Given the questions that arose online this week about consent in relation to LARP photos, and given that I’m home sick today, I thought I’d raise this topic here.
Our LARP community is breaching people’s privacy. It’s unintentional. But it’s still happening.
I have had a bit to do with the Office of the Privacy Commissioner through my work and I phoned them to clarify a few things just recently. Basically, even hobby groups and community organizations are treated as agencies under the NZ Privacy Act and need to respect people’s privacy and personal information.
How are we breaching people’s privacy?
With words
Whether we’re talking about a national group like NZ LARPs or localized city LARP groups, when we go online and post up lists of who has and hasn’t paid we’re breaching people’s privacy. When we post up lists about who has and hasn’t registered, who’s in which game, and who’s pulled out then we’re breaching people’s privacy. And when we go online and say “I’m not the person to speak to, try this person and give their contact details, we’re breaching privacy.
With pictures
If we take a photo of someone who’s had their photo taken at a LARP, even if they agreed to have their photo taken for that LARP, if we use that photo for any other purpose (like Armageddon advertising or general LARP posters that go up in a public space), we can be breaching the subject’s privacy.
I realize that a very high percentage of people who see their names posted online in a list (be it unpaid or otherwise) will be thankful for the friendly reminder and pay where they need to pay or sign up for what they need to sign up for. But some won’t be thankful. Some may believe that there’s a reputational risk to their name often showing up online on the ‘unpaid’ list or the ‘pulled out’ list or in anything else that may have negative connotations. Some might be especially mindful of their online presence or fear cyber stalking from external parties etc.
How to avoid breaching people’s privacy
I’m told by the Privacy Commissioner that the best way to avoid a breach is to inform people upfront. Posting people’s information online is not so much a matter of consent as it is about being informed, being transparent, and being upfront about how the information collected is going to be used. That’s section 3 of the Privacy Act.
If I’m starting a new game now that I know this
If I was going to start a new LARP tomorrow that no one was signed up for yet then all I’d need to do is be upfront to all the new group members. That means letting people know what information is going to be collected about them, why, and where it’s going to go (and I don’t just mean in a verbal conversation that one or both of us may forget). If my new LARP is called 123 Fake Street, then I’d put on my website( in a really visible place) that anyone who wants to sign up needs to know that the way my game will be dealing with registrations and payments will be to publicly post lists on facebook and diatribe of who has and hasn’t paid and who’s playing in which character group etc. I can even put on my registration form that I’m collecting personal info (like the player’s email address) for the purposes of being able to both communicate with them and also post up a list of players and their email addresses so that people in the same faction can get in touch etc.
Anyone who doesn’t agree to that way of working doesn’t have to. According to the office of the Privacy Commissioner they can choose not to join. But that’s a little exclusive for my likings and for LARP in general I suspect. So instead, I as the organizer can choose to take things on a case-by-case basis.
If I make everyone informed from the outset that I’ll be publicly posting up lists, and someone doesn’t want to have their name posted up, then they can let me know. If they’re not trolling or troublemaking for the sake of it, then I’m sure I’d want to include them in my game and still protect their privacy and agree not to post their name online.
As far as photos are concerned I’d want to make it clear upfront before photos are taken that these will be appearing online and in any other publicity material as necessary. Again, if people don’t agree to having their pictures taken… according to the privacy commissioner, they can either not participate or not have their pics taken.
If I were running 123 Fake Street I’d probably add a few more options there because, 1. I love my friends and 2. as a photo editor and designer, I know some people can love photos and be really photogenic…but that doens’t mean that the one photo of them between blinks with a terrible facial at 2am when they’re lying beside spilt ale is something they’d like to go up in the public domain where family or future employers have access to it. Or maybe I just don’t like that one photo of me angled to show four of my chins instead of three. I know I wouldn’t want that pic to be seen by anyone so I know how people feel and why they may want the right to veto images that they’re in going online or being used for advertising. I’d like to give pple that choice on a pic by pic basis. And don’t think I don’t know how much extra cat-herding that is. But if I don’t want my 4 chins going online then I’d want others to have that choice as well.
According to the Privacy Commisioner, I don’t have to give people that choice if I’ve been upfront about how the pics would be used. But if there’s a fee involved, or the subject or photographer in question is really concerned about the image then I should be respecting that and trying to problem-solve on a case by case basis rather than falling back on my disclaimer that says you agreed to have photos taken that weekend and this is one of them.
If I’m already running a game
So what if Im’ already running 122 Fake Street the LARP and I never posted upfront what channels I was going to use and what methods I’d employ to communicate with people and people are already signed up for my game? It’s too late for me to be open and transparent from the outset. But it’s not too late to look out for people’s privacy.
Photos
If I want to use people’s photos that have already been taken I’d need to ask for their permission, and for the photographer’s permission, and I’d need to say what the photos will be used for when I get that permission. If either the photographer or the subject don’t want their photos used then I could try and argue to the Privacy Commissioner that there’s insufficient “harm” done to the individual by pushing on with my plans. Though it can be a bit of a grey area at times, the best practice is generally that if you haven’t let pple know in advance, and they say no when you let them know, the answer should be no. Take another pic or use something else.
Names and personal info
If I haven’t been clear and upfront to my players/crew/organizers that I’ll be posting reminder lists of names online for anyone who hasn’t paid, then I shouldn’t be doing that. I can send individual messages to the people I’m trying to chase. And if anyone says they can’t remember if they’ve paid or not I can look them up and let them know individually. If people feel they are being named and shamed then there’s no way I should be putting up unpaid lists or unregistered lists or anything else if people haven’t already agreed to it. Of course, that doesn’t stop me being clear and upfront about the future sessions of my game that’s already running and putting in those registration forms and on the website that I’ll be needing this info for this purpose.
Clear as cake?