17 April 2023

Are Memes Mean? The rights and data protection implications of memes and viral videos

By Jess Pembroke, Head of Data Protection, Naomi Korn Associates

“Going viral” is a term used to describe something becoming extremely popular often resulting in images or clips being shared millions of times online. However, what the internet (and its users) often forgets is that behind an image or video clip is an individual, a human being, who is far more complex that anyone can portray in a few seconds or single image. 

In many cases of memes, individuals are being paid as models for photographers who then licence their picture, often on stock platforms. The General Data Protection Regulation, known as GDPR, requires that individuals give informed and explicit consent to the use of their images, and in this case the photographer would be responsible for obtaining the consent, but once an image is released as a stock photo any control over that image by both the data subject and the photographer is limited.

The GDPR describes consent as:

“For consent to be informed and specific, the data subject must at least be notified about the controller’s identity, what kind of data will be processed, how it will be used and the purpose of the processing operations as a safeguard against ‘function creep’. The data subject must also be informed about his or her right to withdraw consent anytime. The withdrawal must be as easy as giving consent.”[1]

However, it’s unlikely a consent form would state, “once your image is uploaded to a Stock images platform it may be used by any individual who has purchased a licence and you may become an internet sensation leading to significant disruption to your daily life”. It could also be argued that since the photographer would have no way to predict the popularity of a particular image the consent was valid only at the time it was collected. 

In the case of “The ‘distracted boyfriend’ meme” which was used by shows including BBC’s Bake-Off’s social media, the photographer said: 

“[individuals are] not allowed to use any image without purchasing the proper licence in any possible way, so each one of the people that use the images without the licence are doing it illegally. What really worries us, and we are not going to allow it, taking the appropriate legal measures, is the use of the images in a pejorative, offensive or any way that can harm the models or me”[2]

It’s hard to imagine how anyone could effectively bring legal action on rights infringement against the millions of individual internet users who may be using the image without the licence; although high profile accounts may be targeted. 

In some cases, individuals say that they have been completely unaware of their image/video being used. In two such cases in Australia, #kindness videos claimed to show a random act of kindness and two individuals ignoring someone in need. However, the data subjects claim that the situation portrayed is very different than from their perspective, no consent was obtained and the outcome (of the video being shared by millions) has led to significant distress to them and even their wider family.[3] When taking videos or images in a public place, data controllers (subject to GDPR) can either rely on consent or legitimate interests, but the cases above it would be necessary to get informed explicit consent which may be very difficult to do given the nature of the video sharing. It would be possible for UK/EU data subjects who suffer damage or distress to take a data controller to court.

I hope that, as the world forges into an online age where even more advanced image and video capture technology are used, data subjects and those processing personal data become more aware of the potential risks of sharing images online, and the world gets better at protecting individuals who suffer determent due to the misuse of their personal data. 

Jess Pembroke will be speaking at the IRMS Conference, taking place 14-16 May in Manchester. Her session will explore how Data Protection plays a key role in protecting the development, mental health and privacy of children.

Jess is running a training event on Introduction to Information Rights Law for Archives, Libraries and Museums, June 2023 – click here to book your place.

Naomi Korn Associates offer a range of data protection services to help organisations with their data protection responsibilities so that it is managed legally, safely and strategically. We also provide downloadable resources, operational tools and templates, jargon-free advice, practical training and mentoring to ensure organisations comply with data protection on a day-to-day basis. For more information contact info@naomikorn.com.

Naomi Korn Associates celebrates 20 years in 2023. For business updates, sign up to our newsletter and follow us on Twitter @NKorn and LinkedIn: Naomi Korn Associates.

Previous thought pieces:

Trying to Keep Up:  Art, Museums, A.I., and NFTs 

When the Public Domain Isn’t

Mondrian and the Metaverse

Letting the bird out the cage: How does copyright and licensing work on Mastodon?

Appropriate Reappropriation: Athens and Benin

“Nothin’ can stop me”:Copyright licences, M People, and the Conservative Party Conference

[1] General Data Protection Regulations 

[2] I didn’t know what a meme was, says Distracted Boyfriend photographer | Social media | The Guardian

[3] ‘They filmed me without my consent’: the ugly side of #kindness videos | TikTok | The Guardian

Recent News

Back to News