shape responses while anticipating the worst and preparing as much as is possible for a formal dispute. In between there is usually considerable scope for a multi-faceted approach to defamation and the resulting reputational harm where lawyers still play a role. They’re just not necessarily the cavalry anymore.

“Free” online services and privacy law

One aspect of the seemingly free services we use every day (Facebook, Twitter, Google Search and many more) which people tend not to pick up on is that these services really are not free at all. While we don’t part with currency to use these services, we do part with our personal information in exchange for meaningful access to these services and what they can do for us. This isn’t necessarily bad but it is a reality on the social Web.

A number of local online services are similarly offered, ostensibly for free to users, and they leverage personal information in similar ways and for similar reasons. The anticipated Protection of Personal Information Bill deals with how personal information may be “processed” by various parties and is organised around a number of Information Protection Principles:

  1. Accountability;
  2. Processing limitation;
  3. Purpose specification;
  4. Further processing limitation;
  5. Information quality;
  6. Openness;
  7. Security safeguards; and
  8. Data subject participation.

These principles can be unpacked further to reveal a fair amount of specificity about what personal information can be processed, by whom and to what end. I’ll probably unpack many of these principles in the coming months and it will be interesting to see how the Protection of Personal Information Act will interface with the Consumer Protection Act when it is eventually passed and implemented.

What local companies offering “free” online services will need to bear in mind that is that they will have to cater for an increasingly complex legal framework if they rely on personal information to make their service offerings worthwhile from their perspective. This paradigm is also something users should understand and bear in mind when they use these services.

Mich Joel talks about this paradigm and how he fears it may endanger the Web’s social nature in his talk at TEDxConcordia recently.:

Why our obsession with Facebook should matter to you

I just noticed this on Mashable and thought I would share it with you. There are some pretty interesting statistics which are worth bearing in mind when developing an approach to Facebook as a marketing channel as well as developing your approach to your employees’ social media use, whether that be through a social media policy or similar policy framework within your business.

What is revealing about this infographic is that Facebook is an increasing part of younger people’s lives, as well as us older types. This becomes an important consideration when deciding how much access to the social Web employers will permit. One risk (and I think it is a real risk) is that prospective hires may shy away from employers that are more restrictive than those who permit more moderate access to the social Web. Another consideration is how much news and information people receive through social networks. Often this news and information is what enables people to do their jobs a little more effectively in an increasingly connected world. Cutting off access to those social networks is going to be increasingly analogous to denying employees access to email.


Obsessed with Facebook
Via: Online Schools