Ashley Madison’s now infamous Carpe Diem slogan “Life is short. Have an Affair.” has rather backfired on the website’s 37 million users. The online dating website, aimed at married people who want to have an affair, hasn’t been out of the news this week after the private data of its users was hacked and dumped online. The data includes photos, credit card details and individuals’ sexual preferences.
The fall out for Ashley Madison and their users is catastrophic. There are reports of suicides and a spike in divorce proceedings brought by outraged spouses. Ashley Madison faces allegations that it didn’t do enough to protect the privacy of its users. The company is now the subject of five lawsuits in Canada, seeking up to half a billion dollars in compensation and costs for proceedings in contract, negligence and privacy.
In the UK there are an estimated 1.2m Ashley Madison users, but are they likely to follow the example set by users in Canada? Two factors come into play.
Firstly, in Canada they have an opt-out system in relation to group litigation. This is where members of a defined group are bound into an action unless they opt out. This system favours claimants and allows lawyers to get group litigation up and running more quickly. By contrast, in the UK we operate an opt-in system, which requires a claimant to choose to join an action. This requires building a group and takes more time.
Secondly, there is also a question as to whether clients in the UK would want to take proceedings at all given the sensitive facts which come into play. It has been suggested that there may be clients who would steer clear of litigation for fear of further erosion to their private life and potentially placing themselves in the glare of media scrutiny. Additionally, judging by reactions in the US and Canada, cheating spouses do not make for sympathetic claimants.
But isn’t there something more important that comes into play in this situation? Like it or not, as a nation we embrace the concept of privacy and have developed a legal system to protect it. Whether we approve or not of the actions of the Ashley Madison clientele, they have become victims of the hacking of their private information and it would set an untenable precedent for this not to be actioned. Do we subscribe to concepts of privacy or simply to ones that suit our moral compass?
So what causes of action are open to a UK user of Ashley Madison?
a) There are reportedly individuals who have erroneously been outed as a user through the harvesting of old, dormant email addresses. For those individuals who are happily married or in long term relationships, there is the potential to pursue defamation proceedings, on the basis that their reputation would be harmed by the allegation of adultery.
b) Claims under the Data Protection Act for the unlawful processing of personal data could be considered. This is because clearly the security measures in place to protect client’s data were inadequate. Reportedly, analysis of the leaked material alleges that there were multiple technical issues inherent in the Ashley Madison system, which could lead to a data breach. This raises questions as to the extent of the obligations on a company to make their systems ‘hack proof’. The danger for many companies would be the cost of security in an ever changing IT context, where inevitably hackers are finding new, innovative and previously untapped ways of accessing systems. However, given the nature of what Ashley Madison was offering their customers, security should have been a priority issue.
c) Then there is the legal issue of confidentiality. Anonymity was a corner stone of the services offered by Ashley Madison and they spectacularly failed to deliver this contractual promise.
d) Similarly, the company could face legal claims for misuse of private information, which could come into play provided each client could show that they had a reasonable expectation of privacy in the circumstances specific to them. For example in the US, TV personality and political activist, Josh Duggar, is famous for espousing faith and family values and was outed as an Ashley Madison client. Under UK law, the public interest in exposing the hypocrisy of someone in Mr Dugger’s position could potentially outweigh his right to privacy. Every case for misuse of private information must therefore be assessed individually and only where a potential claimant can demonstrate that they had a viable and legitimate expectation of privacy can they seek the protection of the court.
Life is indeed short and so, it seems, is Ashley Madison’s shelf life.
See our previous blog on hacking and personal data online here.
Slater and Gordon Lawyers UK have an expert team of Data Protection Solicitors who can provide immediate legal representation for individuals or businesses. Call us on freephone 0800 916 9081 or contact us online and we will call you.