Constitutional scholar William Beaney remarked in an article shortly after the U.S. Supreme Court’s landmark privacy decision in Griswold v. Connecticut, “even the most strenuous advocate of a right to privacy must confess that there are serious problems of defining the essence and scope of this right.”1 Indeed, the only certainty in defining privacy is that it is a concept that is highly malleable depending on the experience, interests, and agenda of the person interpreting it and the socio-political context the definition is offered in. For most individuals, however, privacy’s definition does not depend on some philosophical underpinning, but rather is a simple, even intuitive concept. This Nutshell does not provide an exhaustive list of philosophical definitions of privacy; rather, it uses some of the common philosophical positions to illustrate the fluidity and complexity of this concept. By declining to endorse any of the particular definitions, we attempt to provide an objective and comprehensive account of what exactly “privacy” is to certain individuals.
Although not defined explicitly as “privacy,” it is clear that some idea of an individual need for separateness from the public sphere has existed since the mythic era of the earliest human civilizations. In the Sumerian Epic of Gilgamesh, composed over four thousand years ago, the human, but immortal, Utnapishtim lives as a hermit and does not reveal his identity to his visitor, Gilgamesh, until the wandering king has explained the reason for his trip to Utnapishtim’s home. In the Old Testament of the Bible one of the signs that humans have learned the distinction between good and evil is that Adam and Eve make clothing for themselves to conceal their nakedness.
More formally, privacy concerns appear in the Code of Hammurabi, one of the earliest legal texts. Drafted in the Babylonian Empire in approximately 1760 B.C.E., paragraph 21 of the Code made it a crime to break a hole through the wall of another’s house. Privacy concerns are also reflected in the Laws of Manu, codified in India in approximately 200 B.C.E. That text included a provision under which if an individual deposited goods or money with a storehouse in secret, the custodian was obliged to likewise return such goods or money to the owner in secret.
In Greek and Roman societies, philosophers increasingly recognized the significance of the distinction between the private and public realm. At his trial for corrupting the youth of Athens, one of the accusations Socrates defended himself against 9was the claim that if his teachings were not illegitimate then he should have entered the realm of politics and spoken publicly instead of privately instructing students. Socrates rebuked his accusers, stating that to openly declare his teachings would have simply incited the public against him even sooner and “he who will fight for the right, if he would live even for a brief space, must have a private station and not a public one.”2 Meanwhile, the Roman Stoic philosopher Epictetus explained that logic dictated that human thoughts are inherently private—even the threat of imprisonment or death could never force an individual to truly disclose what his or her thoughts were.
Over the ensuing centuries, one can see the slow but steady movement toward the recognition of what most Twenty-First Century Americans would call “privacy.” In 1361, the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers. At his trial in 1535 for allegedly denying the legitimacy of Henry VIII’s status as head of the Church of England, Thomas More rejected the suggestion that his silence in the face of the charges against him could be sufficient evidence to support a conviction. Echoing Epictetus’s observations from more than a thousand years earlier, More stated, “[F]or this my taciturnity and silence neither your law nor any law in the world is able justly and rightly to punish me, unless you may 10besides lay to my charge either some word or some fact in deed.”3
As Europe moved into the era of the Enlightenment, the distinction between public and private spheres became ever more important as people sought to limit the increasing powers of government. In the late Seventeenth Century, John Locke, one of the most influential political philosophers in history, emphasized the point repeatedly in his works that the state must necessarily be restrained from invading the property or person of its citizens. As he explained, “Though the earth … be common to all men, yet every man has a ‘property’ in his own ‘person.’ This nobody has any right to but himself.”4 In 1765, British Lord Camden, striking down a warrant to enter a house and seize papers wrote, “We can safely say there is no law in this country to justify the defendants in what they have done; if there was, it would destroy all the comforts of society, for papers are often the dearest property any man can have.”5 In 1776, the Swedish Parliament enacted the Access to Public Records Act, which required that all government-held information be used for legitimate purposes. In 1789, the French Declaration of the Rights of Man and the Citizen declared, “No one should be disturbed on account of 11his opinions, even religious, provided their manifestation does not upset the public order established by law.”6
These are just some examples of the origins of the idea of privacy. Although privacy as a concept existed, it did not receive formal acknowledgment in the American legal community as a protectable “right” until the publication of Samuel D. Warren and Louis D. Brandeis’s “The Right to Privacy.”
As far back as 1834, the U.S. Supreme Court stated that a “defendant asks nothing—wants nothing, but to be let alone until it can be shown that he has violated the rights of another.” Wheaton v. Peters, 33 U.S. 591, 634 (1834). It was here where the American legal system first acknowledged an individual interest in being let alone; however, the context was different from how Warren or Brandeis used it. Equally, the “right to be let alone” first appeared in T.M. Cooley’s A Treatise on the Law of Torts as part of the phrase the “right to enjoy life and be let alone.” Although Cooley coined the term, it did not receive widespread recognition until Warren and Brandeis’s article.
Much debate surrounds the motivation of Warren and Brandeis to write an article devoted to the topic of privacy. Some scholars speculate it was a 12response to the increased sensationalism of the press in general or, perhaps more cynically, in reaction to media attention focused on the lavish social parties the Warren family was known for hosting in the 1880s. Whatever their motivation for writing the article, its impact was, and continues to be, undeniable. The article’s key phrase, “the right to be let alone,” continues to dominate privacy discourse, not just in the U.S. legal system, but abroad as well. Warren and Brandeis stated:
Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life,—the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term ‘property’ has grown to comprise every form of possession—intangible, as well as tangible.7
Almost forty years later, Brandeis echoed this right to be let alone in his dissent in Olmstead v. United States, 277 U.S. 438, 478 (1928) (emphasis added):
The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings, and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their 13thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone—the most comprehensive of rights, and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth.
Though the right to be let alone has become a catch-all definition of privacy today, the specific definition lies in its context. Warren and Brandeis used the term in proposing a new tort: the invasion of privacy. The invasion of privacy was a more profound harm than mere injury to reputation, one that damaged a person’s sense of his or her own independence, distinctiveness, dignity, and honor. The right to be let alone is the freedom from unwanted intrusions into the person. Warren and Brandeis’s right to be let alone is not a concept developed out of a constitutional right, but in tort.
Warren and Brandeis did not demand the recognition of an absolute right to privacy, in part because the word privacy does not appear in the U.S. Constitution. Rather they sought to ground privacy in the common law right to life, a right enunciated in the Declaration of Independence, and formally recognized by the Fifth Amendment to the Constitution. Warren and Brandeis, recognizing this 14potential inconsistency, articulated six limitations on the right to privacy. First, the right to privacy generally permits publication of public material. Matters of general or public interest do not facilitate an unwarranted invasion of individual privacy—the very event Warren and Brandeis sought to protect. Second, “the right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication according to the law of slander and libel.”8 “Circumstances” entail courts of justice, legislative bodies, municipal assemblies, or any public body formed as a voluntary association. Third, there must be special damages suffered by the invasion of privacy through oral publication. Like the elements of many present day laws, an individual must have suffered a specific redressable personal damage. Fourth, the right to privacy terminates upon the publication of the facts by the individual, or with consent of the individual. If an individual chooses to publish any facts detrimental to his or her person or consents thereto, no action will lie in tort. Fifth, according to the authors, truth is not a defense. Sixth, the lack of “malice” in the publisher is not a defense. The intent of the individual publishing materials intruding on someone’s privacy is irrelevant because privacy is to be protected, rather than a particular state of mind punished. These six limitations serve to provide some limits on a concept revolutionary for its time. 15As commentators have pointed out, the right to be let alone, although revolutionary in its impact, was in many ways simply the logical culmination of earlier work and, as some would argue, it suffers a number of significant defects.
Critics suggest the right to be let alone is fundamentally flawed in two respects: it is either too broad or too narrow. “Too broad” means the definition counts as violations of privacy things that intuitively are not; while “too narrow” fails to count as violations of privacy things that intuitively are. Professor Judith Thomson of M.I.T. illustrates the problem of a broad definition with the following example:
If I hit Jones on the head with a brick I have not let him alone. Yet, while hitting Jones on the head with a brick is surely violating some right of Jones’, doing it should surely not turn out to violate his right to privacy. Else, where is this to end? Is every violation of a right a violation of the right to privacy.9
Conversely, Thomson’s example of a too narrow definition is:
The police might say, “We grant that we used a special X-ray device on Smith, we grant we trained an amplifying device on him so as to be able to hear everything he said; but we let him 16strictly alone, we didn’t even go near him—our devices operate at a distance.”10
Although their definition is open to criticism, whether one is a critic or advocate of Warren and Brandeis’s definition, it is undeniable that their article opened the floodgates to privacy as a legitimate legal concern and continues to be at the heart of a variety of different philosophical definitions.
As the idea of privacy has become more important to human societies over the past century or so, philosophers and other scholars have increasingly wrestled with the difficult question of what, exactly, is “privacy”? Below we discuss a few of the major schools of thought on the subject and their disagreements with each other.
Privacy definitions can be analyzed two different ways: interpretively and conceptually. Interpretively viewing privacy concentrates on examining the evolution of privacy jurisprudence in the common law and the courts’ explorations of the concept—particularly Brandeis’s dissent in Olmstead and forward. A purely conceptual analysis focuses on the search for a privacy definition whose foundation rests on general philosophical grounds 17and hence, can be used to evaluate and make sense of privacy debates arising not just from a particular legal tradition, but within any political or legal system. In this Nutshell, privacy is approached with both interpretive and conceptual analysis in an effort to provide an explanation of the numerous definitions currently pervading privacy discourse.
Conceptual analysis of privacy leads to a variety of different philosophical definitions. Several scholars define privacy broadly as limited access to the self or “anti-reductionism.” anti-reductionists assert that a diverse set of invasions of, or interferences with, an individual should be understood under the basic heading of privacy. Even within the anti-reductionist camp, definitions differ as to what interferences include. For most, interferences with personal information, secrecy, repose, reserve, bodily integrity, anonymity, solitude, seclusion, and decisions are treated as separate dimensions of privacy. While at first glance it appears privacy as limited access is identical to the right to be let alone because solitude appears in both definitions, limited access definitions are a more complex formulation of that right. Anti-reductionists acknowledge that privacy extends beyond simply being apart from others. Under this view, individuals are afforded much greater privacy protection because the definitions are extremely expansive.
E.L. Godkin, a contemporary of Warren and Brandeis who was trained as an attorney and later became an influential magazine editor, was the first theorist to advance privacy as a limited access theory by observing that “nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public observation and discussion.”11 Godkin’s definition did not expressly provide for limited access. As a result, later anti-reductionist theorists sought to advance a more concise definition of accessibility. Legal philosopher Anita Allen stated that, “a degree of inaccessibility is an important necessary condition for the apt application of privacy.”12 Perhaps the most compelling limited access definition of privacy is advanced by Professor Ruth Gavison. Gavison believes an individual’s interest in privacy is related to accessibility to others. Accessibility in Gavison’s theory is parsed into three facets: “the extent to which we are known to others, the extent to which others have physical access to us, and the extent to which we are the subject of others’ attention.”13 Privacy in this view is not understood as a psychological state or as a form of control over personal information; rather it is a combination of 19three separate and irreducible elements: secrecy, anonymity, and solitude. A violation of any one of these elements infringes upon accessibility and is a violation of privacy. Many anti-reductionists characterize the primary virtue of their approach to analyzing privacy as being that it is relatively unconstrained by narrow cultural and legal issues and thus promotes a more universal view of privacy.
Some critics accuse limited access definitions of over-emphasizing a form of individual control over access to the self as opposed to a state of existence. As explained by Professor David O’Brien, the weakness of the limited access definition is that, “privacy is not identical with control over access to oneself, because not all privacy is chosen … some privacy is accidental, compulsory, or even involuntary.”14 Limited access definitions also fail to articulate what violations of access implicate privacy. Although limited access theorists or anti-reductionists can catalog a variety of interferences with privacy, their definition provides no guidance as to the degree of access necessary to constitute a violation of these accessibility interferences.
Reductionists believe the more expansive conceptions of privacy are vague, ambiguous, or indeterminate. Motivated by views of what ought to be protected from intrusion through the recognition of rights, reductionists assert that privacy can be reduced to other concepts and rights. An argument in favor of this theory is that it affords greater 20protection of privacy rights within existing legal frameworks than anti-reductionist theory. By viewing privacy as being the sum of a broad collection of already acknowledged rights, a violation of privacy is actually the violation of another right, which is clearly redressable.
Professor Thomson, the most well-known of reductionists, has studied numerous cases which are usually considered to represent violations of the right to privacy, and concluded that all of the cases can be sufficiently and equally explained in terms of violations of liberty, property rights, or rights over the person. As she states, the “right to privacy is everywhere overlapped by other rights.”15 In a sense, a privacy violation is better understood as a violation of a more basic right. Legal decisions that implicate remedies for privacy violations can be analyzed most effectively and consistently by reference to some other corresponding violation of a basic right, not privacy as a standalone right. It would be an error, however, to conclude that Thomson and other reductionists are trying to eliminate the right to privacy. Rather, reductionists conclude from this analysis that the protection of privacy can be better accomplished by ensuring basic rights are not violated. Many reductionists would argue that the advantage to this approach is that by relying on extensions of more concretely 21established rights the validity of a right to privacy is bolstered.
Critics of reductionism suggest that by conceding the non-existence of a true right to privacy and, instead, attempting to derive it from a cluster of other rights, the reductionists are undermining the overall goal of protecting privacy. In this view, deriving a privacy remedy as a result of some other right’s violation obscures the extent of current legal protection for privacy qua privacy. Reductionism is also criticized as giving the erroneous impression that the concern with privacy is a modern, and particularly Western, phenomenon. By treating privacy only as a label for selected aspects of other basic rights, reductionism is seen as threatening to undermine belief in the distinctness and importance of privacy for privacy’s sake, as well as exposing privacy protections to the risk of being eroded by collateral changes in the law governing the underlying rights reductionists are otherwise trying to ground their definition on.
Legal scholars debate whether privacy is best understood as a capacity for control or description of a condition. A number of theorists conceive of privacy as a form of control over personal information. Control definitions associate privacy with an individual’s control over access to some characteristic of the self. Professor Charles Fried of Harvard Law School stated that privacy “is not 22simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves.”16 It is irrelevant whether the information is a general fact or a detailed account; if the person seeks control over the information, it is private information that should be protected. Under this definition of privacy, the emphasis is on guarding as private all information over which individuals want to preserve control.
“Informational privacy,” a term coined by political scientist Dr. Alan Westin, is an example of a control definition of privacy. Informational privacy is the interest an individual has in managing the handling of his or her own personal information. In other words, privacy is not a first principle, but rather is a function of the claim and ability of a party to determine why, when, how, and to what extent information about it is shared with others. From this definition, Westin concludes that personal information would be best thought of as a form of property right.17 Control over information is ownership in the information.
Advocates of conditional privacy definitions are the staunchest critics of control definitions and informational privacy. The scholars argue control definitions are too narrow because they exclude those aspects of privacy that are not informational, e.g., a right to make determinations about reproduction or how one’s children should be raised. 23Proponents of the control definition rebut this point by noting that it can encompass protection of all information over which individuals want to preserve control. The facts of such things as reproductive decisions and child rearing are clearly informational in nature; individuals may seek to retain control over those facts and thereby protect the underlying decisions and activities. As with most legal theories, however, it is vulnerable to attack on the basis of a word’s meaning. Theorists relying on control definitions often fail to define what is meant by “control” over information, and the word can plainly range from extremely narrow to extremely broad. Legal philosopher Tom Gerety has pointed out that the most popular definition used by control theorists “includes all control over all information about oneself, one’s group, one’s institutions. Surely privacy should come, in law as in life, to much less than this.”18 Even if one were to limit the definition of control to the exertion of management power over specific information, the concept is still arguably overbroad because individuals lose control over information in manners not involving anything most people would consider an invasion of privacy. For example, if an individual is observed walking down a public street and then enters a particular building, the information that the individual visited that particular building is now beyond his or her control because it is known to the observer. Other critics argue control is not a necessary condition for the existence of informational privacy because a 24person can lose control over information but still retain privacy.
“Condition” definitions define privacy as a condition or state of affairs in which it is possible to describe changes that may be considered losses of privacy. If the condition changes, that alteration in the state of affairs is seen as a diminution of an individual’s privacy. A loss of privacy in this view is contingent on a change in the conditions of the privacy definition. This approach obviously simplifies the process of finding a privacy violation because one no longer needs to focus on normative arguments. Instead, the question of whether privacy has been lost becomes a pure question of fact. The aim of condition definitions is to explain what a “loss of privacy” consists of, without addressing either the circumstances that led up to that loss or otherwise attaching any particular legal, moral, or political significance to the change in condition.
While some theorists suggest limited access definitions are a subset of control definitions, these definitions are not identical to control definitions because privacy is often accidental or involuntary. Indeed, limited access definitions are better viewed as an example of condition definitions. Limited access definitions define privacy as a condition of limited access to one or more aspects of a person; therefore, the loss of privacy is recognized as a loss of inaccessibility. Two prominent limited access theorists discussed above, Anita Allen and Ruth Gavison, define privacy with a set of conditions—Allen’s relies on accessibility, while Gavison’s 25focuses on solitude, secrecy, and anonymity. A violation of these conditions results in a corresponding privacy loss, but a loss depends on the asserted condition. This inevitably leads to the question: what are the conditions for a privacy loss? Conditions are those dictated by whoever is articulating the definition. As a result, condition definitions ultimately become particularized to each individual. While offering opportunities for flexibility in policy-making, this approach also makes it difficult for two different individuals to determine whether they are actually advocating the same scope for privacy.
A more recent privacy definition that has drawn increasing interest argues that “intimacy” properly defines what information or matters are private. Many of these theorists stress the significance of developing various interpersonal relationships with others. This theory views privacy as consisting of some form of limited access or control, and it locates the value of privacy in the development of personal relationships. Charles Fried, also a control definition theorist, argues that privacy has inherent value because privacy is essential for one’s development as an individual, with a moral and social personality, able to form intimate relationships involving respect, love, friendship, and trust. Privacy as intimacy allows one to define oneself and freely choose which social relationships to develop. Justifications for defining privacy as 26intimacy vary. In the view of Professor Jeffrey Rosen of George Washington University Law School, “when intimate information is removed from its original context and revealed to strangers, we are vulnerable to being misjudged on the basis of our most embarrassing, and therefore most memorable, tastes and preferences.”19 While intimacy is a narrow concept, it is classified as a sociological perspective because intimacy affects how social relationships are developed. Privacy allows us to vary our behavior with different people so that we may maintain and control our various social relationships.
Critics claim intimacy definitions merely serve to privilege embarrassing or otherwise awkward information individuals want to keep away from others. Philosopher Jeffrey Reiman provides an example of this inadequacy. Reiman observes that individuals reveal information to psychoanalysts that they would not reveal to close friends or family members, but the same individuals would not say that they had intimate relationships with their psychoanalysts. As an intimacy theorist himself, Reiman argues that the definition may be nuanced by placing greater emphasis on qualitative aspects of intimacy.20 Yet this attempt to bolster the theory of privacy as intimacy reveals that it can also be too narrow a definition. The theory centers almost 27exclusively on interpersonal relationships and the feelings produced by them; minimizing by omission concerns about the confidentiality of financial information, political activity, and other subjects frequently considered private from a lay perspective. As Professor Julie Cohen noted in further critiquing the intimacy definition of privacy, for many modern individuals economic concerns are paramount in their daily lives, not preserving or deepening their intimate associations.21 The intimacy definition can also be criticized for arguably discarding the notion that an individual may have a privacy interest in his or her internal thoughts or acts taken in solitude because of its emphasis on person-to-person communications.
While most theorists believe privacy is an important democratic right that the state has some duty to protect through regulatory policy, scholars arguing from an economic perspective believe privacy is better protected through individual responses and market-based mechanisms. One of the most well-known advocates of the economic perspective on privacy is Judge Richard Posner of the U.S. Court of Appeals for the Seventh Circuit. For Posner, many approaches to defining privacy lead to economically inefficient results. The emphasis in defining privacy should instead be on identifying those circumstances in which access to 28information diminishes its economic value.22 Where shielding information maximizes economic gain, the information should be protected; conversely, where the dissemination of information maximizes these gains, the information should not be protected from public exposure. While this approach to defining privacy has the virtue of prioritizing objective criteria, thus making it easier to establish what constitutes privacy and the loss thereof, it does have two major weaknesses. First, as Professor Cohen has noted, it is clear that a free market is able to find some means of wringing value from almost any piece of information. While the fact that any given individual prefers a particular brand of toothpaste is nearly valueless in isolation, when this information is aggregated from millions of individuals it can be worth vast sums to businesses interested in marketing toothpaste or complimentary goods. Balancing those relative interests across literally billions of transactions every day in the United States is in practice impossible. Second, as has been explored above, the concept of privacy (however defined) has a strong psychological component, which is not easily susceptible to quantification in market transactions.
Many feminist theorists believe privacy is used as a shield to conceal domination, degradation, and abuse of women and others who are viewed as being 29outside the power structure of modern societies. Professor Catharine MacKinnon of the University of Michigan Law School believes privacy can be dangerous for women because it is used to conceal repression and physical harm of women in the domestic sphere, while discouraging intervention by state actors. She suggests traditional concepts of privacy should be abandoned because they have at root been developed to privilege those with power over those without power.23 The challenge for feminists is drawing the appropriate line between government invasions of privacy and protecting the notion of privacy without letting this protection lead to the abuse of women in the private domestic realm. A critique of the view espoused by Professor MacKinnon and related theorists is that they have fundamentally misapprehended the definitions of privacy other modern theorists have been working on. In most of the other theories discussed here, individuals can only unilaterally privilege information concerning themselves; where two or more individuals are involved ordinarily each of them is considered to be free to separately determine whether information is shielded.
Despite the insight and understanding these philosophical definitions bring to privacy discourse, as with all theories, there is an inherent criticism. 30Most definitions successfully enhance our ability to understand the moral basis for privacy; however, few of these definitions account for the privacy issues that have developed in the wake of information technology advancements or offer specific guidance on questions of public policy. Philosophical definitions are, in the end, shaped as much by these developments as they influence our view of these developments. As a result, modern expectations of privacy may not be satisfied unless a new philosophy of privacy develops which accounts for technological advancements. Professor Helen Nissenbaum, a Senior Fellow at the Information Law Institute, argues philosophical definitions bring with them the implication that privacy is an interest we need to defend in the private sphere alone and that privacy in public information makes no sense at all. Put another way, Professor Nissenbaum explains, “these theories lack mechanisms to deal with conflicts involving privacy in public and have generally not taken up hard questions about surveillance in nonintimate realms.”24 For example, data warehousing companies often explain that their collection of personal information has no troubling implications for personal privacy because the information has been drawn from the public domain, thus no individual’s expectation of privacy was violated. This is exactly the question philosophical theories 31largely fail to confront: when is such surveillance in public acceptable and when is it an invasion of privacy? Answering this question is part of the ultimate challenge of privacy law as it seeks to convert esoteric theories into legal concepts. The other part to that challenge is conforming those legal concepts to the practical realities of day-to-day human existence and real life expectations of privacy. The next section considers the primary way the U.S. legal system has sought to reconcile the elegant philosophies of privacy and the messy facts of the real life—tort law.
A right to privacy or its ensuing definition differs greatly from how the law of privacy is applied in the legal world. Although privacy is an important value, it is not protected without some sort of enforcement mechanism or redressability. In the U.S. legal system, torts, civil wrongs that will support an action for damages, are the broadest means of protecting against breaches of privacy.25 Most people acknowledge Warren and Brandeis’s article 32as first articulating a privacy tort. The identification and elaboration of four major privacy torts followed, and is best understood by examining William Prosser’s categories individually: appropriation, false light, intrusion, and disclosure.
Appropriation, the longest recognized privacy tort, is the act of appropriating an individual’s name or likeness for the appropriator’s advantage. Violations of this right often involve a defendant’s use of a person’s name on a product label or in advertising a product or service without consent. The rationale of this tort is to prevent unjust enrichment by the theft of “goodwill” associated with a particular individual’s identity and to prevent the psychological discomfort that can result from unexpectedly becoming an object of public attention. The first signs of appropriation are found in the cases Roberson v. Rochester Folding Box Co., 64 N.E. 442 (1902), and Pavesich v. New England Life Ins. Co., 50 S.E. 68 (1905).
In Roberson, a picture of a young woman was printed on a flier advertising a baking flour company, which used the picture without permission or compensation. The woman’s family claimed the unwanted attention caused her severe embarrassment and humiliation. The New York Court of Appeals surveyed a number of earlier cases which dealt with possible appropriations of people’s likenesses and concluded:
An examination of the authorities leads us to the conclusion that the so-called “right to privacy” has not as yet found an abiding place in our jurisprudence, and as we view it, the doctrine cannot now be incorporated without doing violence to settled principles of law by which the profession and the public have long been guided.
64 N.E. at 447. In a sharply worded dissent, Judge Gray disagreed. Drawing on what can be recognized as reductionist and control theories of privacy, Judge Gray concluded, “I think that this plaintiff has the same property in the right to be protected against the use of her face for defendant’s commercial purposes as she would have, if they were publishing her literary compositions.” Id. at 450.
Three years later, the Georgia Supreme Court, expressly rejecting the majority decision from Roberson, reached an opposite conclusion in Pavesich. In Pavesich, an insurance company used a man’s picture to sell insurance without his authorization. After reviewing the history of efforts to litigate questions of privacy law and quoting at length from Judge Gray’s dissent, the Georgia court explained:
The knowledge that one’s features and form are being used for such a purpose and displayed in such places as such advertisements are often liable to be found brings not only the person of an extremely sensitive nature, but even the individual of ordinary sensibility, to a 34realization that his liberty has been taken away from him, and, as long as the advertiser uses him for these purposes, he can not be otherwise than conscious of the fact that he is, for the time being, under the control of another, that he is no longer free, and that he is in reality a slave without hope of freedom, held to service by a merciless master; and if a man of true instincts, or even of ordinary sensibilities, no one can be more conscious of his complete enthrallment than he is.
So thoroughly satisfied are we that the law recognizes within proper limits, as a legal right, the right of privacy, and that the publication of one’s picture without his consent by another as an advertisement, for the mere purpose of increasingly the profits and gains of the advertiser, is an invasion of this right, that we venture to predict that the day will come when the American bar will marvel that a contrary view was ever entertained by judges of eminence and ability….
50 S.E. at 80–81. While Pavesich laid the groundwork for the tort of appropriation and acknowledged a right to privacy, it also recognized the tension that this right could have with other long-established principles of both contract law and free speech. See id. at 72, 74. This tension has led to the development of affirmative defenses to the tort.
The most common defense, and one necessarily implicated by the First Amendment to the U.S. Constitution, is that the subject’s personality is of 35public interest. News agencies can use the name, likeness, or identity of an individual in news stories, even though they have a commercial motive in publishing, broadcasting, or distributing the information. In most jurisdictions, a news organization must show the material published was “newsworthy.” Almost any information about a well-known public figure or a public official will be considered newsworthy, as well as any person’s recent involvement in criminal behavior. As with each privacy tort, a right against appropriation can be waived by either explicit or implied consent. A final defense to appropriation is that the individual is not identifiable. This defense is rarely raised because, logically, the person who could bring the claim will rarely learn their likeness has been improperly appropriated.
False light concerns placing an individual in a “false light” in the eyes of the public, typically by publicly misrepresenting statements as being attributed to the individual. These misrepresentative statements are usually highly offensive to the person or otherwise may expose them to danger of retribution by other parties that have learned of the statements. At first glance, this appears similar to defamation, and some commentators have indeed suggested that courts are migrating away from what would otherwise be difficult defamation cases into the more lenient realm of the false light tort. This is inconsistent with the purpose behind false light. A successful 36defamation action requires that the information be false; whereas in a privacy action for false light, the information is usually accurate or non-falsifiable, but creates a misleading impression about the alleged speaker. According to § 652D of the Restatement (Second) of Torts, false light occurs when the publication by the actor would be highly offensive to a reasonable person and the actor undertook the publication with knowledge or a reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.26
False light tort violations emerged in Hinish v. Meier & Frank Co., 113 P.2d 438 (1941), where the plaintiff’s name was falsely signed to a telegram to the governor urging defeat of certain legislation. The Oregon Supreme Court found, based on an extension of the appropriation tort, that the defendants had taken the plaintiff’s name “and whatever influence he may have possessed, and injected them into a political controversy in which … he had no interest.” Id. at 448. Interestingly, unlike Judge Gray and the Pavesich court, the Hinish court reached this conclusion based on explicitly anti-reductionist grounds in reaction to technological advancements:
… [W]e deem it unnecessary to search for a right of property, or a contract, or a relation of confidence. The question is whether a right of privacy, distinct and of itself and not incidental to some other long recognized right, is to be accepted by the courts and a violation of the right held actionable ….
Our consideration of the subject leads us to the conclusion that natural justice and the needs of the society in which we live should prevail over objections based upon the novelty of the asserted cause of action. It is time that fictions be abandoned and the real character of the injury be frankly avowed. When Brandeis and Warren wrote in 1890, it was the unseemly intrusions of a portion of the press into the privacy of the home that was emphasized as the main source of evil; since then motion pictures and the radio have been perfected and have taken their places among our great industries, while instantaneous photography today accomplishes miracles scarcely dreamed of fifty years ago. Thus, the potentialities for this character of wrong are now greatly multiplied. A decision against the right of privacy would be nothing less than an invitation to those so inclined who control these instrumentalities of communication, information and education, to put them to base uses, with complete immunity, and without regard to the hurt done to the sensibilities of individuals whose private affairs might be 38exploited, whether out of malice or for selfish purposes.
Id. at 446–47.
There are several defenses to a false light tort claim. False light is the only privacy tort that allows accuracy as a defense. If the public statement was correctly attributed to the plaintiff, then there is, by definition, no false light claim. Other defenses include that the individual was not identified, the conduct was not offensive to a reasonable person, and consent to the use of the individual’s name. Whether the tort of false light will eventually evolve from its privacy roots into a watered down defamation tort remains to be seen. For now it continues to be important to view the two concepts separately, with false light being a true privacy tort.
Disclosure (sometimes called “wrongful publication of private facts”) is the act of publicizing embarrassing facts about an individual that were otherwise not widely known. For example, sexual relations, contents of personal letters, family quarrels, medical treatment, and photographs of a person in their home have all been classified as “private facts” by courts. One can break down this tort into four elements: (1) dissemination of true information; (2) offensive to a reasonable person; (3) not of public concern; and (4) so intimate that publication outrages the public’s sense of decency.
The first signs of the disclosure tort appeared in Melvin v. Reid, 297 P. 91 (1931). The plaintiff was a former prostitute who, following a trial and acquittal on murder charges, had reformed herself and had taken up “an exemplary, virtuous, honorable, and righteous life,” and whose criminal past was not widely known. Id. at 91. The defendants produced a motion picture based on the plaintiff’s earlier life in which they used her real name and advertised the film as being a true account of the plaintiff’s life. Following a review of the law of other states, the California court concluded that while the defendants were entitled to produce a film based on the facts of the plaintiff’s life, the use of the plaintiff’s real name was “not justified by any standard of morals or ethics known to us ….” Id. at 93. The court specifically declined to say that it was devising a new tort, instead basing its decision on the California state constitution’s protection of the right of “pursuing and obtaining safety and happiness.” Id. Relying in part on Melvin, the Florida Supreme Court formally recognized a tort of disclosure in Cason v. Baskin, 20 So. 2d 243 (1945).
Disclosure is the privacy tort that most closely butts up against the First Amendment’s guarantee of freedom of speech and press. In Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975), a television station obtained details about the rape and murder of a seventeen year-old girl from court records and subsequently broadcast her name and other truthful information about her. The victim’s father, claiming his privacy was invaded by the use of his daughter’s 40name, sued the station pursuant to a Georgia statute banning the release of rape victims’ names and also in tort for wrongful disclosure of private facts. In a decision that effectively overruled the prototypical disclosure case, Melvin v. Reid, the U.S. Supreme Court held that, given the information had been obtained from official court records, the First and Fourteenth Amendments precluded a claim based on the tort of disclosure. Id. at 492–96. The Court concluded by observing:
If there are privacy interests to be protected in judicial proceedings, the States must respond by means which avoid public documentation or other exposure of private information. Their political institutions must weigh the interests in privacy with the interests of the public to know and of the press to publish. Once true information is disclosed in public court documents open to public inspection, the press cannot be sanctioned for publishing it.
Id. at 496. The decision in Cox Broadcasting significantly limited the growth of the disclosure tort and, to some extent, has forced it into a hybridization with the tort of intrusion discussed below.
Although most courts had presumed newsworthiness and use of information from public records were defenses to the tort of disclosure, the Cox Broadcasting ruling made clear that these defenses were not merely prudential, but constitutionally required. Consequently, newsworthiness is generally an extremely successful 41defense because courts have broadly construed what information is of legitimate public concern. Furthermore, because courts have recognized that certain individuals are hypersensitive, a requirement that the disclosure outrage community notions of decency or be patently offensive to a reasonable person has been required since the earliest cases. See, e.g., Cason, 20 So. 2d at 251 (“The protection afforded by the law to this right must be restricted to ‘ordinary sensibilities,’ and cannot extend to supersensitiveness or agoraphobia.”). Finally, courts have long taken into account a plaintiff’s character as a public figure when determining whether the disclosure was tortious.
Appropriation, false light, and disclosure are all torts that require publicity; intrusion, on the other hand, is unwanted information gathering in someone’s private space. Intrusion is the act of invading an individual’s private affairs or solitude. Legal wrongdoing occurs at the time of the intrusion, not at publication as in the other three torts. Intrusion on an individual’s solitude encompasses not only physical intrusion into their presence, but also audio and visual intrusions via artificial means.
Identifying the exact point at which the tort of intrusion formed is difficult given that many of the cases that first explored this tort concerned facts that would suggest other types of privacy torts or 42perhaps not even be recognized as privacy torts at all under modern jurisprudence. One of the early cases which stands out as recognizing the key distinction of the harm flowing from the intrusion itself, rather than the publication, is Rhodes v. Graham, 37 S.W.2d 46 (Ky. 1931). In Rhodes, the defendants tapped the telephone lines of the plaintiffs and made recordings of their conversations. There was no indication that the defendants publicized the contents of the recordings or otherwise disseminated them beyond the circle of conspirators involved in the wiretapping. Citing Warren and Brandeis’s article and analogizing the situation to that of the common law trespass tort of eavesdropping, the Kentucky Court of Appeals concluded:
The evil incident to the invasion of the privacy of the telephone is as great as that occasioned by unwarranted publicity in newspapers and by other means of a man’s private affairs for which courts have granted the injured person redress. Whenever a telephone line is tapped the privacy of those talking over the line is invaded and conversations, wholly proper and confidential, may be overheard.
Id. at 47.
It also bears mention that intrusion differs from the tort of disclosure in that it extends protection even over public figures whose personal affairs might otherwise be considered sufficiently newsworthy to merit publication. In Galella v. 43Onassis, 487 F.2d 986 (2d Cir. 1973), a freelance photographer followed Jacqueline Kennedy Onassis for purposes of photographing her at inopportune times, but claimed he was permitted to do so because she was a public figure. The Second Circuit thought differently, stating, “[t]here is no constitutional right to assault, harass, or unceasingly shadow or distress public figures.” Id. at 991.
The primary defense to a claim of intrusion is that the alleged tortfeasor’s conduct actually took place in a public space. Claims generally will not lie for intrusive actions in public spaces, with the exception of harassment, but in such situations other non-privacy torts, e.g., assault, battery, or intentional infliction of emotional distress, are more likely to be invoked. Freedom from intrusion can also be waived by either explicit or implied consent. A narrower defense occurs through recognition of a right for individuals pursuing news stories to go on property with law enforcement and fire officials. In Florida Publishing Co. v. Fletcher, 340 So. 2d 914 (Fla. 1976), a newspaper photographer accompanying fire investigators took a picture of a silhouette left on a floor by a girl’s body who had been trapped in the fire. The girl’s mother sued, claiming trespass and an invasion of privacy. The Florida Supreme Court did not find there was a trespass or invasion of privacy because the fire was a disaster of public interest and it was customary for journalists to accompany public officials to the scene of disasters. Id. at 915. Ultimately, the tort of intrusion frequently disappears in a sea of 44reductionism because it is a rare occasion that a putative commission of the tort will not be accompanied by other, better-established torts relating to the protection of person and property.
Examining the development of privacy definitions allows one to understand how flexible the concept of “privacy” is. Our review so far has focused primarily on U.S. law. It is important, however, to become familiar with the international privacy environment in comparison to the generally held U.S. view of privacy. The issues individuals consider private are formed by culture and history, and vary across cultures and historical eras. Equally, technological advancement is both an endogenous and exogenous driver of change in expectations regarding privacy. There is also a common denominator underlying both cultural and technological concerns regarding privacy: the commoditization of information and, by necessary implication, privacy. Successful privacy laws must be reactive to both social and technological reality, while simultaneously facilitating and restraining the use of personal information in market transactions. This precarious troika describes the modern state of privacy.
A majority of countries throughout the world recognize some form of a right to privacy in their 45constitutions.27 These provisions include at least rights of inviolability of the home and secrecy of communications. In countries including the United States, where no explicit right to privacy is found in the Constitution, the right is often implied through other provisions. In the 1960s, protecting personal information became an increasing concern because of the digitization of personal information and the increased reliance by both public and private entities on the collection, use, storage, and exchange of personal information. In the early 1970s, countries began adopting laws to protect the privacy of information within their countries and, by the late 1980s, most advanced industrial countries had adopted some form of privacy law.28 There is a 46general shift towards the development and adoption of comprehensive privacy laws that establish a mechanism for protection. The idea of protecting the right to privacy continues to gain strength across the globe. The number of countries recognizing some form of data privacy laws has steadily increased from 76 in 2011 to 101 by mid-2013.29 These laws vary with particular governments, with some advocating more stringent laws like the European Union and others placing less importance on privacy including, perhaps surprisingly, the United States.
Due to Europe’s historically greater distrust of corporations than in the United States, European privacy law has focused most heavily on protecting consumers’ personal information from being improperly collected or misused by commercial entities. In most European nations, personal information cannot be collected without consumers’ permission and they have the right to review the data and correct inaccuracies. Companies that process data must register their activities with the government and personal information cannot be shared by companies or across borders without express permission. Even intrusions into privacy that most Americans take for granted, including employers monitoring their employees’ private communications or checkout clerks requesting 47addresses and telephone numbers from patrons, are restricted in many European countries. To a large extent, these rights stem from the E.U. Directive on Data Protection of 1995 (Data Protection Directive).30 The Directive’s purpose is to provide for analogous protections for personal information throughout the European Community.
Central to the Data Protection Directive is enforceability. The European Union wants to ensure that individuals have rights enshrined in explicit rules, and that they can go to a governmental authority that can act on their behalf to assist in the preservation of those rights. Indeed, the Data Protection Directive is in many ways a classical example of “positive law”—it creates broad obligations for private entities to protect the personal information of individuals and strongly proscribes how such information, once collected, can be used or disseminated.
In the United States, privacy is most often equated with liberty from an intrusive government. Traditionally, Americans have been, if not necessarily trusting of the business sector, then at 48least not highly skeptical of it; instead reserving their deepest distrust for the institutions of government, and particularly the Federal government. Illustrative of the United States’ position on privacy is a statement from Senator George McGovern: “One way to attack a nation such as the United States which depends heavily on information and communications is to restrain the flow of information—cutting off contact between the headquarters and the overseas branches of a multinational firm; taxing telecommunications crossing borders; building information walls around a nation.” Thus, the United States has mainly focused not so much on the protection of personal privacy in day-to-day affairs, but instead at the point where individuals most directly come into conflict with government—criminal law.
When the United States has addressed privacy concerns beyond the criminal context, it most often has sought to do so in a manner that would have the least possible impact on economic activity beyond what was perceived as being necessary to address a particular immediate concern. The United States uses what is typically called a “sectoral approach” that relies on a mix of legislation and self-regulation. The United States avoids general data protection rules in favor of specific laws governing, for example, video rental records and information collected during certain types of financial transactions. A variety of mechanisms enable enforcement, but there is a strong bias toward self-regulation, where companies and industry bodies establish codes of practice. In most day-to-day 49situations in the United States, unlike in the European Union, the default position will be that either no privacy protection applies beyond the privacy torts (not all of which are even recognized in every state), or a limited amount of protection flowing from contractual agreements.
In 1977, the Organization for Economic Cooperation and Development (OECD) convened an international conference to discuss the problems of “transborder data flows”—the ability to manage the international movement of personal information. Over 300 representatives from various governments, private industry, and intergovernmental organizations determined that national legislation on privacy of personal data should be harmonized. In an effort to mitigate what it feared might be an overly restrictive approach to the subject, the United States government formed an interagency task force that drafted the proposed guidelines, and in 1980, the OECD adopted guidelines that included most of the United States’ proposals. Realizing the changing technological landscape, and new challenges presented in today’s global economy, the OECD revised these guidelines in 2013, marking the first update to the guidelines since their inception in 1980.
The 2013 OECD guidelines introduced several new concepts, including a focus on coordinating privacy strategies at the government level, privacy 50management programs to ensure appropriate safeguards are implemented, and the need for effective notice procedures for those affected by a privacy breach. Rather than add to the 1980 principles, the 2013 guidelines attempt to act as more of a blueprint on how to best implement the 1980 principles in practice. For example, the new concepts noted above are discussed in a new section, titled “Implementing Accountability,” and a revised section, titled “National Implementation.” These sections stress the importance of these new concepts in adhering to the privacy principles by recommending member countries, and those that control the data, to implement these new concepts in their overall privacy protection schemes. So despite the first update to the guidelines since their inception in 1980, the 2013 guidelines remain committed to the original eight principles, which have become the touchstone of modern privacy law in the international context.31
1. The Collection Limitation Principle: “There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.”
2. The Data Quality Principle: “Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.”
3. The Purpose Specification Principle: “The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.”
4. The Use Limitation Principle: “Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law.” Paragraph 9 refers to the purpose specification principle.
5. The Security Safeguards Principle: “Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.”
6. The Openness Principle: “There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their 52use, as well as the identity and usual residence of the data controller.”
7. The Individual Participation Principle: “An individual should have the right: a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.”
8. The Accountability Principle: “A data controller should be accountable for complying with measures which give effect to the principles stated above.”
A proposal by several countries following the enactment of the 1980 guidelines to adopt them as a legally enforceable treaty was rejected. This meant adherence to the 1980 guidelines was completely voluntary, however, in the years following the adoption of the 1980 guidelines many nations enacted legislation or regulations that in some manner tracked them. The most notable example of this is the E.U.-U.S. Safe Harbor, which seeks to reconcile the European and American approaches to privacy described above.
The “Safe Harbor,” which is analyzed at length in Chapter 4, incorporated the 1980 OECD Guidelines as regulations administered primarily by the Federal Trade Commission. U.S. businesses voluntarily certify that they will comply with provisions of the Safe Harbor and are thereby allowed to continue receiving data transfers from the European Union. The precise means of complying with the Safe Harbor are left to the discretion of the businesses registering with it, but the Federal Trade Commission, under its authority to punish deceptive trade practices, enforces compliance with those standards once enunciated. The 2013 guidelines present another opportunity for countries to act, and we will have to wait and see what, if any, changes occur as a result of the updated guidelines.
Whether altering the definitions of privacy or causing greater collection, retention, and use of personal information, technology challenges and reshapes privacy law and policy on a daily basis. Indeed, courts recognized almost as a matter of course when adopting the privacy torts that technological advancements have altered traditional expectations of privacy. These advancements assist the aggregation, storage, and analysis of immense amounts of information about people; breed an extraordinary capacity to track and monitor people; and permit access to, communication, and publication of this information at ever-greater volumes and speeds.
Specific fields of technological development that impact privacy will be discussed in Chapter 5, but it is useful to first contemplate the point that, as the U.K. Royal Academy of Engineering suggests, all information technologies can be divided into three major categories: connection, processing, and disconnection. “Connection” technologies are those which affect how organizations transfer information both internally and externally, whether to or from other organizations or individuals. While improvements in connection technologies lower transaction costs while permitting broader distribution of goods and services, they also lead to greater collection and retransmission of personal information. “Processing” technologies are addressed to the problems of how organizations internally handle information. Effectively, they represent the ability to add value to the raw data collected and moved through connection technologies. “Disconnection” technologies are means to control access to personal information. These may be employed by parties utilizing connection or processing technologies, or both, to shield already collected information in their possession, or by parties that wish to prevent the collection and processing of their information in the first place. It is useful to keep these three categories of technology in mind while reviewing efforts to protect privacy, as they give context to regulatory schemes.
It is unquestionable that “information,” broadly construed, has had value for as long as sentient life has existed on Earth. Having exclusive knowledge of the location of a prime hunting ground was a survival advantage over other tribes. Knowing the healing properties of particular herbs conferred status and a position of power over others who lacked this information. As civilization advanced, information became more easily quantified in value, whether as drachmas, shekels, or wen, but the type of information still largely concerned the exterior world—what trade goods were available where, what the physical properties of certain materials were, and so forth.
The revolution that has happened over the past century or so, and most particularly in the post-World War II era, is the economic significance of personal information, i.e., information unique to a particular individual. While personal information was always an exploitable resource, for example to be able to curry favor with a particular noble, it was rarely worth systematically collecting because the vast majority of humanity lived at bare subsistence levels.
The development of mass production flowing from the Industrial Revolution and the corresponding rise of living standards began to alter this equation. As the average person gained disposable income and leisure time, they became more appealing subjects for marketing purposes. This drove the development of marketing into a science, as manufacturers, 56distributors, and retailers increasingly sought to understand the consumer preferences of the general public. While the ability to predict the specific preferences of a particular individual remained elusive, marketers discovered that preferences were generally tied to more easily quantifiable demographic data: sex, age, race, education level, and income. Given the high cost of collecting, storing, and processing this information manually, however, marketers were constrained to conducting surveys of limited numbers of individuals, and long-term storage of the raw data was out of the question except for particularly valuable information.
The invention and refinement of computers and computer networking solved the marketers’ problem. Personal information equivalent to trillions of hardcopy pages of text is now stored and routinely transmitted at minimal cost. Driver’s licenses, motor vehicle records, voter registration lists, medical records, court records, credit card activity reports, financial transfers, and personalized shopping data collected from “loyalty cards” join traditional demographic information in these databases. Each of these data points enables companies to predict future behavior and consumer preferences on an ever more individualized level. Indeed, not only is information used that has been directly collected, but interpolation from that information is increasingly possible as well. For example, purchasing a house in one neighborhood as compared to another will trigger different direct marketing based on census tract information. As computer processing power continues to grow, the 57marketers’ need for additional personal information to provide more data points likewise increases.
This process is, of course, value neutral in and of itself. Humans, by nature, are consumers and generally aspire to do so in a manner that best satisfies their wants and needs, and marketers do not specifically aspire to compromise individual privacy. As Professor Cohen has noted:
The colonization of private spaces by cookies, web bugs, smart microchips, and self-enforcing licenses is an entirely predictable consequence of the market-driven search for more and better information. If information is money, there is no reason to expect that the desire for more information should stop politely at the residential doorstep or its virtual equivalent.32
Ironically, if, as political philosopher Chris Sciabarra has suggested, capitalism was the driving force in developing the modern concept of privacy by enabling people “to produce, earn, and keep the product of their efforts, and to acquire private estates within which to pursue private joys,”33 it may also pose the most pervasive threat to privacy.
_______________________________________
1 William M. Beaney, The Right to Privacy and American Law, 31 LAW & CONTEMP. PROBS. 253, 255 (1966).
2 2 PLATO, THE DIALOGUES OF PLATO 125 (Benjamin Jowett trans., Macmillan & Co. 3d ed. 1892).
3 ERNEST EDWIN REYNOLDS, THE TRIAL OF ST. THOMAS MORE 84 (1964).
4 JOHN LOCKE, TWO TREATISES OF GOVERNMENT 204 (George Routledge & Sons 2d ed. 1887).
5 Entick v. Carrington, 95 Eng. Rep. 807, 817 (C.P. 1765).
6 Déclaration de Droits de l’Homme ét du Citoyen, art. X (Fr. 1789).
7 Samuel Warren & Louis Brandeis, The Right to Privacy, 4 HARV. L. REV. 193, 193 (1890) (emphasis added).
8 Id. at 216.
9 Judith Jarvis Thomson, The Right to Privacy, 4 PHIL. & PUB. AFF. 295 (1975) (emphasis omitted).
10 Id.
11 E.L. Godkin, Libel and its Legal Remedy, 12 J. OF SOC. SCI. 69, 80 (1880).
12 ANITA L. ALLEN, UNEASY ACCESS: PRIVACY FOR WOMEN IN A FREE SOCIETY 10 (1988).
13 Ruth Gavison, Privacy and the Limits of Law, 89 YALE L.J. 421, 422–24 (1980).
14 DAVID M. O’BRIEN, PRIVACY, LAW, AND PUBLIC POLICY 15 (1979).
15 Judith Jarvis Thomson, The Right to Privacy, PHILOSOPHICAL DIMENSIONS OF PRIVACY 284 (Ferdinand David Schoeman ed. 1984).
16 Charles Fried, Privacy, 77 YALE L.J. 475, 482 (1968).
17 See ALAN F. WESTIN, PRIVACY AND FREEDOM 324 (1967).
18 Tom Gerety, Redefining Privacy, 12 HARV. C.R.-C.L. L. REV. 233, 262–63 (1977).
19 JEFFREY ROSEN, THE UNWANTED GAZE 9 (2001).
20 See Jeffrey H. Reiman, Privacy, Intimacy, and Personhood, PHILOSOPHICAL DIMENSIONS OF PRIVACY 304–06 (Ferdinand David Schoeman ed., 1984).
21 See Julie E. Cohen, Privacy, Ideology, and Technology: A Response to Jeffery Rosen, 89 GEO. L.J. 2029, 2031–32 (2001).
22 RICHARD A. POSNER, THE ECONOMICS OF JUSTICE 232–35 (1981).
23 See generally CATHARINE MACKINNON, TOWARD A FEMINIST THEORY OF THE STATE (1989).
24 Helen Nissenbaum, Protecting Privacy in an Information Age: The Problem of Privacy in Public, 17 Law & Phil. 559, 576 (1998), available at http://www.nyu.edu/projects/nissenbaum/papers/privacy.pdf (last visited Oct. 3, 2013).
25 Privacy rights may also be established by contracts and statutes. Constitutional protections exist as well and will be discussed at length below. Each of these methods is typically narrower than the protections of tort law. Contracts typically only provide protection to the actual parties to the agreements. U.S. Statutes most often guard only specific pieces of information held by individuals or entities that fall within narrowly drafted criteria. The U.S. Constitution and most state constitutions only cover privacy violations by state actors. By way of comparison, the European Union has a broad privacy Directive, with many supplemental Directives and rules.
26 False light does not appear in the Restatement (Third) of Torts. Despite this, the tort of false light is still recognized by some states. See, e.g., Gill v. Curtis Pub. Co., 239 P.2d 630 (1952) (recognizing the tort of false light). But see, e.g., Costanza v. Seinfeld, 719 N.Y.S. 2d 29 (2001) (holding that the tort of false light is not a separate claim, but is “within the domain of Civil Rights Law”).
27 In 2006, the US-based Electronic Privacy Information Center and the UK-based Privacy International have completed the most comprehensive survey of global privacy to date. The survey, titled “The Privacy & Human Rights Report,” tracked developments in 70 countries, assessing the state of surveillance and privacy. The purpose of the report is to recognize countries where privacy protection is of high priority and those countries whose privacy efforts have lagged behind in privacy protection. This global report, along with country specific privacy reports, can be found at https://www.privacyinternational.org/reports.
28 Major national laws in order of their passage include: Swedish Data Act (1973); U.S. Privacy Act (1974); German Data Protection Act (1977); Canadian Privacy Act (1977); French Law on Informatics and Liberties (1978); Norwegian Personal Data Registers Act (1978); Danish Private Registers Act (1978); Austrian Data Protection Act (1978); Luxembourg’s Data Protection Act (1979); Iceland’s Act on the Systematic recording of personal Data (1981); New Zealand’s Official Information Act (1982); British Data Protection Act (1984); Finish Personal Data File Act (1987); Irish Data Protection Act (1988); Australian Privacy Act (1988); Japanese Personal Data Protection Act (1988); and the Netherlands’s Data protection Act (1988).
29 Graham Greenleaf, Global Tables of Data Privacy Laws and Bills (Univ. of N.S.W., Research Paper No. 2013–39, 2013), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2280875.
30 The European Commission is considering reforming the Data Protection Directive to “strengthen privacy rights” in order to keep up with “[t]echnological progress.” The new directive, if passed, would establish a single law across the entire European Union and include a “right to be forgotten.” A draft of the proposed directive can be found at http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf.
31 Organization for Economic Cooperation and Development [OECD], OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data C(80)58/FINAL, as amended by C(2013)79 (July 11, 2013), available at http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf.
32 Julie E. Cohen, Privacy, Ideology, and Technology: A Response to Jeffery Rosen, 89 GEO. L.J. 2029, 2041 (2001).
33 Chris Matthew Sciabarra, Privacy and Civilization, THE FREE RADICAL, at 6 (Sept.–Oct. 2003).