Grandmother’s online photographs of grandchildren not “purely personal”

22 May 2020

A Dutch Court has issued a preliminary ruling this month that a grandmother is in breach of the GDPR by refusing to delete photographs of her grandchildren from Facebook and Pinterest. She will also receive a daily fine if she does not remove them, or if she posts new pictures.

While this decision does not necessarily mean Courts in other countries will make the same determination, it raises a number of interesting questions, which could affect virtually every social media user.

The Dutch Court’s decision essentially rested on whether the grandmother could rely on her actions falling within “purely personal” or “household” use, such that the GDPR would not apply to her (Article 2(c) GDPR). Most people would assume that they were not exposing themselves to legal complaints by posting family pictures on social media.

On average, around 350 million photographs are added to Facebook each day. A significant number of these will be family members posting images which include minor children in them. If the parents of any children were unhappy with their family posting such pictures, that would ordinarily be resolved with nothing more than a polite conversation. However, in this case, the family relationship had broken down and the grandmother did not remove the photographs, even after being requested to do so by the police. The mother then asked the Court to intervene, arguing that the grandmother’s publication of the photographs breached the grandchildren’s privacy and data protection rights.

At the Court hearing, the grandmother’s defence was that she took the grandchildren’s privacy seriously and had, by then, deleted all but one photograph on Facebook, of the grandchild who had lived with her for a number of years and who she felt she had a special relationship with. The mother argued there was also a photograph of her and her children on the grandmother’s Pinterest page, although the grandmother said she had not used Pinterest for years.

The Court did not consider who owned copyright in the photographs, so was only concerned with privacy and data protection arguments. Its decision was an interim one, not following a full trial, but the Court found that:

  • Although it cannot be ruled out that posting a photo on a personal Facebook page falls under a purely personal or household activity, it was not sufficiently established how the grandmother’s accounts were set up or protected.
  • It is unclear whether the photos can be found via search engines.
  • It cannot be ruled out that photographs put on Facebook can be distributed, or may come into the hands of, third parties.
  • It is therefore not apparent that the grandmother is carrying out a purely personal or household activity, and so the GDPR applies.

As the grandmother did not have the parents’ consent, the Court found that she was processing the grandchildren’s personal data in breach of her obligations under the GDPR and ordered her to remove the photographs and not post new ones. Failure to do so would lead to a daily fine, up to a maximum of €2,000.

Interestingly, the Court ruled that the “emotional importance” to the grandmother in posting pictures of her grandchildren on social media “cannot lead to a different judgment”.

While this case was a preliminary ruling and somewhat fact-specific, it does raise some interesting questions and issues which data protection regulators and European Courts may have to grapple with in the future. For example, what privacy settings are necessary in order for any social media user to successfully argue that their use of the site is “purely personal”? Would the Court make the same ruling if it was a child requesting that their own parents remove photographs from social media?

The majority of grandparents and parents will probably be surprised by the Dutch Court’s ruling, even if they are unlikely to feel particularly concerned about its impact on them. With children’s use of technology and sharing of their personal data (by them and others) increasing, and data protection regulators and Courts keeping a keen eye on the protection of children’s data especially when it comes to social media platforms, it is a timely reminder to think about whether people in photographs on your social media posts would be likely to object to that photograph being posted, and how visible your photographs and other posts are to the public.

Receive our monthly newsletter

About the Author

Ben Hobbs

Partner

Ben specialises in reputation protection. His work covers defamation, privacy, harassment and intellectual property rights.

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.


ATTORNEY ADVERTISING