Defamation Online - Defamation, Intermediary Liability and the Threat of Data Protection Law

Date01 January 2020
Author
82
Defamation Online – Defamation, Intermediary
Liability and the reat of Data Protection Law
SHAY BUCKLEY*
A. Introduction
A perennial issue with data protection is its scope, with ‘the assumption that
data protection law should be comprehensive, stretching data protection to the
point of breaking, and making it meaningless law in the books’.1 By consistently
increasing the scope of both denitions and the data subject rights, data protection
risks becoming redundant as the obligations become near impossible to comply
with. e increased scope of data protection, particularly in light of the General
Data Protection Regulation (‘GDPR’)2, also risks rendering certain aspects of the
defamation framework redundant. As data protection and defamation law both
broadly seek to protect the same thing – informational self-determination – there
is a certain crossover between the two in relation to the protection of reputation.
e expansion of data protection into the area of reputational protection,
however, presents signicant dangers to freedom of expression online, without the
protections and defences oered by defamation law.
e focus of this article will be on defamation and data protection liability
in relation to comments and posts on social networking services – but sits in
this broader framework, where defamation is challenged in its dominance of
reputational protection by the emergence of stringent data protection regulations.3
Defamation law has struggled to stay abreast of technological developments, with
Binchy J commenting in Muwema v Facebook Ireland that it was a matter of ‘grave
concern’ that the Defamation Act 2009 did not permit an injunction to be taken
against the defendant to remove allegedly defamatory posts, with persons ‘whose
reputations are seriously damaged by anonymous and untrue internet postings …
le without any legal remedy against the site hosting the publication’.4 is leaves
potential lacunae for data protection to step in and provide eective remedies for
the wronged party. However, while perhaps being benecial from the perspective
* B.C.L. (International) (UCC), LL.M. (LSE). e author would like to thank Dr Andrew Scott for
his assistance and advice on an earlier dra of this article.
Bert-Jaap Koops, ‘e Trouble with European Data Protection Law’ (2014) 4(4) International Data
Privacy Law 250, 251.
2 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of
natural persons with regard to the processing of personal data and on the free movement of such
data [2016] OJ L119/1.
3 David Erdos, ‘Data Protection and the Right to Reputation: Filling the “Gaps” Aer the Defamation
Act 2013’ (2014) Cambridge Law Journal 536, 536.
4 Muwema v Facebook Ireland [2016] IEHC 519 [65] (‘Muwema’).
Defamation Online 83
of the defamed party, serious questions are raised about the risk to freedom of
expression caused by the use of data protection in this way. is article will seek
to examine whether data protection can be used in this way, and whether this is a
development that should be welcomed or warned against.
e article will begin with an examination of how the internet has impacted upon
reputational protection. Against this background, the possibility, and diculty, of
using defamation law to protect one’s reputation when defamed on a social media
service will be examined – focussing on the practicability of seeking redress against
the individual, and the liability that could be imposed on the intermediary. UK law
will be utilised to assist in this analysis, given the more recent legislation and the
similar nature of the regimes. Faced with signicant diculties, the article will turn
to data protection and the GDPR in order to assess how that framework could be
utilised in such a scenario and the impact such a development could have on free
speech on the internet.
Data protection will be shown to have the unfortunate potential to radically alter
speech on the internet, by simple application of its central goal of informational
self-determination to defamatory (or even just harmful) speech of others on the
internet. However, while a textual possibility, this article will contend that in both
practical and legal reality, there remains considerable uncertainty about whether
data protection will take on such a speech moderation role, based upon the freedom
of expression provisions in the GDPR and recent decisions by the Court of Justice
of the European Union (‘CJEU’). is does not alleviate the concerns raised, as
until further clarity is provided, the spectre of data protection and its heavy nes
will hang over a social media service and threatens to encourage the over-removal
and chilling of legitimate speech.
B. Reputation and Online Speech
Online internet speech is vastly dierent to the forms of speech that defamation law
developed around controlling. A single post on a popular social media platform can
traverse the globe immediately, existing in permanent and potentially untraceable
form and destroy the reputation of an individual instantaneously. e internet has
created an ‘architecture of perfect memory’5 meaning that false and defamatory
statements will no longer be buried under a deluge of other salacious news of public
interest but will forever remain linked to the person’s name, accessible by an easy
internet search. To paint the above as entirely negative aspects of the internet would
be disingenuous – anonymity, rapidity and accessibility of information are all part
of what makes the internet essential to modern freedom of expression.6
5 Patrick O’Callaghan and Sylvia de Mars, ‘Narratives about Privacy and Forgetting in English Law’
(2016) 30(1) International Review of Law, Computers and Technology 42, 49.
6 Del AS v Estonia (App No 64569/09) [133].

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT