By Timothy Smit, Director and Megan Badenhorst, Senior Associate in the Dispute Resolution practice at Cliffe Dekker Hofmeyr
Facebook, according to Statista, had 2.32 billion monthly active users by the fourth quarter of 2018. Thanks to Facebook, you can post videos, brag about your children, announce your new job or even moan about your former boss to people all over the world, instantly. Many people even have public profiles – meaning that they do not change their security settings to limit who can see what they post on Facebook – but do they know who’s watching?
The Guardian newspaper recently reported that William Owen wasn’t worried about who was looking at his profile. Mr Owen had come 7th out of 2,000 in a 10km race. Before that, he had signed up for a half marathon and posted a photograph of himself on top of Mount Snowdon. Who wouldn’t plaster that all over Facebook? His insurer certainly “liked” his photos because the 29-year-old had, a few months earlier, claimed to have suffered neck and back pain caused by whiplash after a car reversed into his vehicle at a garage. His insurer understandably didn’t think that they should have to pay his claim.
Insurance companies may use information found on a public Facebook profile. Yes, there is a right to privacy in s14 of the Constitution and it includes the right not to have your communication infringed but that right is not absolute. It is framed by subjective and objective expectations of privacy. When you click “I accept” on the standard terms and conditions on any social media platform you erode your own subjective expectation of privacy.
Facebook, for example, expressly states in their Terms of Service that they “Provide a personalised experience for you”. How? By analysing “the connections you make, the choices and settings you select, and what you share and do on and off our Products”. Your objective expectation of privacy requires the rest of society to recognise your expectation of privacy as being reasonable. So, if you are Instagramming your dinners, tweeting your workout routine or vlogging about your online dating – society will assume that you aren’t a very private person.
Facebook, apps – you post, insurers see…
Facebook aside, to what other apps do you give personal information? Did you check their Terms of Service? The Wall Street Journal reported that several popular health apps share personal and health data with Facebook. Extreme Tech recounted a finding by WSJ that 11 of the 70 iOS apps it tested shared personal or health data with Facebook’s servers via Facebook’s Analytics. These included apps that record heart rate data or even when a user was having her period.
Going back to insurance companies – are they allowed to use unlawfully obtained information? For example, information obtained by hacking? Surprisingly, the position is not completely clear.
In Harvey v Niland and Others, Harvey relied on Niland’s private Facebook posts to prove that Niland was secretly competing and violating his fiduciary duties to their joint business. Was the Facebook evidence admissible? Niland said it infringed his right to privacy and was obtained through the commission of an offence under s86(1) of the Electronic Communications and Transactions Act, No 25 of 2002 (Act). Judge Plasket held that the Act didn’t prohibit evidence obtained in contravention of s86(1) but reasoned that the admission of the evidence would depend
- on the nature and extent of the violation of Niland’s right to privacy; and
- whether Harvey could have obtained the evidence in another, lawful way.
Judge Plasket found that hacking Niland’s Facebook communications would have produced both information that was relevant to the issue before him and information that was irrelevant and entirely private. The relevant portion accessed established that Niland had been conducting himself in a duplicitous manner, contrary to the fiduciary duties he owed to the business – not to mention the fact that he had denied the allegations and undertaken not to do as he had done. Plasket said “his claim to privacy rings rather hollow.” Finally, the Judge found that the evidence was essential to Harvey’s case and could not in practice have been procured in another, lawful way. “All he had was a suspicion but, without [the hacked posts], he had no evidence of Niland’s wrongdoing.” The application to strike out the hacked posts was dismissed with costs.
Arguably, an insurer can also rely on unlawfully obtained evidence to defeat a fraudulent claim. A fraudulent claimant is obviously acting dishonestly and what if that is the only way the insurer can prove it? Bhekisisa reports that fraud, waste and abuse is costing the private healthcare system more than R22 billion. In 2018, it was reported by IOL that by rooting out fraudulent claims, Discovery Health saved R568 million for its client schemes in 2017, up from R405 million in 2016. Should the rest of us have to pay higher premiums because Jane Soap faked a knee injury and then used her pay-out to go skiing? Surely not.
It is an intriguing debate, but in the meantime, you might want to re-evaluate your online and in app activity and decide what sort of privacy you expect to enjoy.