The Law of Privacy on Social Networks

Wednesday, October 20, 2010

David Navetta


Those of us who watch the development of the law of electronic discovery, information security and privacy usually have nothing better to do on a Saturday night (except last Saturday when we saw the movie "The Social Network") than kibitz about how information on Facebook and other social networks is impacting and will likely impact civil lawsuits. 

Last month, a New York trial court in Romano v. Steelcase took a crack at some of these issues. While the New York court got the bottom line right -- relevant information on Facebook and other social media is generally discoverable -- some of its reasoning is baffling, some wrong and some spot on.

Kathleen Romano brought an action against Steelcase Inc. claiming that the defendant permanently injured her so severely that she was confined to misery and home. 

Problem was, said plaintiffs, that the public portions of Romano's Facebook and MySpace sites showed happiness and traveling and a lifestyle inconsistent with her litigation claims of woe. 

So defense counsel asked Romano about her Facebook and MySpace data, and sought not only the live private pages but also deleted pages.  Romano refused, and the defendant pursued.  

It appears, though the opinion is not clear, that Steelcase subpoenaed Facebook and perhaps MySpace for their data, perhaps including deleted data, about Romano's entries.

The enormous attention that the case has received has been understandably confused because the court's opinion is confusing. The following five observations are offered to eliminate the confusion.

1. Basic Rule

Relevant information stored on social networks is generally discoverable in civil litigation.  This simple proposition is largely ignored by most users of social media, and has been largely ignored by lawyers doing discovery in civil litigation.  

But social media are fast becoming a treasure trove for discovery in civil litigation.  E.g., Ledbetter v. Wal-Mart (Facebook and MySpace can be subpoenaed to produce relevant information in civil action).

To be sure, knowing the law, process and technology needed to exploit or defend against this simple truth is a complex art.  But the basic proposition of discoverability is simple and well-established.

Viktor Mayer-Schonberger has written a thoughtful book about the relationship between apathy toward exposing too much information and the technology that catapults that apathy into worldwide, regretable exposure  -- Delete: The Virtue of Forgetting in the Digital Age

He argues that the current bias of information technology is the-more-the-cheaper and accessible-the-better. 

But, he says, when and if enough people, for business and pleasure, value the privacy and protection that comes with good housekeeping of information, the technology can become available to develop an ecology of remembering and forgetting, or storing and destroying, that suits people's real needs and intentions. 

Until then, however, people are recording every day, especially on social media, information that they are likely to wish to forget come litigation. As Romano reminds us.

2. Fourth Amendment

The New York Supreme Court in Romano purports to apply constitutional privacy law from the Fourth Amendment to the U.S. Constitution. 

Although Fourth Amendment privacy law often informs a discussion of privacy under state or federal common law or statutes, e.g., Stengart v. Loving Care, Fourth Amendment law does not actually apply at all to the Romano case because the parties in Romano are not government agents. 

As the United States Supreme Court recently affirmed, the Fourth Amendment only restrains government action.  E.g., City of Ontario v. Quon, 130 S. Ct. 2619 (2010).

3. State Law of Privacy

The Romano court notes that New York state common law does not recognize a right of privacy.  

Because the court then points to no applicable state statutory privacy right, and its reliance on constitution law is misplaced, the court's reasoning lacks any legal foundation.

4. Privacy Is Not Privilege

In civil litigation, privilege is the right to shield information, including documents, from discovery, no matter how important or relevant. The attorney-client privilege is a classic example. 

The Romano court analyzes the privacy question before it as if privacy were privilege -- as if the issue were whether relevant information could be shielded from discovery by privacy.

In most U.S. state and federal jurisdictions, though, privacy does not normally prevent discovery by an opposing party (i.e., privacy is not a privilege). For example, privacy is no excuse for destroying information to keep the information out of a civil case.

Leon v. IDX Systems Corp. Privacy normally justifies only a protective order that limits the use and exposure of the information to the parties for use in the litigation.

Rule 26(c) of the Federal Rules of Civil Procedure, and similar state rules, authorize a court to fashion a protective order "to protect a party or person from annoyance, embarrassment, oppression, or undue burden...." 

Privacy is often weighed in determining whether to issue such a protective order under this rule, but not to prevent discovery. 

The difference is that, even with a protective order, the opposing party gets access to the private information for use in the lawsuit.

5. Other Issues

The Romano court seems spot on about the other major issues that it addresses. The court is correct that placing information on a site available to the public, or even to a few good friends, destroys privacy protection.  

The court is also correct that asserting claims or defenses that put at issue one's physical or emotional condition will dissolve privacy and even privilege protections that might otherwise have protected that information.

Other parts of the court's opinion raise tantalizing questions without resolving them, such as: What impact, if any, does the federal Stored Communications Act, 18 U.S.C. § 2702(b)(3) have upon whether Romano's Facebook information is discoverable? 

Was Facebook subpoenaed, how did it respond, and what relevant active and deleted information did Facebook have? How was MySpace involved, and what responsive information did MySpace have?

Cross-posted from InfoLawGroup

Possibly Related Articles:
General Legal
Legal Privacy Social Networking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.