Cyberbullying and privacy on LinkedIn: navigating data protection and justice

The illusion of anonymity on social networks, especially when it comes to offensive content, was dispelled by a summary order from the Paris Judicial Court on August 11, 2023.

In this case, Ms. X became the target of online abuse, receiving recurring degrading messages, indicative of cyber-harassment as defined under article 222-3-2-2 of the French Penal Code. Seeking justice, Ms. X aimed to identify the message authors for potential legal action, necessitating access to their identifying data from LinkedIn, mandated to retain such information under article R. 10-13 of the French Post and Electronic Communications Code.

After an initial rejection from the Paris Court of First Instance, an interlocutory action was brought to obtain the identities of the accounts involved. LinkedIn, prioritizing user data protection, challenged the request with various legal arguments:

  • Jurisdiction of the Paris Court of Justice: LinkedIn disputed the Court's competency, given the online nature of the messages. However, the messages clearly targeted the French audience, published on the French version of LinkedIn and accessible throughout France. Therefore, the Paris Judicial Court was deemed competent per article 46 of the Code of Civil Procedure.
  • Evidence of Offending Remarks: LinkedIn questioned the evidence's validity, despite a bailiff's report confirming the messages' authenticity.
  • Utility of the Data: LinkedIn argued that the data would be useless for subsequent legal actions, predicting failure and contradicting article 145 of the Code of Civil Procedure. Yet, the judge recognized the messages as 'malicious', supported by evidence of their impact on Ms. X's health.
  • Host Status: LinkedIn denied being legally obliged to retain user identification data, challenging its status as a host. However, the legal definition of 'host' applies to platforms like LinkedIn.

LinkedIn's key argument involved differentiating 'electronic communication' from 'private correspondence', with jurisprudence and the Court's interpretation seeming to support data access for judicial purposes, especially in proven cyberstalking cases.

Despite LinkedIn's defense, the Court mandated the information's release. This outcome underscores LinkedIn's assertive strategy in user data protection. Despite obvious violations of its community policy and guidelines emphasizing respect among members, LinkedIn remains cautious in granting data access. Confronted with Ms. X's demand, the platform vigorously deployed its legal arsenal in response, yet this stance raises questions about its effectiveness and balance

This stance by LinkedIn, arguably overprotective of user data confidentiality, seems to extend beyond its role as a mere hosting company. This approach could inadvertently encourage inappropriate behavior by some users.

This case underscores the need for social networks to develop balanced procedures for handling legitimate requests while safeguarding user privacy. LinkedIn's legal defense, skewed against the victim, highlights the challenge of balancing individual rights and responsibility for online misconduct.

Our IT Contracts, Data, and Compliance Department supports platforms and social networks with contract and legal analysis. For inquiries, feel free to contact us.