Claim against Facebook for the misuse of private information


Re: CG v Facebook Ireland Ltd & Ors MOR10142

This case concerned the publication of three series of postings on Facebook pages of a photograph and abusive comments relating to a convicted sex offender (the plaintiff). The plaintiff claimed against McCloskey (the operator of one of the pages) damages and an injunction for harassment and misuse of private information. The plaintiff also claimed damages against Facebook for misuse of private information and breach of the DPA 1998. At first instance McCloskey was held liable for harassment and misuse of private information. Facebook was held liable for misuse of information but the DPA claim was dismissed. Damages of £20,000 were awarded against McCloskey and Facebook and an injunction was granted requiring Facebook to remove the entire page. Facebook appealed against the finding of liability for misuse of private information. The plaintiff cross-appealed against the rejection of the DPA claim. The NICA allowed Facebook’s appeal in part and dismissed the cross-appeal. The NICA held that almost all of the information contained in the postings (details of the plaintiff’s un-spent conviction, his name and photograph, derogatory descriptions of him, etc) was not information in respect of which he had a reasonable expectation of privacy. The only information in respect of which he had a reasonable expectation of privacy was information in relation to his address or whereabouts. The NICA considered that in relation to some of the postings which referred to the plaintiff’s address or whereabouts Facebook did not have actual knowledge of unlawful information. There is no room for constructive knowledge under the E-Commerce Directive safe harbour provisions and so knowledge of previous litigation involving postings by McCloskey in relation to another sex offender could not fix Facebook with knowledge of his postings in relation to the Plaintiff. Nor did the letters sent by the plaintiff’s solicitors provide Facebook with actual knowledge since these referred to inapt causes of action (defamation, breach of article 3 ECHR) and failed to identify or point to the location of the postings which did contain private information. Only in one case did a letter point to a URL of a posting which referred to the plaintiff’s whereabouts. The NICA held Facebook to be liable for damages for this one instance of misuse of private information, but not for others. This was because it was only in that instance that Facebook had had actual knowledge of the misuse of private information. Any imposition of a monitoring obligation to conduct searches on Facebook, rather than consider postings notified to it, would be inconsistent with Article 15 of the E-Commerce Directive. The injunction was upheld but on the basis that Facebook could be ordered to take steps to end McCloskey’s harassment of the plaintiff. On the cross-appeal Facebook was found to be a data controller for the purpose of the Data Protection Act 1998. However, the NICA held that the E-Commerce Directive safe harbour protected Facebook against liability for damages so in the circumstances the availability of a DPA claim added nothing to the claim for misuse of private information.

Hugh Tomlinson QC and Antony White QC were involved in this case.