Nowadays, we live in an information age (also known as the computer age, digital age or new media age) and the advancement of technologies has facilitated information flow and communication through social media. On one hand, people have easy and quick access to others’ information, enabling interaction with one another. However, the free flow of information and wide participation in social media networks also exposes a person to various risks or dangers. Notable examples of such risks or dangers are the loss of privacy and cyber-bullying.
In this regard, the Office of the Privacy Commissioner for Personal Data, Hong Kong (“Privacy Commissioner”) has recently issued two leaflets on this subject; one is “Cyber-bullying – What you need to know” reminding people of the privacy and legal issues in relation to cyber-bullying and the other is “Protecting Online Privacy – Be Smart on Social Networks”, giving people practical tips to protect their privacy on social networks.
What is cyber-bullying?
Cyber-bullying generally refers to those actions that make use of communication and information technologies to harm or harass other people in a deliberate manner. The platforms that may be used include emails, text or audiovisual messages sent to web pages and discussion groups. Cyber-bullying usually takes the form of harassment, intimidation, threats, disclosure of genuine identities or rumours and falsehoods intended to damage one’s reputation. Some common examples are sending threatening or harassing messages to the victims by email, posting messages or remarks in a discussion forum to criticize a person or gossip about that person or displaying the photos and home address of the victim to enable others to harass the victim. One of the key characteristics is that the person who commits the cyber-bullying is able to hide his/her real identity and this is also the reason why cyber-bullying can become difficult to stop.
How to prevent cyber-bullying
When a person gives out personal information about oneself through communication and information technology platforms, they run a risk that such personal information may be accessed by people who would use such personal information to engage in cyber-bullying. Therefore, one has to be very careful in deciding whether and to what extent personal information should be disclosed in the circumstances. One good way to prevent cyber-bullying is to avoid being identified by others and not to disclose one’s personal information on social media networks unless you are aware of your rights and the possible consequences of such disclosure.
There are some general guidelines in the use of the social networks to protect from cyber-bullying:
With the widespread use of social networks, there is an increasing trend of cyber-bullying and the number of complaints and enquiries received by the Privacy Commissioner has sharply increased this year.
Currently, there is no statute law in Hong Kong governing cyber-bullying. If cyber-bullying activities involve criminal offences (e.g. criminal intimidation, blackmail, etc.), they are governed by the relevant legislation (e.g. Crimes Ordinance) and the victim may report the case to the police. If the activities involve civil wrong (e.g. defamation, infringement of intellectual property, etc.), the victim may consider pursuing civil remedies as legal recourse. However, victims may not find civil remedies desirable due to the costs involved in bringing a civil action and the practical problems faced by an unrepresented claimant.
The collection and use of personal data relating to social media networks are also governed by the Personal Data (Privacy) Ordinance (“PDPO”). If it is suspected that the cyber-bullying activities involve a breach of the Personal Data (Privacy) Ordinance and the data protection principles (“DPPs”), the victim may lodge a complaint with the Privacy Commissioner.
For example, DDP1 requires that the collection of personal data by data user should not be excessive and shall be necessary for a lawful purpose directly related to its function and activity of the data user. If a person collects the personal data for an unlawful purpose, it could be a breach of DPP1.
Also, DPP3 provides that personal data shall only be used for the purpose for which it was to be used at the time of the collection of the data or a directly related purpose. If the personal data will be used for a new purpose, the prescribed consent of the data subject is required. Although there is an exemption from the DPPs if the personal data held by an individual is concerned only with the management of his personal, family or household affairs or is held only for recreational purposes, if the personal data is used for other purposes (e.g. for cyber-bullying), the exemption may not be applicable. Even if the personal data is available in the public domain, due regard must be given to the data user’s original purposes of making the personal data available in the public domain. If the relevant websites have any privacy statement and terms and conditions specifying the permitted use of the available data, any use which goes beyond the allowed scope could be a breach of DPP3.
Apart from reporting the matter to the relevant authorities, the victim may also report to the relevant service provider or the social network provider to see in what ways it can help to resolve the problem (e.g. by removing the postings or blocking the cyber-bullies).