Online Reputation - Individuals

 Human rights include the right to respect for private and family life and hence your right to privacy. 

The right to privacy is enshrined, for example, in Article 8 of the European Convention on Human Rights as well as Article 7 of the EU Charter of Fundamental Rights, where the latter also protects personal data on individuals. 

 Article 8 of Part I of Schedule I to the UK Human Rights Act 1998 (HRA 1998) gives effect to the rights enshrined in the European Convention on Human Rights. The HRA protects the misuse of private information. 

Also, the Directive 2002/58/EC (the ePrivacy Directive), the European Electronic Communications Code, and the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) together cover the privacy and related aspects of over the top online communications; analytics; spamming; and cookies. *Note that the ePrivacy Directive is aimed at providers of electronic communications like telecommunications companies, and internet service providers. 

The ePrivacy Directive is concerned with the protection and security of electronic communications to protect subscribers from abuse and specific risks, and it does not regulate content.

 The ePrivacy Directive is implemented by the Privacy and Electronic Communications (EC Directive) Regulations 2003 into UK law. While the UK Data Protection Act 2018 is based on (the GDPR).

While legislation such as that mentioned above is in place to protect your human right to privacy and protection of your data, how much are you aware of this right and when might you need help protecting it?

So, what are these possible risks to your privacy and reputation over the Internet? 

 Vast opportunities exist for others to abuse your privacy and damage your reputation over the Internet, particularly now with the dominating presence of social media, coupled with the ability to remain anonymous while using it. For example:

 I/D Theft

• A person can steal your identity on your Facebook account and lock you out while pretending to be you. They will enjoy access to all those personal sentimental memories you saved as well as could post abusive words to those you love. Id theft will leave you feeling exposed and vulnerable.

 Harassment emails or phone calls

• You could have received repeated unwanted instant messages, emails, texts or phone calls constituting harassment, leaving you feeling invaded and unable to escape unwanted attention. 

Leaked Photos 

• Possibly worse still, you may fear or have unfortunately experienced the utmost embarrassment of a personal indecent photo of you uploaded onto, for example, an Instagram account. If it is a public account, anyone can access this causing you acute humiliation and suffering as the victim of a bad joke.  

  Revenge Porn

• A former lover may maliciously post a video of you engaged in a sexual act in a horrible betrayal of trust. You only ever agreed to do something deeply private and personal between the two of you. The shattering effect of such a breach of your privacy will no doubt lower your self-esteem the longer it is left posted.

Such abuses of a person's right to privacy will leave you feeling scared, vulnerable, paranoid and ashamed, constituting probably one of your worst nightmares.

So, what can you do to protect your privacy or reputation?

If someone abuses your privacy or reputation, you will likely feel angry and want to retaliate, but you should resist this natural temptation to panic and react back.

At this point your first port of call should be to seek professional advice from an online content removal specialist solicitor.

If, however, you are unable to get professional help you should first approach the internet site where the abuse of your reputation or privacy occurred and ask them to remove or amend the content (do not comment on the post or contact the person that posted the content).

If you do not have conclusive proof of who posted the content, you will want to ask for disclosure of their identity from the online service provider.  

There are two types of online service providers, online content providers (OCP) and online service providers/internet service providers (OSP/ISP).  

An OCP is an online content provider meaning that they host content on their platform which is often user-generated content including social media networks (Facebook, Instagram, Twitter); online digital sharing sites (You Tube, Vimeo, Flickr).  

An ISP is an internet service provider meaning that they provide the infrastructure to transmit electronic communications (BT, Virgin Broadband).   

It is vital to understand the distinction between an OCP and an ISP when making a reputation management related enquiry because the Internet related laws apply differently to OCPs than they do to ISPs. 

When you are affected by unlawful content, both the person who posted it as well as the online content provider (OCP) or the online service provider/internet service provider (ISP) may also be liable under the E-Commerce Regulations 2002 and Defamation Act 2013. ISPs or OCPs will not be liable if the identity of the person posting the content is known. But ISPs or OCPs may be jointly responsible if it is not possible to identify the person posting the material or they were given notice of the complaint and failed to respond.  

If you do take the route of contacting the ISP or OSP, there are requirements under the Defamation (Operators of Websites) Regulations 2013 for them to respond to your complaint within 48 hours to confirm they have received it, where the person can be contacted, they have five days in which to provide them with the complaint asking whether they agree to their identity being disclosed.  

If the person who posted the content cannot be contacted the ISP or OSP must delete the content.  

However, as there is no requirement under the Defamation (Operators of Websites) Regulations 2013 for a defamatory statement to be removed from the Internet, taking this route could be lengthy and leave you waiting some time. 

Furthermore, there is a limit to the effectiveness of fixing the problem via the ISP or OSP as the culprit could post images elsewhere or steal your identity on other internet sites. Typically it is a major challenge even for a solicitor to get an ISP or OSP to reveal the identity of the individual so you will remain afraid and paranoid wondering who betrayed your trust or otherwise means you harm.  Even if you are 100% confident that you know who the perpetrator is, it is often a difficult task to meet the legal evidential burden of proof that it is that person that posted the content. Content is usually posted on the Internet using pseudonyms. An Internet troll may be using the name of the culprit without their knowledge.

You will likely continue to feel out of control of your internet presence. Whom can you trust? Will the person stop? How far will they go?  

Copyright as a tool for reputation management 

Copyright infringement is another tool that you can use to get content removed, which is often overlooked. If you took the sexy shots of yourself for your boyfriend then pressed send, then you own the copyright to that picture. Any original content is owned by the author or creator, including text, images, and film.  

Any use of a copyright work by a person not authorised to do so on a website or social media platform is likely to involve one of the acts reserved to the copyright owner by the Copyright, Designs and Patents Act 1988. 

Online Reputation - Business 

As a business, you may also want to get libellous content removed from the Internet under the torts of defamation or malicious falsehood. 

If you know who the perpetrator is, then it is a straightforward claim under the Defamation Act 2013, as well as a take-down notice sent to the culprit and the OCP or possibly the ISP (see: the ISPs terms and conditions). 

You must prove actual or serious probable harm to be successful in a defamation suit relating to a business. See section 1(2) of the Defamation Act 2013, as interpreted by the UK's Supreme Court in Lachaux v Independent Print Ltd & Anor [2019].  

You must prove that a real and substantial tort has taken place, or your claim could be struck out under the principles set out in Jameel v Dow Jones [2005]. 

Liability for OCPs or ISPs  

The OCP or ISP is unlikely to have published the content themselves. In cases where the OCP or ISP is not the content creator, then they will not be liable subject to certain exceptions already covered above. 

I will use a test case for a dispute we had with TripAdvisor on behalf of a hotel client that wanted several reviews removed which were alleged to be defamatory to explain the law here. 

The first things to consider are the terms and conditions of the OCP. Have you accepted the OCPs terms of business? Do the OCPs terms of business preclude liability for third-party content posted on the website? Is jurisdiction for litigation regarding online content restricted?  

TripAdvisor’s terms and conditions limit any litigation regarding their website content to the United States. 

OCPs may use the judgment of the Scottish Court of Session in Martin Clark & Anor. Vs TripAdvisor LLC to rely on their contractual business terms which preclude litigation outside the United States or whatever jurisdiction the OCP is based. 

What if the perpetrator is posting from out of the UK and EU? 

If you want to sue outside the UK, you need to show that your case has a reasonable prospect of success (CPR 6.37(1)(b) and the associated case law, in particular, Huda v Wells ([2017] EWHC 2553 (QB)).

Fortunately, EU law is shifting to the side of the protection of reputation. I refer to the recent judgement of the European Court of Justice on the Directive on Electronic Commerce Directive 2000/31/EC 08 June 2000 (the "2001 Directive"). The decision in Case C-18/18 Eva Glawischnig-Piesczek v Facebook Ireland Limited 03 October 2019. 

Disparaging and abusive comments on Facebook were found to be libellous and harmful to the reputation of Ms Glawischnig-Piesczek by an Austrian Court. 

Ms Piesczek is a Green Party politician in Austria. On referral to the Court of Justice by the Supreme Court of Austria, the European Court of Justice interpreted the 2001 Directive as follows that: 

 EU law does not prevent social media sites from:

- being required to remove identical comments decided illegal by the Courts.

- in certain circumstances from being ordered to remove equivalent comments previously determined to be unlawful by the Courts.

- to block access or to remove illegal information worldwide within the framework of the relevant International law, and it is up to member states to take that law into account.

You would have first to overcome the hurdle of the Court finding the content unlawful. 

The main obstacle for a business will be proving reputation damage which has to be shown in some form of serious harm. 

 If you are an ISP or OCP, what duties does your business have to do to prevent abuse of privacy occurring? 

The recent decision of the CJEU in the Piesczek case mentioned above in this article has impacted businesses, and you should be aware of your obligations with regards to the posting of potentially defamatory material.  

The decision of the CJEU concerned e-Commerce Directive (Directive 2000/31/EC), where the Court confirmed that despite there not being a requirement in Article 15 for general monitoring of internet content in this context, in certain instances this may be necessary as is detailed in recital 47 of the preamble of the Directive.  

The CJEU confirmed that if a specific piece of information has raised issues, the Court concerned can require the hosting provider to remove or deny access to that information regardless of who asked the provider to store the information initially.  

The Court confirmed that this applies to information held which may not be identical to the original information, but that has the same meaning.  

However,the CJEUalso confirmed that a hosting provider is not required to carry out its assessment regarding this. Therefore, while a hosting provider may not be deemed liable for the actual material concerned if a court found wrongdoing in the comments made, the hosting provider is obliged to remove them.  

So f you are ISP or OCP it would be best if you addressed abuse of privacy and other unlawful user generated content in your terms and conditions. Every ISP or OCP should deal with unlawful user generated content in their terms and conditions and consider installing upload filter software.

Copyright Infringement 

EU countries have until June 2021(one year) to implement the EU Copyright Directive (CDSM) including the controversial Art 17 into their national legislation. Britain will not be enforcing the Directive, but if you are marketing to the European Economic Area, you will have to comply with upload filters to detect unlawful user-generated content. 

Conclusion 

Having been a victim of cyberstalking myself, I know how vital protecting Internet reputation is both to you as a person and your business. I am passionate about asserting the human right to privacy through protecting those exposed to abuse of privacy and reputation over the Internet. I also have vast experience protecting businesses from a malicious, libellous statement or statements from competitors or disgruntled employees or customers.  

 At PAIL® Solicitors, we aim to make you feel safe again, ensuring that the perpetrator will not be able to repeat such abuse on the OCP website in question or anywhere else on the Internet. 

 To obtain an accurate, opinion from me about your case or matter please contact us on (020) 7305-7491 or at support@pailsolicitors.co.uk we would be delighted to assist you. The writer is an Internet and digital technologies + entertainment law specialist, owner and principal solicitor at PAIL® Solicitors. Peter Adediran's specialist niche areas of practice are digital media business SMEs and IP, both contentious and non-contentious.

If you find this article interesting, then you should also read our article on cyberbullying and reputation management pre-action protocol mistakes: https://pailsolicitors.co.uk/blog/warning-dont-make-cyberbullying-reputation-management-pre-action-protocol-mistakes