Cyberbullying: The Blind Spot of the Online Harms White Paper

In 2006, the world was shocked when thirteen-year-old Megan Meier committed suicide after being told, by a fake user on the social networking platform Myspace, that the world would be better off without her. This was neither the first nor the last suicide attributed to cyberbullying, and although suicide remains an infrequent outcome, its salience has called attention to the pervasiveness and gravity of technology-facilitated bullying among adolescents. Whether a new and distinct problem or an old one in a new guise, the technological setting has undoubtedly generated new challenges and, at the same time, new opportunities for legal response. Unfortunately, no jurisdiction has developed a satisfactory legal response thus far.

On April 8, 2019, the UK Department for Digital, Culture, Media & Sport, and the Home Office, published a white paper on online harms, which offers to address cyberbullying, among other web-related risks, by subjecting online platforms to a new regulatory framework, which will ‘set clear standards to help companies ensure safety of users while protecting freedom of expression.’ First and foremost, the government intends to establish a ‘statutory duty of care to make companies [that allow users to share or discover user-generated content or interact with each other online] take more responsibility for the safety of their users and tackle harm caused by content or activity on their services.’ An independent regulator will implement, oversee, and enforce compliance, and the government considers new ‘fees, charges or a levy on companies whose services are in scope’ to fund the regulator’s activity. In a nutshell, the government opts for more regulation and taxation of cyber-businesses. Is this the most efficient strategy?

A recent study, forthcoming in the UC Irvine Law Review, hews a different path. It provides legal and economic analyses of an underexplored regulatory tool: civil liability. The analysis on both levels is based on a trichotomy of potential defendants—primary wrongdoers, real-life supervisors (parents, school personnel), and virtual supervisors (such as social networking platforms). The paper systematically analyses the legal rules delineating each party’s liability, and evaluates the alternatives from an economic perspective. It demonstrates that technological innovation not only generates new risks or exacerbates old ones, but also simplifies the construction of efficient liability models to control them. In the context of juvenile bullying, imposing liability on real-life supervisors may be an inevitable solution to the fundamental inefficiencies of primary wrongdoers’ liability. Alas, supervisors’ liability in the digital age entails considerable information costs. Technology, which has transformed an old schoolyard problem into a cyberspace pandemic, now provides the tools to substantially reduce these costs. It facilitates the collection, analysis, and flow of information, thereby reducing the cost of preventive action. Liability rules can and should endorse these developments in an effort to secure efficient conduct of all parties involved.

The paper first discusses applicable law with a comparative touch. It examines common law causes of action that can be used in lawsuits against primary wrongdoers, including defamation, invasion of privacy, and intentional infliction of emotional distress. It pinpoints possible difficulties in establishing these causes of action and, more generally, in pursuing claims against tech-savvy minors—age-related legal constraints, anonymity, and low expected recovery. Next, the paper discusses real-life supervisors. It examines several theories of parental liability, including negligent entrustment of a dangerous instrument, negligent supervision, and negligent enabling of a tort, and identifies their particular limits along with the general difficulty associated with anonymous misconduct. It then analyses common law and statutory bases of school and school personnel liability, including negligent supervision, and explains that such liability is subject to constitutional and legal constraints on school regulation of student speech and off-campus activity. Finally, the paper shows that under American law, virtual supervisors are immune from liability for wrongful user-contributions. It presents the competing European Union framework and the English model, as well as calls for reform.

Following the legal analysis, the paper evaluates the different regimes from an economic perspective and lays the foundations for a technology-powered model. First, it explains that primary wrongdoers’ liability cannot achieve efficient deterrence because of minors’ inability to compensate victims, limited cognitive, emotional, and social capacity, and frequent use of anonymity. Second, it discusses real-life supervisors, focusing on the gap between their considerable power to affect supervised children’s conduct and the high cost of information necessary for exercising that power. Third, it shows that virtual supervisors’ liability may be inefficient due to the high cost of monitoring, non-internalisation of the economic benefits of Web 2.0 by service providers, and an asymmetry between false negative and false positive determinations of wrongfulness. It also argues that virtual supervisors can easily access relevant information but lack the power to affect juvenile conduct.

Based on these insights, the paper constructs an efficiency-oriented model which integrates technological tools to reduce information costs. First, primary tortfeasors’ liability is economically insufficient, but should not be barred. Second, to incentivise parents to reasonably use advanced surveillance applications, the law should impose liability when failure to employ such tools results in juvenile cyber-wrongdoing, in addition to standard liability for not taking reasonable precautions upon learning about the risk. Third, schools should be liable for cyberbullying through school devices if they failed to (1) enforce reliable user-identification, (2) employ advanced surveillance tools, or (3) take reasonable measures to prevent harm upon notification of possible misconduct. Fourth, a virtual supervisor should be liable if the victim has insufficient information to identify the wrongdoer, the victim gave notice of the complaint, and the virtual supervisor did not properly respond.

Reports on the high prevalence of cyberbullying, together with rare but salient deaths, have led legislators, policymakers, and academics to an understandable pursuit of appropriate solutions. Regrettably, while delegation of power to educational institutions and criminalization of cyber-misconduct are relatively common, at least in public discourse, the potential impact of civil liability has been downplayed. The new study puts it under the spotlight, without contesting the possible need for a more comprehensive framework.


Ronen Perry is Professor of Law at the University of Haifa.


With the support of