Prince Harry Uses GDPR To Obtain Payout From Photographer Who Shot Photos Of His Rental Home
from the something-about-pictures-of-a-house-on-a-beach... dept
The repeated answer to the question, “How does the GDPR work?” is: “Not well.” The privacy law enacted by the European Union is a regulatory omnishambles that was first greeted by non-European websites telling Europeans their business was no longer welcome.
From there, the convoluted law the EU Commission itself can’t even comply with properly has been used to vanish everything from documents on US court dockets to trash cans inside an Ireland post office. When it’s not providing new attack vectors to cybercriminals, it’s being co-opted by the powerful to control what the public gets to see and hear about them.
The latest repurposing of the GDPR into an offensive weapon occurred in the pre-Brexit UK, which may give the royal family a reason for remaining united with the rest of Europe. Britain’s literal ruling class has never shied away from dragging publications and paparazzi into court, but this latest case — involving photos of house being rented by Prince Harry — has a new GDPR twist.
Prince Harry this week notched another victory in the royal family’s long-running battle with paparazzi photographers, securing a “substantial payout” from an agency which used a helicopter to take pictures inside a house he was renting.
Potentially even more interesting than that is the way in which he won his battle — basing a legal case partly on a sweeping new European data law that is less than a year old.
According to a statement delivered to London’s High Court on Thursday, in which the paparazzi agency Splash News apologized to Harry, also known as the Duke of Sussex (emphasis ours):
“This matter concerns a claim for misuse of private information, breaches of The Duke’s right to privacy under Article 8 ECHR and breaches of the General Data Protection Regulation (“GDPR”) and Data Protection Act 2018 (“DPA”).”
This settlement has the potential to deter journalists from taking pictures of anyone or anything. While this case involved photos of the inside of Prince Harry’s rental property, it wouldn’t take much to stretch the definition of unlawful data-handling to cover any photos taken without the subject’s permission.
Although the details of the settlement still remain mostly under wraps, there’s speculation that the privacy violation wasn’t just the photos of the interior of the house — an interior only visible by air. (The photos were taken by a paparazzo in a helicopter.) It may also have something to with information not revealed publicly by Prince Harry: namely, the address of the photographed residence.
Given that the law allows subjects to revoke consent at any time following publication, this makes reporting on the lives of public figures that much more risky. It appears the GDPR can be abused much more easily than the UK’s routinely-abused defamation laws. The GDPR has an exemption for journalists, but it’s not clear-cut and requires a case-by-case examination by an EU comptroller who will make the final determination on the issue of public interest.
There’s no presumed exemption to the law that protects reporting. The EU Commission comptroller decides whether or not the published info was in the public interest when it’s challenged, which puts even less-sensational efforts on shaky ground. Given its retroactive reach, the GDPR can act as yet another “right to be forgotten,” allowing subjects of reporting to revoke consent (implied or otherwise) months or years after publication to force removal of content from the web. This case may deal with the unsavory actions of paparazzi but the side effects will be felt by journalism as a whole. Any public figure who wants to keep their private dealings out of the news — for whatever reason — will have the GDPR available to do their dirty work.