Global Freedom of Expression

Español العربية

CG v. Facebook Ireland Ltd

In Progress Mixed Outcome

Key Details

  • Mode of Expression
    Electronic / Internet-based Communication
  • Date of Decision
    December 21, 2016
  • Outcome
    Affirmed in Part, Reversed in Part, Monetary Damages / Fines
  • Case Number
    [2016] NICA 54
  • Region & Country
    United Kingdom, Europe and Central Asia
  • Judicial Body
    Appellate Court
  • Type of Law
    Civil Law, International/Regional Human Rights Law
  • Themes
    Privacy, Data Protection and Retention
  • Tags
    Privacy, Intermediaries Liability, Internet Service Providers, Rights of Others, Open Court Principle

Content Attribution Policy

Global Freedom of Expression is an academic initiative and therefore, we encourage you to share and republish excerpts of our content so long as they are not used for commercial purposes and you respect the following policy:

  • Attribute Columbia Global Freedom of Expression as the source.
  • Link to the original URL of the specific case analysis, publication, update, blog or landing page of the down loadable content you are referencing.

Attribution, copyright, and license information for media used by Global Freedom of Expression is available on our Credits page.

Case Analysis

Case Summary and Outcome

The Northern Ireland Court of Appeal held Facebook and one of its users liable for “misuse of private information” since the user’s posts disclosed a sex offender’s photograph, name, address and previous offences. The case was brought by CG, who had been sentenced for indecent assault and gross indecency, against Facebook and Mr. McCloskey because personal information and threats to his safety had been posted on McCloskey’s Facebook page entitled “Keeping Our Kids Safe from Predators 2”.  In regard to disclosure of previous convictions, the Court noted the importance of open justice and the public’s right to know about such convictions.  However, it was held that considering the harassment context to which CG was subject, he had a “reasonable expectation of privacy” in relation to the cumulative disclosure of his personal details and his resulting exposure to potential acts of vigilantism. On the basis of the Google Spain case, the Court held that Facebook Ireland was a data controller and could therefore be held liable for failing to expeditiously respond to requests to take down the impugned information. Furthermore, the Court found that Facebook was not under an obligation to monitor information it transmits and stores, and therefore rejected the lower courts assertion that Facebook should have been aware of previous litigation against McCloskey and proactively removed the private information.  Although Facebook was found liable, it was limited and the Court of Appeal in Northern Ireland took a detailed look at the notice that was given to Facebook to ensure that liability would only arise where Facebook had been provided with the substance of a claim in misuse of private information, and the identification of the unlawful content.


Facts

This case arose from a claim brought by CG, an individual who had been convicted of a number of sex offences in 2007, against Facebook Ireland Ltd and a Facebook user (Joseph McCloskey).

In April 2013, following his release, CG discovered that he had been identified on a Facebook page entitled “Keeping our Kids Safe from Predators 2” (the “Predators 2” page). One of the posts on the page contained an article from the Irish News identifying him by name, detailing his convictions, and containing a photograph of him. Under this post, other users published violent and abusive comments, identified an area where he was living or might be living, and identified where his family was residing. The Facebook page was operated by Mr. McCloskey. Between April 26, 2013 and May 22, 2013, when all the material was removed from Facebook, there had been correspondence between CG’s solicitors and Facebook about the posts on the”Predators 2″ page and their alleged unlawfulness.

On November 13, 2013, RS (the father of one of CG’s victims) uploaded a photograph of CG that had appeared on the “Predators 2” page, identified him as a convicted sex offender, and stated the area in which he was believed to be living. He described CG as a danger to kids. Between November 15, 2013 and December 3/4, 2013, when the content was removed from Facebook, CG’s solicitors and Facebook corresponded over the alleged unlawfulness of these posts.

Earlier litigation, XY v Facebook Ireland Ltd (the XY Litigation), was relevant to this case. These proceedings concerned another Facebook page owned and operated by Mr. McCloskey entitled “Keeping our Kids Safe from Predators”. The High Court granted an interim injunction requiring Facebook to remove the page on the basis that it constituted unlawful harassment. Mr. McCloskey then promptly created the “Predators 2” page.

The High Court of Northern Ireland found that Mr. McCloskey had harassed CG, and held that Mr. McCloskey and Facebook were liable for “misuse of private information”. With regard to Facebook, the High Court determined that they had received requisite notice fixing them with liability for the content on the “Predators 2” page and RS’s page. In reaching this conclusion, the High Court determined that the XY litigation gave Facebook sufficient notice of Mr. McCloskey’s activities on Facebook to make them liable for his subsequent activity.

Facebook appealed the ruling to the Court of Appeals specifically in regard to whether it was liable in damages for misuse of private information.


Decision Overview

The judgment of the Court of Appeal in Northern Ireland (Court) was handed down by Morgan LCJ, with Gillen and Weatherup LLJ concurring.

The Court began by noting that there was no dispute between the parties that the trial judge was correct to find that Mr. McCloskey had harassed CG, and that an injunction should have been granted to terminate the “Predators 2” page. The Court noted that although the torts of harassment and “misuse of private information” seek to safeguard the same values, they are not interchangeable.

The Court went on to consider the claim of “misuse of private information”, which could only be relied on where the claimant demonstrates they have a “reasonable expectation of privacy” over the relevant information. It noted that intrusion was central to this claim, and that the context of a case is important but not decisive to such claims. The Court reasoned that “the context can include the disclosure or repetition of information which itself is not protected but which together with other private information can lead to unlawful intrusion.” [para. 42] The Court took issue with the finding of the trial court that each piece of information at issue was private in this case.

In regard to disclosure of previous convictions, the Court noted the importance of open justice and the public’s right to know about such convictions;

“[i]nformation about what has happened in open court can be freely communicated by members of the public unless there is some compelling reason to prevent it. The open justice principle is fundamental to securing public confidence in the administration of justice and is particularly important in the criminal context where the public is concerned with the punishment and rehabilitation of the offender and the extent of the risk of harm he may present. This is, therefore, a factor of very significant weight which can only be outweighed by the interest of the individual in freedom from intrusion in the most compelling circumstances.” [para. 44]

The Court also took issue with the trial judge’s reliance on the definition of sensitive data under the UK Data Protection Act 1998 to determine whether information was private, stating that such definitions were not interchangeable because the Act “regulates those who are engaged in the control and distribution of organised information about members of the public. The fact that the information is regulated for that purpose does not necessarily make it private.” [para. 45] The Court concluded that the principle of open justice should not be qualified to prohibit republication of an offender’s name and details of their conviction. Furthermore, the Court noted that whether an address or location of an individual is private is likely to be highly fact sensitive. In this case, the context was a campaign of harassment against CG, and this was determinative as to whether CG had a “reasonable expectation of privacy” in relation to the information disclosed. It was held that whilst publication of information such as the photograph of CG might not ordinarily be information over which he held a “reasonable expectation of privacy”, the harassment context to which CG was subject meant that he had a “reasonable expectation of privacy” in relation to the cumulative disclosure of his photograph, name, locality and circumstances of his offence due to “the risk that those who wished to do him harm could have established his whereabouts in order to do so”. [para. 49]

The Court then went on to consider the limited liability of information society services (“ISS”) under the Electronic Commerce (EC Directive) Regulations 2002 (2002 Regulations). The Court noted that these Regulations, alongside the EU e-Commerce Directive, excluded internet hosts from liability for damages unless they have “actual knowledge” of the unlawfulness of the publication or knowledge of facts and circumstances which make the unlawfulness apparent (Regulation 19 of the 2002 Regulations). The Court held that Facebook was clearly an internet host in the circumstances of the present case. The Court noted that a host can obtain “actual knowledge” of unlawfulness by receiving notice of the unlawful content (Regulation 22 of the 2002 Regulations), but this did not require that notice be given through Facebook’s online notification procedure. The Court also noted that the e-Commerce Directive prohibits the imposition of a general obligation on an ISS to monitor information they transmit or store.

The Court then considered whether the trial judge had been correct to find that Facebook had the requisite knowledge to be found liable for damages for “misuse of private information” in the circumstances of the present case.

The Court first considered the finding of the trial judge that the XY litigation was itself sufficient to consider Facebook to have either “actual knowledge” of unlawful disclosure on the “Predators 2” page or awareness of facts and circumstances from which it would have been apparent that the publication of the information constituted “misuse of private information”. The Court disagreed with the trial judge’s findings, stating that such liability would only arise if Facebook had been under a monitoring obligation (which is prohibited under the e-Commerce Directive). The Court noted that the XY litigation concerned  a claim of harassment, not a claim in “misuse of private information”, and could not fix Facebook with knowledge about the publication of private information about CG.

The Court then went on to consider other forms of notice given to Facebook. The Court found that the letters sent by CG’s lawyers to Facebook in relation to the “Predators 2” page failed to provide “actual notice” of the basis of their claim as advanced before the Court. No case had been made out in those letters as to why the relevant information should be deemed private. The Court highlighted that the omission of the correct form of legal characterization of the claim was not determinative of whether actual notice had been conveyed, but notice needed to contain “an indication of a substantive complaint in respect of which the relevant unlawful activity is apparent” (in this case, this was the publication of material tending to identify CG’s location in the context of a campaign of harassment). [para. 69]

The Court did find, however, that a letter sent on November 26, 2013, in relation to the post on RS’s page, did fix Facebook with “actual knowledge” of the facts and circumstances that made it apparent that the material published amounted to private information. This letter complained of the identification of the general area in which CG was living and referred to the police having warned him that his life was under threat from paramilitaries. It was held that Facebook was put on notice from this date and failed to act expeditiously to take down the information as the content was not removed until  December 4/5, 2013. The Court found Facebook liable to CG in damages for “misuse of private information” for the period between November 26, 2013 and December 4/5, 2013.

The Court also found that Facebook Ireland was a “data controller” under the UK Data Protection Act 1998 and could, therefore, be held liable under this Act for unlawful data processing. Nonetheless, the Court concluded that Facebook could still benefit from the liability protections under the 2002 Regulations against claims in damages under the UK Data Protection Act 1998.


Decision Direction

Quick Info

Decision Direction indicates whether the decision expands or contracts expression based on an analysis of the case.

Mixed Outcome

This decision has a mixed outcome. Although Facebook as an intermediary, and one of its users, were found liable in damages for “misuse of private information” for information disclosed on the Facebook site, the appellate court limited the duration in which Facebook could be found to have the knowledge required to fix it with liability. In doing so, the Court of Appeal in Northern Ireland took a detailed look at the notice that was given to Facebook to ensure that liability would only arise where Facebook had been provided with the substance of a claim in misuse of private information, and identification of the unlawful content. The Court of Appeal in Northern Ireland also determined that Facebook will not have sufficient knowledge of a user’s unlawful postings simply on the basis that similar litigation had been taken against the same user in the past (as such an approach would require a level of monitoring activity from the intermediary).

Global Perspective

Quick Info

Global Perspective demonstrates how the court’s decision was influenced by standards from one or many regions.

Table of Authorities

Related International and/or regional laws

  • ECJ, Google Spain v. Agencia Española de Protección de Datos (AEPD), C-131/12 (2014)
  • ECJ, L'Oréal SA v. eBay International AG, Case C 324/09 (2011)
  • ECJ, Weltimmo v Nemzeti Adatvedelmi, Case C-320/14 (2016)
  • E.U., Directive on Electronic Commerce, 2000/31/EC

National standards, law or jurisprudence

  • U.K., Data Protection Act 1998
  • U.K., In the matter of an application by JR38 for Judicial Review, [2015] UKSC 42
  • U.K., Murray v. Express Newspapers PLC, [2008] EWCA Civ 446
  • N. Ir., Callaghan v. Indep. News and Media Ltd, [2009] NIQB 1
  • U.K., Green Corns Ltd v Claverley Group Limited, [2005] EWHC 958
  • U.K., R v Curtis, [2010] EWCA 123
  • U.K., R(C) v. Secretary of State for Justice, [2016] UKSC 2
  • U.K., R(T) v Chief Constable of Greater Manchester Police [2014] 3 WLR 96
  • U.K. Richardson v Facebook and Google (UK) Ltd, [2015] EWHC 3154 (QB)
  • U.K., OBG v Allan, [2008] 1 AC 1
  • U.K., Electronic communications. The Electronic Commerce (EC Directive) Regulations (2002)

Case Significance

Quick Info

Case significance refers to how influential the case is and how its significance changes over time.

The decision establishes a binding or persuasive precedent within its jurisdiction.

The decision was cited in:

Official Case Documents

Official Case Documents:


Have comments?

Let us know if you notice errors or if the case analysis needs revision.

Send Feedback