Several years ago, the United States Supreme Court gained some attention by using guidance from other country’s case and legislative laws to factor into their reasoning. As you might guess, the references are limited and are to nations who share the same values as we do.
While I often search out cybersecurity policy from Great Britain and Australia as well as research done on that topic, I had not put much thought in lawsuits brought by plaintiffs in other countries against technology-based companies, especially the giants who rule the internet. As I was doing research preparing for a lecture on the rise of social media cyber-attacks (and the various methods therein) I ran across a case filed in 2020 in Canada where a citizen of that country sued Facebook/Meta Platforms for not taking down a false account using his identity. In August of this year, the plaintiff scored a win when the trial court ruled there was enough of a prima facie negligence case that he may proceed on the merits.
One Facebook User Takes on the Giant
Timothy Durkin (a Vancouver Island Resident), did not have a Facebook account; however, someone used his identity without his permission or knowledge in March of 2020 to create a false account. Durkin alleges that for the next three months, between his friends notifying Facebook of the fake account and he himself sending correspondence to Facebook about the fraud as well, multiple attempts to get Facebook to remove the account went unanswered. Hence, Durkin filed the lawsuit, asking for $50 million in damages, removal of the page and disclosure of the identity of the account maker. (Side note: Durkin is fighting pro se against Facebook and its gazillion lawyers.).
Essentially, Facebook argued under Canadian laws that Durkin’s case had no chance of succeeding, was frivolous, and abused legal process. It also noted in its Motion to Dismiss that Durkin is notorious for filing cases pro se in which the rules of the court are ignored or not complied with.
The trial judge conceded the complaint filed by Durkin had improper legal terminology, but somewhere in the rubble (my words, not his) were enough allegations of negligence to pick out that the case could move forward. The judge also cautioned, however, that much amending of the complaint needed to be done in order for it to meet legal standards if it were to go to trial, as well as substantiating a loss of privacy and the amount of damages. Apparently, shortly after the lawsuit was filed, Facebook took down the fake account.
One Case Could Change the Future
There have been multiple attempts at similar lawsuits in the United States, which have almost always failed due of the immunity given to internet service providers under Section 230 of the Communications Decency Act using the logic that “we didn’t create the account, thus we are not responsible for it and the fraudster violated our terms of agreement, which we already use to protect our customers.” In other words, the user agreement that everyone has to acquiesce to is a safety net for the Section 230 immunity big tech companies already receive. The Durkson case may be anecdotal and fizzle out, but it is still interesting to watch, given the fact that due to digital trade agreements, Canada has agreed to use the basic principles of Section 230 and the subject is truly one of global importance.
