How much are you revealing?
ARE you someone who posts on social media or provides their details to a website without a second thought?
Do you take the right to privacy for granted? Most people believe their information will be kept private and only used for certain intended purposes.
Have you considered how many websites you have willingly provided your information to?
The introduction of the General Data Protection Regulations (GDPR) in 2018 brought this issue to the forefront of most people's minds. Companies began sending out multiple emails asking customers to confirm that they still agree to their privacy and use of personal data policies.
Yet, many of us still do not read the policies we agree to and this often impacts our reasonable expectation of privacy.
Websites are now available which show what was written on any webpage on any given day as long ago as the 1990s. Informatio,n once in the public domain, can still be accessed for many years to come.
So, what if someone shares your personal data without your consent?
A Misuse of Private Information action is a possible remedy. Any such claims must pass two tests:
1. Threshold Test: whether the person had a reasonable expectation of privacy. The Courts will look at all the circumstances objectively. If there was a reasonable expectation, Article 8 (right to respect for your private and family life) will be engaged.
2. Balancing Test: the Court will then look at how the Article 8 rights should be balanced against Article 10 (right to freedom of expression), and whether there is an overriding public interest for the information to be shared. This will be considered on a case by case basis.
This is a relatively new area of law and the law is still developing on a case by case basis.
A successful misuse of private information action may result in an award of damages to compensate the person for the loss of control of their private information or for the distress, injury to feelings and embarrassment they faced due to the breach.
Alternatively, a data protection claim may be the way to go. Under the GDPR legislation, an individual's information can only be used if they have given consent or if it is necessary for certain actions e.g. complying with legal obligations. GDPR was brought in to protect individuals' personal data unequivocally and as such there is no minimum threshold for the seriousness of the breach.
Lastly, depending on the contents of the shared information, a defamation claim may be an option. For such a claim to succeed there are three requirements which must be met:
1. The statement must be defamatory
2. It must refer to the individual bringing the claim
3. The statement must have been published to a third party
It is important to note that a defamation claim must be brought within one year of the date of the alleged defamatory comment.
But a word of advice . . . check what information you are putting online and on social media profiles. Are you happy for this to be shared? If not, remove it.
:: Jill Annett (firstname.lastname@example.org) is a senior associate in McKees (www.mckees-law.com) specialising in commercial disputes