A public high school recently avoided liability for invasion of privacy in a student’s case in a Georgia federal court. The student’s privacy claims, which involved pictures she posted on Facebook, failed because she had no reasonable expectation of privacy.
The case arose when Curtis Cearley, the Fayette County Georgia Public School District IT Director, gave a power point presentation at a “Community Awareness Seminar” sponsored by the District. As part of the presentation, Cearley included a slide showing a photo of Chelsea Chaney clad in a bikini. At the time, Chaney was a 17 year old who attended a high school in the Fayette School District. The slide was headlined “Once It’s There – It’s There To Stay” (this beat out the original headline – “Curtis Cearley is Creepy”).
Chaney brought a civil rights lawsuit, alleging the District and Cearley violated her constitutional right to privacy. A public school and its employees are subject to suit under 42 USC 1983, for depriving a person their constitutional rights. Chaney contended her rights guaranteed under the 4th and 14th Amendments were violated by the power point/peep show.
But unfortunately for Chaney, a person’s rights are violated only if there is a “reasonable expectation of privacy.” Chaney chose to post the photo on Facebook and elected the broadest privacy setting available. The photo was accessible by her friends, and by her friends’ friends. Chaney argued that the photo was accessible “only to those people she had specifically approved.” And Creepy Cearley wasn’t one of them.
But the court noted that Chaney’s argument was based on a flawed premise. By allowing “friends of friends” to view the photo, she made it available to all kinds of people who she had not specifically approved. And that doomed any expectation of privacy.
Cearley’s decision to use a photo of a District student in a discussion of Internet accessibility was dumb. But Chaney’s belief that she had privacy rights in a Facebook photo was dumber. .
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)
- How-to guide How-to guide: How to determine and apply relevant US privacy laws to your organization (USA)
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK)