Business and Consumer Privacy Blog

Business and Consumer Privacy Blog

Understanding Privacy

Tags: , , , , , , , Definition, Uncategorized 2 comments

Since I am writing a blog about privacy, it seems only natural that I explain what I mean by the word “privacy.” Unfortunately, this is easier said than done and scholars have struggled with an appropriate definition for many years. But, the essential idea was stated succinctly by Louis Brandeis and Samuel Warren when they defined “privacy” as “the right to be left alone.” See Samuel Warren and Louis D. Brandeis, “The Right to Privacy,” Harvard Law Review 4 (1890).

This definition seems correct, but is woefully vague and cries out for further explanation. Unfortunately, any attempt to clarify becomes immensely complicated and messy. Two questions in particular complicate the issue:

1.  Who do we want to leave us alone?

2.  In what ways do we want to be left alone?

Let’s take a look at each question and see why the issue is so complicated.

Entities We Want to Leave Us Alone

The initial response to (1) may be: “We have the right and want to be left alone by everyone!” This may be true. Anyone can decide to throw everything away, move into the woods, and live like a hermit and avoid society. If you move far enough away and are willing to forego enough amenities, you can avoid the bank you owe a mortgage to, your spouse and children who you now owe alimony and child support, your student loan payments, and the IRS. After all, Ted Kaczynski, the Unabomber, and Whitey Bulger —the infamous gangster— were able to avoid detection for many years.

Few of us, however, actually want to go this far (although sometimes — I admit — it seems attractive when staring at my mortgage payment and dealing with my eight year old daughter!!).  However, we still want to be left alone at various times in life. With respect to privacy concerns, it is helpful to think in terms of four broad categories of entities:

1.  The Government

2.  Other Individuals in Society

3.  Companies

4.  Employers

Each category can probably be broken down further, but they serve as a good starting point to start thinking about privacy. Most of us have different privacy interests with respect to each category and want different protections with respect to the different entities.

For example, in U.S. v. Jones, 133 S. Ct. 945 (2012), the Supreme Court found that the police could not track a suspect with a GPS device placed on his car without obtaining a search warrant. The Court found that the government’s use of the GPS device violated the Fourth Amendment, which provides that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”

Fourth Amendment protection is completely irrelevant with respect to companies, such as Google and Apple, who regularly track the location and movement of their customers. See Julia Angwin & Jennifer Valentin-Devries, Apple, Google Collect User Data, Wall St. J. April 22, 2011. These companies rely on consumers’ consent to track their location, which is cheerfully given in order to use these amazing devices and services. For most, it seems like a small price to pay.

Similarly, many people are willing to share intimate aspects of their lives with friends and connections on Facebook, Linked-in, and other social media. We do this under the supposed protections of the companies’ privacy policies and terms of service, although few of us read or understand the details of these policies. It only becomes a problem when something is unwittingly shared with the wrong group of people, such as the poor kids who revealed their homosexuality to their parents through Facebook.  See Geoffrey A. Fowler, When the Most Personal Secrets Get Outed on Facebook, Wall. St. J, Oct. 13, 2012.

Conversely, most people are wisely unwilling to share this information with potential employers, even though employers ask for social media usernames and passwords. Many states now prohibit, or are in the process of prohibiting, employers from asking for social media login credentials. See National Conference of State Legislators, Employer Access to Social Media Passwords Legislation.
 
This blog will explore the different ways that we want to be left alone with respect to the government, companies, other individuals, and employers. I will evaluate these differences, make comparisons about the different methods of protecting our right to be left alone, and make recommendations about ways to improve our protections.

Ways to Be Left Alone

My second question also complicates matters: In what ways do we have the right to be left alone? Scholars have struggled to identify the types of activities that can be considered privacy violations. William Prosser, the famous torts scholar, identified four types of harmful activities considered common-law privacy torts:

1.  Intrusion upon a plaintiff’s seclusion or solitude or into his private affairs.

2.  Public disclosure of embarrassing private facts about the plaintiff.

3.  Publicity which places the plaintiff in a false light in the public eye.

4.  Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.

See William L. Prosser, Privacy, 48 Cal. L. Rev. 383, 389 (1960).  See also Restatement of the Law, Second, Torts, § 652 (identifying privacy torts). More contemporary scholars criticize Prosser’s focus on torts and attempt to identify a wider array of privacy harms that better reflect modern society. See, e.g., Daniel J. Solove, Taxonomy of Privacy, 154 U. Pa. L. Rev. 477 (2006) (identifying taxonomy of privacy harms).

I will not get bogged down in these disputes, but will focus on three areas of our lives:

•  Personal Information

•  Location/Territory

•  Communications

Personal Information

Personal information is any piece of information about a living identifiable human being. This information includes: financial information, social security numbers, medical information, education records, friends/associations, reading habits, pictures, and many, many other intimate aspects of our lives.

Most of us want to keep much of this personal information secret and maintain control over who accesses this type of information. Invasions and intrusions of personal information occur in the following situations: monitoring, unauthorized accessing, data breaches, unwanted disclosure, inaccurate information, deanonymization and identification, identity theft, misuse of information, and other types.

Despite our desire to maintain control over personal information, most of us are willing to allow companies, the government, and other people to have access to some parts of our personal information. Usually, we allow access for the sake of convenience, entertainment, or to maintain personal relationships. In this blog, I will explore the situations when we are willing to grant access to our personal information, the types of protection in place to maintain our control, the adequacy of these protections, and how to improve them.

Location/Territory

Location/Territory refers to our physical space, location and environment. Most people want to ensure that others do not intrude in our physical space and environment without our consent. Invasions and intrusions take the form of video surveillance, tracking, trespassing, photography, unlawful searches, and others.

Although we do not want our physical space invaded or to be tracked without our consent, consent is often freely given to companies when they ask. I am constantly bombarded with requests from my smart-phone about apps that want to access my location. I usually let them, even though it’s often unclear why the app wants my location. In this blog, I will explore the tensions in our thoughts about location privacy, and explore our willingness to share our location with companies while we are unwilling to share it with the government, other individuals, or our employer.

Communications

Communications refers to the exchange of information through writing, speaking, typing or any other method of exchanging information. This includes, but is not limited to, the following forms of communication: postal mail, telephone conversations, email, in-person communications, and many others. Most of us want to keep our communications private and do not want to share them with unintended recipients. Invasions or intrusions take the form of monitoring, recording, unauthorized access, inadvertent disclosure, wiretapping, and others.

Although we want our communications to be kept private, most of us regularly use one of the most unsecure forms of communications: e-mail. Employees are constantly warned not to use their employers’ computers for private communications, but constantly ignore these warnings and these communications are accessible to the employer. Furthermore, Edward Snowden revealed widespread collection by the NSA of Americans’ phone records and monitoring of the internet, but these revelations have not lead to widespread reforms and most people continue to use email without encrypting their messages.  See Andrea Peterson, A year after Snowden’s revelations, government surveillance reforms’ a work in progress, Wash. Post. June 5, 2014.

In this blog, I will also explore our thoughts about communication privacy, including the steps that we are willing to take to protect the privacy of our communications, and how to counterbalance this with other interests such as security, convenience, accessibility, and others.

In short, there is a lot to talk about. Thanks for taking the time to read this and I welcome your thoughts about privacy and anything discussed here.

2 comments

Bill Neuman - November 4, 2014 Reply

What is the relationship between Privacy and Identity Theft. Is Identity Theft just an extreme example of a loss of privacy?

Mark Bross - November 6, 2014 Reply

Yes, I think identity theft is an an extreme example of a loss of privacy. It is also one of few examples where a loss of privacy can be sued over civilly or generate criminal charges.

Add your comment