I saw a tweet today that a post on the FierceHealthcare blog overstated the privacy and security issues implicated by a faux Facebook page targeting a healthcare company CEO, as reported in this Murray (KY) Ledger article. While I see his (David Harlow’s) point that it’s not apparently a HIPPA or HIT privacy breach, it is instead, old school invasion of privacy by an unknown Facebook user.
I admit I enjoy following faux Twitter accounts of public figures, like, e.g., UnPeter Angeles, mocking the owner of the Orioles. Good ones are laugh out loud social commentary. Such faux tweets are protected (like it or not) by the First Amendment. But private figures who fall prey to a faux Facebook or Twitter accounts find removing what is often per se defamatory content maddenly difficult. A safeharbor from liability provided under Section 230 of the Communications Decency Act insulates Internet Service Providers (ISPs) like Facebook from the tortious conduct of its users. The result is that ISPs like Facebook have less incentive to expeditiously remove such unauthorized accounts. Even worse, Facebook has a process the innocent victim must endure in order to protect the privacy of the acount holder.
The CEO is the victim of an Internet troll (the unidentified account holder) who misappropriated his name and likeness and cast him in a false light, two types of classic invasion of privacy. The focus of classic invasion of privacy laws is the right to be “left alone.” Invasion of privacy laws vary by state but differ significantly from laws protecting consumers shopping online, in financial transactions, credit card breaches, in HIPPA violations, etc.
Our interactive world can’t prevent trolls very well. ISPs, including websites operated by the CEO’s healthcare company, rely on the Section 230 safeharbor to do business online. The web could not this rich marketplace of ideas if ISPs had to defend against every user’s hurt feelings. The victim can pursue recovery from the account holder if identified. In some cases they are successful. Often though, because the account holder’s identity is either elusive or he is judgment-proof, the only recourse is to ignore the faux page.