I’m not alright, Jack

The danger of being a specialist is sometimes being incapable of seeing the wood for the trees. A story emerges, I spot the Data Protection or privacy angle in it, and then that’s all I am interested in. Therefore, let me be clear that I understand that the most important thing about Laura Bates’ article in the Guardian about juvenile Facebook ‘pranksters’ is the harassment and misogyny that they simultaneously exhibit and celebrate. If you haven’t read Bates’ article, I recommend it. It’s a striking and depressing account of how women are targeted by YouTube pranksters without their consent.

The main subject of Bates’ article is Jack Jones, whose output is a mix of badly-staged stunts and pestering regular people. He makes Dapper Laughs look like Chris Morris. Nevertheless, Jones is not a random cheeky chappie posting vines as he goes about his day. Jones is big business. His YouTube channel makes money, and the main contact on his Twitter account is his agent (inevitably, his agent is called Terry). For obvious reasons, I’m not linking this blog to any of Jones’ output: if you want to see it, find it for yourself. Bates explains the harassment issues better than I ever could, so having underlined that, I still think that as a secondary issues, the DP issues are worth a look.

Even if you think that Jones and his ilk are harmless (we’ll agree to disagree on that one),   Jones is publishing images of people without their consent. Even if every one of his vines and videos was staged and he had consent for every publication, he would still be a Data Controller, albeit he would be a total fake, and still glorying in the notion of humiliation as Bates has already said. However, it’s clear from some of the material and Bates’ article that some of his targets are completely unwilling.

The law on Data Protection is clear. Anyone who processes personal data is covered by the Data Protection Act, and they are obliged to comply with the Data Protection principles. There are exemptions that might be tempting for the cheeky YouTuber, but I’m afraid they don’t apply here. Firstly, as I will never tire of pointing out, the Lindqvist judgement of 2003 makes clear that domestic purposes end at the start of the internet. Even the tidying-up exercise in the General Data Protection Regulation only applies to someone’s “purely personal” use of social media, and that’s not even in force yet. Jones isn’t an ordinary joe, and his publications aren’t domestic.

Of course, Jones could claim to be exempt on the basis of the Special Purposes Exemption in S32, which allows for a balance between many of the Data Protection principles and the public interest in publication in the public interest. I would be fascinated to see an argument that the public interest in Jones’ gurning antics outweighing the need to get consent or process data fairly, but the problem here is that this decision hasn’t been made actively. Whether Jones genuinely evolved from ordinary bloke to YouTube superstar or he’s like one of those X-Factor candidates who turns out to have gone to the Fame School, nobody in this industry thinks / cares about Data Protection. It’s all clicks and cash in cyberspace.

In any case, Jones (or presumably his management company) isn’t exempt from notification, and I can find no evidence of a data protection notification in Jones’ name. Virtually no publisher argues that S32 gets you out of notification, and failure to notify is a criminal offence. Even if the gathering and publication of personal data for journalistic or artistic purposes might be legitimately secret and immune from subject access in many circumstances, identifying yourself as a Data Controller via notification is still necessary for challenges and accountability.

Without these exemptions, Jones is a Data Controller like any other. He should be obliged to justify why he publishes personal data without consent, explain how he obtains the data fairly when – according to the way he presents it – ordinary people are approached and filmed without any warning or notice. It would also be interesting to know what security measures he has in place for material that has been gathered and, for whatever reason, not published.

The Data Protection angle isn’t irrelevant to the sexism. If Jones wasn’t publishing his sexist escapades, they wouldn’t be happening. He’s invading privacy, even in a public place*, in order to supply his commercial activities with material. If he (or his handlers) were subjected to at least some elements of the Data Protection Act, questions of fairness and consent would be forced more onto the radar, and there would be a place to seek redress, either the Information Commissioner or the Courts. Forced to rely on consent, which is the only possible condition available to Jones, even if he continued to harass innocent people, they would at least be spared the public humiliation set out in Bates’ article.

The problem is that the Information Commissioner sees the internet and runs a mile. I have never seen a reference to the Lindqvist case anywhere on their website or in their guidance, and in general, any controversial or difficult issue involving social media sees them struck dumb. Even their intervention in the appalling Samaritans Radar case was made public only after an FOI request. I have reported Jones to the ICO for non-notification. I’m fairly certain that they won’t do anything, but nevertheless, if they think that Data Protection does not apply to the public harassment of innocent members of the public, they should be obliged to say so.

 

* Yes, people do have a right to privacy in a public place in some circumstances. Do some research into human rights and privacy if you think I’m wrong. Try the Peck, Rowling, or Weller cases for starters.

%d bloggers like this: