Data Privacy

The Legal Implications of Social Media: Defamation and Libel

Foong Cheng Leong, Senior Associate, Lee Hishammuddin Allen & Gledhill discusses the legal aspects of social media, focusing in particular on online defamation, admissibility of online data in courts, cybersquatting, domain disputes, and whether there should there be regulation of the Internet and social media, whether directly or indirectly.

He also discusses the fine line between fair Internet policing and control over the Internet, proposed Amendments to the PPPA and the perceived threats to online publications and bloggers.

He also talks about the Malaysian Personal Data Protection Act 2010 (not in force yet) and explains its implications for the ordinary layman.

Life Online Show 16: Naughty things

Podcast interview at the Life Online Show podcast on 2 February 2011.

The following topics were discussed with host John Lim, David Wang from theclickstarter.com, David Lian from Text100, journalist Niki Cheong:

1) Groupon coming into Malaysia by acquiring GroupsMore.com

2) Google establishing a bigger foothold in Malaysia with an office in KLCC.

3) The Malaysian Prime Minister has sent citizens Chinese New Year greetings, but how did he get their e-mail addresses in the first place?

Right to Privacy in Malaysia: Do we have it?

First published on “LoyarBurok and republished on Malaysia Insider on 21 February 2011

If someone installs a CCTV in front of your house, can you stop him from doing so? If our Prime Minister sends his best wishes for the festive seasons to your email and mobile, is he invading your privacy? Whats the state of the right to privacy, and invasions of your privacy, in Malaysia?

Long story short, yes, our constitution recognises the right to privacy under article 5 of the constitution according to the recent Federal Court case of Sivarasa Rasiah v. Badan Peguam Malaysia & Anor [2010] 3 CLJ 507 at 519. Article 5(1) of the Constitution provides that “No person shall be deprived of his life or personal liberty save in accordance with law.” According to Gopal Sri Ram FCJ (as then he was) in the Sivarasa case, the right to personal liberty includes the right to privacy.

What is a “right to privacy”?

The right to privacy is basically the right to be left alone and to live the private aspects of one’s life without being subjected to unwarranted, or undesired, publicity or public disclosure. It is also a right of an individual to seclude oneself or information about himself and thereby reveal himself selectively. For example, the right of being strip searched (and probably do some squats and get recorded see: squatgate).

Invasion of Privacy

However, althought the right to privacy provided by the Constitution, is there an actionable right against someone who invaded your privacy?

Notwithstanding the recognition of such right, such right may not be enforced by an individual against another private individual for the infringement of rights of the private individual as constitutional law (substantive or procedural) will take no cognisance of it (Beatrice Fernandez v. Sistem Penerbangan Malaysia & Anor [2004] 4 CLJ 403).

The tort of invasion of privacy is not a recognized tort under common law (Malone v MPC [1979] Ch 344; Kaye v Robertson [1991] FSR 62 (CA); Khorasandjian v Bush [1993] QB 727, 744 (CA); Wainwright v Home Office [2003] UKHL 53, [2003] All ER (D) 279 (Oct), House of Lords).

The tort of invasion of privacy is not recognized in Malaysia. This basically means that you cannot sue someone for invading your privacy.

The Malaysian High Court cases of Ultra Dimension Sdn. Bhd. v. Kook Wei Kuan [2004] 5 CLJ 285 and Lew Cher Phow @ Lew Cha Paw & 11 Ors v. Pua Yong Yong & Anor [2009] 1 LNS 1256 Johor Bahru High Court Civil Suit No. MT 4-22-510-2007 had held that invasion or violation of privacy is not a recognized tort or a cause of action in Malaysia. In the former case, the Plaintiffs failed in their action for invasion of privacy against the Defendant for taking a photograph of a group of kindergarten pupils, including the Plaintiffs child, at an open area outside the kindergarten and published it in two local newspapers. As for the latter case, the Plaintiffs failed in their application to restrain the Defendants from having a CCTV which faces their house and to remove the same.

Similarly in the High Court case of Dr Bernadine Malini Martin v. MPH Magazines Sdn Bhd & Ors [2006] 2 CLJ 1117, the Court again stated that invasion of privacy is not an actionable wrongdoing.

However, the Court of Appeal judgement of Maslinda Ishak v. Mohd Tahir Osman & Ors [2009] 6 CLJ 653 gave light to the tort of invasion of privacy. Some of you may recall the incident where a guest relations officer (GRO) was photographed easing herself in a truck by a volunteer reserve corps member (Rela) after the GRO was detained in a raid at a club in 2003. The GRO sued the Rela member, Director General of RELA, the Director of JAWI and the Government of Malaysia. She was granted damages for the wrongdoing. However, the case was not on point as to whether the tort of invasion of privacy is a recognized tort in Malaysia.

YB Elizabeth Wong, YB Dr Chua Soi Lek & Actress Nasha Aziz were all victims of privacy invasion.

The case of Lee Ewe Poh v Dr. Lim Teik Man & Anor [2010] 1 LNS 1162 is the first reported Malaysian case that recognizes the invasion of privacy as an actionable tort. In this case, the doctor had taken picture of the Plaintiff’s anus during a medical procedure without informing the Plaintiff. The doctor’s reason for taking such picture was for medical purpose and claimed that taking of photographs during the course of the medical procedure without the consent of the patient is an acceptable practice.

The Court of Appeal judgement of Maslinda Ishak was referred in the judgement of Lee Ewe Poh and the learned Judicial Commissioner relied on the said case to hold that invasion of privacy rights is actionable in Malaysia.

The Learned Judicial Commissioner held in the case of Lee Ewe Poh that (at page 6 of judgement):

The learned trial judge found for Maslinda Ishak against the 1st defendant but not against the other respondents for whom she appealed. The Court of Appeal allowed her appeal and held the respondents to be jointly and severally liable for the wrongful act of their agent as well as vicariously liable. Although Maslinda Ishak’s case is not directly on point, the fact remains that the High Court in so finding has departed from the old English law that invasion of privacy is not an actionable tort and our Court of Appeal indirectly, though this issue was not canvassed, seems to endorse such cause of action when the pleadings were specifically referred to and C.A. did not overrule invasion of privacy as a cause of action on ground that it is not one in line with the English law. Since such a cause of action has been accepted as a cause of action under our common law, it is thus permissible for a plaintiff to found his/her action on it. Drawing an analogy of this Court of Appeal case, I am inclined to hold the view that since our courts especially the Court of Appeal have accepted such an act to be a cause of action, it is thus actionable. The privacy right of a female in relation to her modesty, decency and dignity in the context of the high moral value existing in our society is her fundamental right in sustaining that high morality that is demanded of her and it ought to be entrenched. Hence, it is just right that our law should be sensitive to such rights. In the circumstances, Plaintiff in the instant case ought to be allowed to maintain such claim.

Both Maslinda Ishak and Lee Ewe Poh’s cases are in respect of women’s modesty. It will be interesting to see whether how our right to privacy would extend to. For example, will it extend someone’s surfing habits? If someone had recorded everything you serve on the Internet, would that be an invasion of privacy? (On an interesting note, Google does store your Google search keywords).

Lee Ewe Poh’s case is a High Court decision thus may not be followed by other courts of the same or higher jurisdiction. However, Sivarasa’s case was not referred in the decision of Lee Ewe Poh. With Sivarasa’s case, it will be interesting to see whether the recognition of tort of invasion of privacy will be strengthened by it.

Misuse of Private Information

The recognition of right to privacy in Sivarasa’s case may be a stepping stone to the expansion of the tort of breach of confidence to include “misuse of private information”, a term coined by Lord Nicholls in the House of Lords case of Campbell v. MGN Limited [2004] UKHL 22, in Malaysia. In this case, the House of Lords held that the publication of articles by the Mirror newspaper regarding well known model Naomi Campbell’s attendance at Narcotics Anonymous meetings and her efforts to overcome her addiction to drink and drugs was a misuse of private information. Basically, this tort protects information that is “private”. It affords respect for one aspect of an individual’s privacy.

Closing

If the tort of invasion of privacy or misuse of private information is recognised in Malaysia, this may be used as a remedy against those who had breached the Malaysian Personal Data Protection Act 2010 (which is not in force yet). The present Personal Data Protection Act 2010 does not provide for damages to data subjects for the breach of the said Act unlike the UK Data Protection Act 1988. With such torts, this may bridge the gaps in the Malaysian Personal Data Protection Act 2010.

The effect of the recognition of the privacy rights in Malaysia is far reaching. It may, in no particular order, affect the following:

  • Employees’ rights especially when it comes to employee monitoring;
  • Authorities’ right to conduct searches such as strip searches or search of a premise or vehicle;
  • Internet users’ rights such as the right to remain anonymous (note: bloggers have problem claiming anonymity pursuant to the case of The Author of a Blog v Times Newspapers Limited [2009] EWHC 1358 (QB) where the UK Court held that blogging is a public activity);
  • Details of relationships such as intimate details of partners including intimate pictures;
  • The right of the media to report news regarding individuals;
  • Rights of public figures such as politicians and celebrities; and
  • The position of the admissibility in Court proceedings of illegally obtained evidence which infringes’ an individual’s right to privacy

Well, if you ask me whether the Prime Minister has infringed your right to privacy or had committed misuse of private information, when he sent festive greetings (although I understand it is for good intention) to your emails or mobile phone, my answer is that, it will be an interesting test case in Malaysia!

Blog postings can backfire

First published on The Star Newspaper on 20 January 2011.

PUTIK LADA
By FOONG CHENG LEONG

Social media influence has hit court proceedings, with lawyers trolling blogs and Wikipedia in search of material that can help them argue the case for their clients.

LAST year brought further interesting development to social media and laws all around the world. Cases making references to social media tools saw an increase.

Social media was a tool for lawyers and litigants to help parties to fight their cases. Social media was also the cause of some parties’ mortification and incarceration.

In one High Court judgment last year, the judge recognised the publication of defamatory blog postings by a husband as one of the grounds to present a divorce petition before the expiry of two years from the date of marriage.

He also recognised that a defamatory statement in a blog posting operated in a borderless realm, and would continue to exist until the maker of the blog removed it.

The challenge against the constitutionality of S. 233 of the Communications and Multimedia Act 1998, the provision commonly used against Internet users, was dismissed by the High Court.

In this case, the defendant was charged with making disparaging remarks against the Sultan of Perak during the struggle between Barisan Nasional and Pakatan Rakyat. The court held, among other things, that the section did not impede freedom of expression. S. 233 is to ensure that the freedom given by the Constitution is exercised responsibly.

The use of Wikipedia as a reference is increasingly recognised in Malaysia, notwithstanding that the reliability of Wikipedia is questionable, as anyone can add or edit an entry in Wikipedia.

Nevertheless, the reliance on Wikipedia by our courts can be traced in reported cases as early as 2007.

Last year Wikipedia was referred to in Etonic Garment Manufacturing Sdn Bhd v Kunn-G Freight System (M) Sdn Bhd [2010] 1 LNS 13 (for the meaning of freight forwarder), PP v Murugan a/l Arumugam [2009] 1 LNS 1759 (for the meaning of atherosclerosis) and Thai Long Distance Telecommunication Co Ltd & Anor v Malaysian Maritime Dredging Corpo­ration Sdn Bhd (Kuala Lumpur Suit No: D-22-352-2005, for the meaning of chart datum).

Social media influence had also hit court room proceedings. It is common in Malaysia for people, in particular reporters, to tweet live from the courts. In the United Kingdom, the Lord Chief Justice issued a guideline for the use of live text-based forms of communication from court.

In this guideline, the Lord Chief Justice approved the use of Twitter for court reporting. However, in the US, certain courts ban the use of social media by juries.

In the US case of Romano v. Steelcase Inc, 2006-2233 (N.Y. Super. Sept. 21, 2010), Kathleen Romano sued Steelcase Inc for injuries she suffered after she fell off an allegedly defective desk chair manufactured by Steelcase Inc.

As a result of the fall, she claimed, she suffered restricted movement of her neck and back and “pain and progressive deterioration with consequential loss of enjoyment of life”.

In defence, Steelcase applied to access Romano’s current and historical Facebook and Myspace pages and accounts which are believed to be inconsistent with her claims in the action concerning the extent and nature of her injuries, especially for loss of enjoyment of life. The court granted Steelcase’s application.

Similarly, in McMillen v Hummingbird Speedway Inc, et al, Court of Common Pleas of Jefferson County, Pennsylvania, Civil Division, No. 113-2010 CD, Opinion on Defendants’ Motion to Compel Discovery (Sept. 9. 2010), the plaintiff sued the defendants for injuries suffered.

The defendants claimed that posts on the public portion of his Facebook page showed that he had exaggerated his injuries. The court granted the defendants access to the plaintiff’s private portion of his Facebook and Myspace account to determine whether or not the plaintiff had made any other comments which impeached and contradicted his disability and damages claims.

Closer to home, in a reported Industrial Court case, an employee claimed that she was forced by her employer to resign.

In response, her employer argued that the resignation was voluntary and they produced extracts of the claimant’s blog which showed the claimant had written about her feelings regarding her employment with the employer.

In it, she stated that she wanted to leave the company and admitted that she went for job interviews as she had already decided to go away.

The Industrial Court chairman relied on the blog entries to find that the employee had intended to leave and found that she had gladly tendered her resignation to take on new employment.

In Australia, a hairdresser won compensation for wrongful dismissal after losing her job for making unflattering remarks about her employer on her Facebook.

In Miss Sally-Anne Fitzgerald v Dianna Smith T/A Escape Hair Design [2010] FWA 7358, Commissioner Michelle Bissett for Fair Work Australia said that posting comments about an employer on a website (Facebook) that can be seen by an uncontrollable number of people is no longer a private matter but a public comment.

It would be foolish of employees to think they may say as they wish on their Facebook page with total immunity.

This year brings another exciting watershed to Malaysia’s social media legal sphere. The Personal Data Protection Act 2010, which governs the processing of personal data, is pending enforcement.

Proposed amendments to the Copyright Act 1987 have been drawn up in the form of a Bill to exempt Internet service providers from liability for copyright infringement under certain circumstances.

The Bill also empowers the court to order an Internet service provider to disable access to infringing material.

Furthermore, the so-called Internet Service Providers Liability Act may be passed to compel Internet service providers to take action against their users if they download songs or movies illegally.

Lew Cher Phow @ Lew Cha Paw & Ors v Pua Yong Yong & Anor

First published on 10 March 2010

(Johor Bahru High Court Suit No. MT4-22-510-2007)

In this case, the Plaintiffs and the Defendants were neighbours. The High Court had dismissed an application by the Plaintiffs who applied for an order for interlocutory injunction to restrain the Defendants from installing any CCTV cameras at the Defendants’ house which faced the Plaintiffs’ house as well as also for an order to compel the Defendants to remove their CCTV cameras that were installed facing the Plaintiffs’ house.

The Plaintiffs alleged that the act of the Defendants installing the CCTV cameras had intruded their livelihood and daily activities. The Defendants on the other hand alleged that the CCTV cameras were for security reasons as their house had been intruded before and also that the CCTV cameras only showed the Plaintiffs’ house as background.

The grounds given by the High Court in dismissing the Plaintiffs’ application are, among others, as follows:

(a) there is no evidence to show that the CCTV cameras intruded the livelihood and daily activities of the Plaintiffs. Further, there is no evidence in the Plaintiffs’ affidavit to show that the CCTV cameras recorded the Plaintiffs’ activities.

(b) the Defendants are entitled to install CCTV cameras for security and safety purposes.

(c) if the interlocutory injunction is granted this will bring a legal implication to the general public especially when CCTV cameras are installed at residential and commercial premises to protect the safety of the general public.

(d) there is no right of privacy in Malaysia thus the Plaintiffs do not have the right to institute an action against invasion of privacy rights.

Personal data and the law

Published in The Star Newspaper on 5 August 2010

As the Personal Data Protection Act 2010 will be in force any time soon, data users are advised to be familiar with, and to start adhering to, its principles.

THE Personal Data Protection Act 2010 that is set to be enforced regulates the collection of personal data by parties for commercial transactions and will change the way we do business.

In brief, personal data is defined as any information that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user.

A data user is basically the party using the personal data of an individual, which is referred to as data subject in the Act.

Personal data may take various forms and may be a name combined with other information, passport/identity card number, telephone number, photograph, fingerprint, or DNA.

A name itself cannot be personal data as there may be many individuals with the same name. However, where the information is combined with other information such as an address, this may be sufficient to identify an individual.

Unfortunately, the Act is only limited to personal data in respect of commercial transactions. Social media networking websites such as Facebook and Twitter, and foreign website owners are not subject to the Act.

This limits the type of personal data that are protected, for example, intimate photographs of individuals. As such data is normally not collected through commercial transactions, their distribution may not contravene the Act.

In Hong Kong, such data is covered. In an incident relating to the online circulation of nude photos of certain celebrities, the Privacy Commissioner for Personal Data decreed that such photographs are caught under the Hong Kong Personal Data (Privacy) Ordinance.

The Act sets out seven principles which a data user must adhere to when dealing with personal data. They are General, Notice and Choice, Disclosure, Security, Retention, Data Integrity and Access.

Failure to comply with any of the seven principles amounts to an offence punishable with a fine not exceeding RM300,000 or imprisonment not exceeding two years or both.

Under these principles, the collection and use of personal data must be consented to by the data subject, and steps must be taken to ensure that they are updated, correct and stored securely.

Further, adequate notice must be given to data subjects that their personal data will be used, and the purpose of the same. Data subjects should also be given the choice to opt out from giving certain personal data. Personal data no longer in use has to be destroyed.

Consent is not defined in the Act but a positive consent — written, oral or electronic — would be sufficient. However, positive consent would not apply in a scenario where a data user sends a form requesting consent and the form states that consent is assumed if no response is given. Failure to respond may not be considered as consent under the Act.

As the Act only applies to personal data in respect of commercial transactions, whether blogs would fall under its purview would depend on the circumstance of the case. If a blog is established purely for a recreational purpose, the Act may not apply due to the limitation of the definition of personal data.

A website generally collects personal data in two situations: when a user visits the website, and when a user provides information to the website operator, e.g. through an online form.

Information collected from a visitor to the website would include the IP address of the visitor and also cookies. Cookies are files used by websites to collect information about a user’s online activity. It can recognise a computer when a user logs on and can allow a website to store and remember usernames and passwords. Such information must be properly kept and not revealed to third parties.

As for the latter situation, website operators should inform the visitor that his or her information will be kept and used by them and their related parties. If website operators wish to use the information for other purposes, such as for marketing, they should obtain consent from the data subject.

Also, if personal data will be transferred outside Malaysia, consent should be obtained, otherwise any reference to the owner should be removed as it is an offence under the Act for a data user to transfer personal data outside Malaysia.

Companies need to be careful when sending out marketing materials. Under the Act, data users may be liable to a fine not exceeding RM200,000 or imprisonment not exceeding two years or both if they refuse to cease sending unsolicited marketing materials.

Following the security principle, personal data collected by website operators must be kept properly to ensure that they are not leaked. Proper security measures such as encryption must be in place.

If personal data is meant to be revealed to the public, notice should be given ahead and consent obtained. For example, a web forum should indicate to its users that information will be revealed to the public if requested. However, if the personal data is requested by a competent authority, consent may not be required.

In addition, website operators should also consider inserting a privacy policy statement on their websites in a specific page accessible by a visitor.

The privacy policy should state:

> WHAT will be done with the personal data;

> WHO is collecting the personal data;

> WHAT personal data is being collected;

> whether the personal data will be transferred out of Malaysia: AND

> whether the personal data will be disclosed to third parties.

As the Act will be in force any time soon, data users are advised to start adhering to its principles. Notice and consent of data subjects are the keys to allow a data user to use personal data. As such, data users should revise their data collecting system to be in line with the seven principles.

Unfortunately, at this stage, the extent and applicability of the Act is unknown and it seems to be wide and far reaching and, to a certain extent, excessive. In this regard, a Personal Data Protection Commissioner should be appointed soon to address these uncertainties.

In many jurisdictions with data protection legislation, the respective Commissioners play a vital role in determining the scope and applicability of the Act and will from time to time issue good practice notes or clarifications to the public.

1 6 7 8 Scroll to top