Rands and Sense: How private are your app and online activities?
Thanks to Facebook, you can post videos, brag about your children, announce your new job or even moan about your former boss to people all over the world, instantly.
Many people have public profiles, which means they do not change their security settings to limit who can see what they post, but do they know who’s watching?
The Guardian newspaper recently reported that William Owen wasn’t worried about who was looking at his profile. Owen had come seventh out of 2000 in a 10km race.
Before that, he had signed up for a half marathon and posted a photograph of himself on top of Mount Snowdon. Who wouldn’t plaster that all over Facebook?
His insurer certainly “liked” his photos, because the 29-year-old had, a few months earlier, claimed to have suffered neck and back pain caused by whiplash after a car reversed into his vehicle at a garage. His insurer understandably didn’t think it should have to pay his claim.
Insurance companies might use information found on a public Facebook profile. Yes, there is a right to privacy in section 14 of the Constitution, and it includes the right not to have your communication infringed, but that right is not absolute. It is framed by subjective and objective expectations of privacy. When you click “I accept” on the standard terms and conditions on any social media platform, you erode your own subjective expectation of privacy.
Facebook, for example, expressly states in its Terms of Service that it “provide(s) a personalised experience for you”. How? By analysing “the connections you make, the choices and settings you select, and what you share and do on and off (its) products”.
Your objective expectation of privacy requires the rest of society to recognise your expectation of privacy as being reasonable. So, if you are Instagramming your dinners, tweeting your workout routine or vlogging about your online dating, society will assume that you aren’t a very private person.
Facebook aside, to what other apps do you give personal information? Did you check their terms of service? The Wall Street Journal (WSJ) reported that several popular health apps share personal and health data with Facebook. Extreme Tech recounted a finding by the WSJ that 11 of the 70 iOS apps it tested shared personal or health data with Facebook’s servers via Facebook Analytics. These included apps that record heart rate data or even when a user was having her period.
Returning to insurance companies - are they allowed to use unlawfully obtained information? For example, information obtained by hacking? Surprisingly, the position is unclear.
In Harvey v Niland and Others, Harvey relied on Niland’s private Facebook posts to prove that Niland was secretly competing and violating his fiduciary duties to their joint business. Was the Facebook evidence admissible?
Niland said it infringed his right to privacy and was obtained through the commission of an offence under section 86(1) of the Electronic Communications and Transactions Act. Judge Plasket held that the Act didn’t prohibit evidence obtained in contravention of section 86(1) but reasoned that the admission of the evidence would depend on:
* The nature and extent of the violation of Niland’s right to privacy; and
* Whether Harvey could have obtained the evidence in another, lawful way.
Judge Plasket found that hacking Niland’s Facebook communications would have produced information that was relevant to the issue before him and information that was irrelevant and entirely private.
The relevant portion accessed established that Niland had been conducting himself in a duplicitous manner, contrary to the fiduciary duties he owed to the business - not to mention the fact that he had denied the allegations and undertaken not to do as he had done.
Judge Plasket said “his claim to privacy rings rather hollow”.
The judge found the evidence was essential to Harvey’s case and could not in practice have been procured in another, lawful way. “All he had was a suspicion but, without (the hacked posts), he had no evidence of Niland’s wrongdoing.” The application to strike out the hacked posts was dismissed with costs.
Arguably, an insurer can also rely on unlawfully obtained evidence to defeat a fraudulent claim. A fraudulent claimant is obviously acting dishonestly, and what if that is the only way the insurer can prove it?
Bhekisisa reports that fraud, waste and abuse is costing the private healthcare system more than R22 billion. Last year, it was reported by IOL that by rooting out fraudulent claims, Discovery Health saved R568 million for its client schemes in 2017, up from R405m in 2016.
Should the rest of us have to pay higher premiums because Jane Soap faked a knee injury and then used her payout to go skiing? Surely not.
It is an intriguing debate, but in the meantime, you might want to re-evaluate your online and in-app activity and decide what sort of privacy you expect to enjoy.
Timothy Smit is director and Megan Badenhorst is senior associate in the Dispute Resolution practice at Cliffe Dekker Hofmeyr.