A Betrayal Among Friends: Privacy Issues Surrounding Posts on Facebook
Exactly what protections should be granted to individuals who post information on Facebook? This was the question before the US District Court of NJ at a summary judgment hearing in the case of Deborah Ehling v. Monmouth-Ocean Hospital Service Corp., et al., 2012 BL 131926 (D.N.J. May 30, 2012). The Plaintiff was an employee of Monmouth-Ocean Hospital Service Corporation (“MONOC”) and also served as the Acting President of the local union for Professional Emergency Medical Services Association – New Jersey. In her union role, she filed multiple complaints against MONOC that she claims initiated MONOC’s retaliatory conduct against her.
The Plaintiff maintained a Facebook account during the term of her employment with MONOC and designated a number of her co-workers as friends on the website. The Plaintiff stated in her complaint that MONOC “gained access to Ms. Ehling’s Facebook account by having a supervisor(s) summon a MONOC employee, who was also one of Mr. Ehling’s Facebook friends, into an office” and “coerc[ing], strongerarm[ing], and/or threaten[ing] the employee into accessing his Facebook account on the work computer in the supervisor’s presence.” Id. at 2 citing Am. Compl. 20. The MONOC supervisor viewed and copied numerous postings by the Plaintiff including one regarding a shooting at the Holocaust Museum in Washington D.C. in which the Plaintiff posted:
An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards…go to target practice.
Id. at 2 citing Certificate of Elizabeth Duffy Ex. C, ECF No. 11. On June 17, 2009, MONOC sent notice of the Plaintiff’s Facebook post claiming concern for a disregard of patient safety to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services. The Plaintiff then brought her suit against MONOC in which, among other claims, she alleged a violation of the New Jersey Wiretapping and Electronic Surveillance Control Act (“NJ Wiretap Act”) and a common law invasion of privacy, for which MONOC moved for dismissal of each complaint.
The Plaintiff maintains that the Defendant violated the NJ Wiretap Act by the unauthorized accessing and monitoring of the Plaintiff’s electronic communications stored in her Facebook account. An individual will violate the NJ Wiretap Act if that person: “(1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or electronic communication while that communication is in electronic storage.” N.J.S.A 2A:156A-27(a). The NJ courts have determined that the NJ Wiretap Act does not apply where the communication was received by the recipient, stored by such recipient and then retrieved or viewed by another without permission because “the strong expectation of privacy with respect to communication in the course of transmission significantly diminishes once transmission is complete.” White v. White, 344 N.J. Super. 211, 200 (Ch. Div. 2001).
The Court dismissed Plaintiff’s NJ Wiretap Act claim because the Plaintiff failed to allege that the Defendant viewed Plaintiff’s post during transmission. The Court found that the Plaintiff’s comments were clearly in post-transmission storage when they were accessed by the Defendant and as such, the NJ Wiretap Act does not apply.
The Plaintiff further claimed that the Defendant committed a common law invasion of her privacy by accessing her Facebook page without permission. In order to establish a claim for invasion of privacy under New Jersey law, a plaintiff must be able to prove that: “(1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person.” Ehling at 5 citing Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). The Plaintiff maintains that she had a reasonable expectation of privacy in her posts on the Facebook site because she had limited access to her account to those individuals deemed “friends” on the website. Accordingly, Plaintiff maintains that her comments were not generally available to the public. Conversely, the Defendant disputes that such an expectation of privacy can arise when the Plaintiff made her post available to “dozens, if not hundreds, of people.” Ehling at 6.
The Court considered the emerging privacy issues which surround social networking sites. It noted that:
On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communication.
Id. at 5 (emphasis and internal citations omitted). Despite the clear boundaries on the continuum of online privacy issues, the courts have not come to a clear consensus regarding the expectations of privacy for those communications which fall somewhere in between public websites and password-protected email accounts. Most courts acknowledge that a communication may still be considered to be private even if it has been disclosed to one or more persons. Interestingly though, the answer of question as to how many people must know a fact before it is considered public varies greatly among the courts. As reported by the Ehling Court, in Multimedia Wmaz v. Kuback, the court found that disclosure of information by the plaintiff to sixty people did not render it public. Id. at 6 citing Multimedia Wmaz v. Kuback, 212 Ga. App. 707, 7-0 & n. 1 (Ga. Ct. App. 1994). Conversely, the Eight Circuit found that the plaintiff did not have an expectation of privacy when she shared certain information with two of her coworkers. Id. at 6 citing Fletcher v. Price Chopper Foods of Trumann, Inc. (8th Cir. 2000).
Given the unsettled nature of this area of law, the Court rejected the Defendant’s motion to dismiss the Plaintiff’s violation of privacy claim and will hear arguments on this point during the trial.
It will be interesting to see where the NJ District Court falls within the privacy continuum but one thing is clear: it is best to follow the advice of Facebook, “Always think before you post. Just like anything else you post on the web or send in an email, information you share on Facebook can be copied or re-shared by anyone who can see it.”