Privacy laws of the United States

Privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into their private affairs, discloses their private information, publicizes them in a false light, or appropriates their name for personal gain.[1]

Privacy International 2007 privacy ranking
  Consistently upholds human rights standards
  Significant protections and safeguards
  Adequate safeguards against abuse
  Some safeguards but weakened protections
  Systemic failure to uphold safeguards
  Extensive surveillance societies
  Endemic surveillance societies

The essence of the law derives from a right to privacy, defined broadly as "the right to be let alone". It usually excludes personal matters or activities which may reasonably be of public interest, like those of celebrities or participants in newsworthy events. Invasion of the right to privacy can be the basis for a lawsuit for damages against the person or entity violating the right. These include the Fourth Amendment right to be free of unwarranted search or seizure, the First Amendment right to free assembly, and the Fourteenth Amendment due process right, recognized by the Supreme Court of the United States as protecting a general right to privacy within family, marriage, motherhood, procreation, and child rearing.[2][3]

Attempts to improve consumer privacy protections in the U.S. in the wake of the 2017 Equifax data breach, which affected 145.5 million U.S. consumers, failed to pass in Congress.[4]

Right to privacy

Early years

The early years in the development of privacy rights began with English common law, protecting "only the physical interference of life and property".[5] The Castle doctrine analogizes a person's home to their castle – a site that is private and should not be accessible without permission of the owner. The development of tort remedies by the common law is "one of the most significant chapters in the history of privacy law".[6] Those rights expanded to include a "recognition of man's spiritual nature, of his feelings and his intellect." Eventually, the scope of those rights broadened even further to include a basic "right to be let alone," and the former definition of "property" would then comprise "every form of possession – intangible, as well as tangible." By the late 19th century, interest in privacy grew as a result of the growth of print media, especially newspapers.[6]

Between 1850 and 1890, U.S. newspaper circulation grew by 1,000 percent  from 100 papers with 800,000 readers to 900 papers with more than 8 million readers.[6] In addition, newspaper journalism became more sensationalized, and was termed yellow journalism. The growth of industrialism led to rapid advances in technology, including the handheld camera, as opposed to earlier studio cameras, which were much heavier and larger. In 1884, Eastman Kodak company introduced their Kodak Brownie, and it became a mass market camera by 1901, cheap enough for the general public. This allowed people and journalists to take candid snapshots in public places for the first time.

Privacy was dealt with at the state level. For example, Pavesich v. New England Life Insurance Company (in 1905) was one of the first specific endorsements of the right to privacy as derived from natural law in US law. Judith Wagner DeCew stated, "Pavesich was the first case to recognize privacy as a right in tort law by invoking natural law, common law, and constitutional values."[7]

Samuel D. Warren and Louis D. Brandeis, partners in a new law firm, feared that this new small camera technology would be used by the "sensationalistic press." Seeing this becoming a likely challenge to individual privacy rights, they wrote the "pathbreaking"[6] Harvard Law Review article in 1890, "The Right to Privacy".[8] According to legal scholar Roscoe Pound, the article did "nothing less than add a chapter to our law",[9] and in 1966 legal textbook author, Harry Kalven, hailed it as the "most influential law review article of all".[6] In the Supreme Court case of Kyllo v. United States, 533 U.S. 27 (2001), the article was cited by a majority of justices, both those concurring and those dissenting.[6]

Brandeis and Warren article

The development of the doctrine regarding the tort of "invasion of privacy" was largely spurred by the Warren and Brandeis article, "The Right to Privacy". In it, they explain why they wrote the article in its introduction: "Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the demands of society".[8] More specifically, they also shift their focus on newspapers:

The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. ... The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.[8]

They then clarify their goals: "It is our purpose to consider whether the existing law affords a principle which can properly be invoked to protect the privacy of the individual; and, if it does, what the nature and extent of such protection is".[8]

Warren and Brandeis write that privacy rights should protect both businesses and private individuals. They describe rights in trade secrets and unpublished literary materials, regardless whether those rights are invaded intentionally or unintentionally, and without regard to any value they may have. For private individuals, they try to define how to protect "thoughts, sentiments, and emotions, expressed through the medium of writing or of the arts". They describe such things as personal diaries and letters needing protection, and how that should be done: "Thus, the courts, in searching for some principle upon which the publication of private letters could be enjoined, naturally came upon the ideas of a breach of confidence, and of an implied contract". They also define this as a breach of trust, where a person has trusted that another will not publish their personal writings, photographs, or artwork, without their permission, including any "facts relating to his private life, which he has seen fit to keep private". And recognizing that technological advances will become more relevant, they write: "Now that modern devices afford abundant opportunities for the perpetration of such wrongs without any participation by the injured party, the protection granted by the law must be placed upon a broader foundation".[8]

There have been many laws related to privacy and data protection in recent years that have been enforced as a result of the rapid technological advancements. However, critics and scholars have argued that these guidelines are usually focused on legal factors, rather than technical details, which make it difficult for engineers and developers to ensure that new designs meet the guidelines stated in privacy laws.[10]

Modern tort law

In the United States,"invasion of privacy" is a commonly used cause of action in legal pleadings. Modern tort law, as first categorized by William Prosser, includes four categories of invasion of privacy:[11]

  • Intrusion of solitude: physical or electronic intrusion into one's private quarters
  • Public disclosure of private facts: the dissemination of truthful private information which a reasonable person would find objectionable
  • False light: the publication of facts which place a person in a false light, even though the facts themselves may not be defamatory
  • Appropriation: the unauthorized use of a person's name or likeness to obtain some benefits

Intrusion of solitude and seclusion

Intrusion of solitude occurs where one person intrudes upon the private affairs of another. In a famous case from 1944, author Marjorie Kinnan Rawlings was sued by Zelma Cason, who was portrayed as a character in Rawlings' acclaimed memoir, Cross Creek.[12] The Florida Supreme Court held that a cause of action for invasion of privacy was supported by the facts of the case, but in a later proceeding found that there were no actual damages.

Intrusion upon seclusion occurs when a perpetrator intentionally intrudes, physically, electronically, or otherwise, upon the private space, solitude, or seclusion of a person, or the private affairs or concerns of a person, by use of the perpetrator's physical senses or by electronic device or devices to oversee or overhear the person's private affairs, or by some other form of investigation, examination, or observation intrude upon a person's private matters if the intrusion would be highly offensive to a reasonable person. Hacking into someone else's computer is a type of intrusion upon privacy,[13] as is secretly viewing or recording private information by still or video camera.[14] In determining whether intrusion has occurred, one of three main considerations may be involved: expectation of privacy; whether there was an intrusion, invitation, or exceedance of invitation; or deception, misrepresentation, or fraud to gain admission. Intrusion is "an information-gathering, not a publication, tort ... legal wrong occurs at the time of the intrusion. No publication is necessary".[15]

Restrictions against the invasion of privacy encompasses journalists as well:

The First Amendment has never been construed to accord newsmen immunity from torts or crimes committed during the course of newsgathering. The First Amendment is not a license to trespass, to steal, or to intrude by electronic means into the precincts of another's home or office.[15][16]

Public disclosure of private facts

Public disclosure of private facts arises where one person reveals information which is not of public concern, and the release of which would offend a reasonable person.[17] "Unlike libel or slander, truth is not a defense for invasion of privacy."[13] Disclosure of private facts includes publishing or widespread dissemination of little-known, private facts that are non-newsworthy, not part of public records, public proceedings, not of public interest, and would be offensive to a reasonable person if made public.[15]

False light

False light is a legal term that refers to a tort concerning privacy that is similar to the tort of defamation. For example, the privacy laws in the United States include a non-public person's right to privacy from publicity which creates an untrue or misleading impression about them. A non-public person's right to privacy from publicity is balanced against the First Amendment right of free speech.

False light laws are "intended primarily to protect the plaintiff's mental or emotional well-being".[18] If a publication of information is false, then a tort of defamation might have occurred. If that communication is not technically false but is still misleading, then a tort of false light might have occurred.[18]

The specific elements of the Tort of false light vary considerably even among those jurisdictions which do recognize this tort. Generally, these elements consist of the following:

Thus in general, the doctrine of false light holds:

One who gives publicity to a matter concerning another before the public in a false light is subject to liability to the other for invasion of privacy, if (a) the false light in which the other was placed would be highly offensive to a reasonable person, and (b) the actor had knowledge of or acted in a reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.[19]

For this wrong, money damages may be recovered from the first person by the other.

At first glance, this may appear to be similar to defamation (libel and slander), but the basis for the harm is different, and the remedy is different in two respects. First, unlike libel and slander, no showing of actual harm or damage to the plaintiff is usually required in false light cases, and the court will determine the amount of damages. Second, being a violation of a Constitutional right of privacy, there may be no applicable statute of limitations in some jurisdictions specifying a time limit within which period a claim must be filed.

Consequently, although it is infrequently invoked, in some cases false light may be a more attractive cause of action for plaintiffs than libel or slander, because the burden of proof may be less onerous.

What does "publicity" mean? A newspaper of general circulation (or comparable breadth) or as few as 3–5 people who know the person harmed? Neither defamation nor false light has ever required everyone in society be informed by a harmful act, but the scope of "publicity" is variable. In some jurisdictions, publicity "means that the matter is made public, by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge."[20]

Moreover, the standards of behavior governing employees of government institutions subject to a state or national Administrative Procedure Act (as in the United States) are often more demanding than those governing employees of private or business institutions like newspapers. A person acting in an official capacity for a government agency may find that their statements are not indemnified by the principle of agency, leaving them personally liable for any damages.

Example: If someone's reputation was portrayed in a false light during a personnel performance evaluation in a government agency or public university, one might be wronged if only a small number initially learned of it, or if adverse recommendations were made to only a few superiors (by a peer committee to department chair, dean, dean's advisory committee, provost, president, etc.). Settled cases suggest false light may not be effective in private school personnel cases,[21] but they may be distinguishable from cases arising in public institutions.

Appropriation of name or likeness

Although privacy is often a common-law tort, most states have enacted statutes that prohibit the use of a person's name or image if used without consent for the commercial benefit of another person.[22]

Appropriation of name or likeness occurs when a person uses the name or likeness of another person for personal gain or commercial advantage. Action for misappropriation of right of publicity protects a person against loss caused by appropriation of personal likeness for commercial exploitation. A person's exclusive rights to control their name and likeness to prevent others from exploiting without permission is protected in similar manner to a trademark action with the person's likeness, rather than the trademark, being the subject of the protection.[13]

Appropriation is the oldest recognized form of invasion of privacy involving the use of an individual's name, likeness, or identity without consent for purposes such as ads, fictional works, or products.[15]

"The same action  appropriation  can violate either an individual's right of privacy or right of publicity. Conceptually, however, the two rights differ."[15]

Privacy law legislation

Fair Credit Reporting Act

The Fair Credit Reporting Act became effective on April 25, 1971 and implemented limitations on the information that could be collected, stored, and utilized by agencies such as credit bureaus, tenant screenings, and health agencies. The law also defined the rights granted to individuals in regards to their financial information including the right to obtain a credit score; the right to know what information is in your financial file; the right to know when your information is being accessed and used; and the right to dispute any inaccurate or incorrect information.[23]

Video Privacy Protection Act

Health Insurance Portability and Accountability Act

Signed in law on August 21, 1996, Health Insurance Portability and Accountability Act (HIPAA) is a piece of legislation passed in the United States that limits the amount and types of information that can be collected and stored by healthcare providers. This includes limits on how that information can be obtained, stored, and released.[24] HIPAA also developed data confidentiality requirements that are a part of "The Privacy Rule."[25]

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLA) is a federal law that was signed into effect on November 12, 1999. This act placed increased limits and requirements for data collection by financial institutions, as well as limited how that information could be collected and stored. It focused on requiring financial institutions to take specific measure to increase the safety and confidentiality of the information being collected. In addition to this, the law also put limitations on what type of data could be collected by financial institutions and how they could use that information.[24] The act strives to protect NPI, or nonpublic personal information, which is any information that is collected regarding an individual's finances that is not otherwise publicly available.[25]

Children's Online Privacy Protection Act

The Children's Online Privacy Protection Act (COPPA), passed on April 21, 2000, is a federal law in the United States that puts severe restrictions on what data companies can collect, share, or sell about children who are under the age of 13.[26] A core provision under COPPA is that a website operator must "obtain verifiable parental consent before any collection, use, or disclosure of personal information from children."[27]

Constitutional basis for right to privacy

Federal

Although the word "privacy" is actually never used in the text of the United States Constitution,[28] there are Constitutional limits to the government's intrusion into individuals' right to privacy. This is true even when pursuing a public purpose such as exercising police powers or passing legislation. The Constitution, however, only protects against state actors. Invasions of privacy by individuals can only be remedied under previous court decisions.

The First Amendment protects the right to free assembly, broadening privacy rights. The Fourth Amendment to the Constitution of the United States ensures that "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." The Fourth Amendment was the Framers' attempt to protect each citizen's spiritual and intellectual integrity. A government that violates the Fourth Amendment in order to use evidence against a citizen is also violating the Fifth Amendment.[29] The Ninth Amendment declares that "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

The Supreme Court has interpreted the Fourteenth Amendment as providing a substantive due process right to privacy. This was first affirmed by several Supreme Court Justices in Griswold v. Connecticut, a 1965 decision protecting a married couple's rights to contraception. In Roe v. Wade (1973), the Supreme Court invoked a "right to privacy" as creating a right to an abortion, sparking a lasting nationwide debate on the meaning of the term "right to privacy". In Lawrence v. Texas (2003), the Supreme Court invoked the right to privacy regarding the sexual practices of same-sex couples. However, due to Dobbs v. Jackson Women's Health Organization (2022) breaking many precedents set by Griswold and Roe, the privacy interpretations brought about specifically by these cases are currently of ambiguous legal force.

Alaska

On August 22, 1972 the Alaska Right of Privacy Amendment, Amendment 3, was approved with 86% of the vote in support of the legislatively referred constitutional amendment.[30] Article I, Section 22 of Alaska's constitution states, "The right of the people to privacy is recognized and shall not be infringed. The legislature shall implement this section."[31]

California

The California Constitution articulates privacy as an inalienable right.[32]

CA SB 1386 expands on privacy law and guarantees that if a company exposes a Californian's sensitive information this exposure must be reported to the citizen. This law has inspired many states to come up with similar measures.[33]

California's "Shine the Light" law (SB 27, CA Civil Code § 1798.83), operative on January 1, 2005, outlines specific rules regarding how and when a business must disclose use of a customer's personal information and imposes civil damages for violation of the law.

California's Reader Privacy Act was passed into law in 2011.[34] The law prohibits a commercial provider of a book service, as defined, from disclosing, or being compelled to disclose, any personal information relating to a user of the book service, subject to certain exceptions. The bill would require a provider to disclose personal information of a user only if a court order has been issued, as specified, and certain other conditions have been satisfied. The bill would impose civil penalties on a provider of a book service for knowingly disclosing a user's personal information to a government entity in violation of these provisions. This law is applicable to electronic books in addition to print books.[35]

The California Privacy Rights Act created the California Privacy Protection Agency, the first data protection agency in the United States.[36][37]

Florida

Article I, §23 of the Florida Constitution states that "Every natural person has the right to be let alone and free from governmental intrusion into the person's private life except as otherwise provided herein. This section shall not be construed to limit the public's right of access to public records and meetings as provided by law."[38]

Montana

Article 2, §10 of the Montana Constitution states that "The right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest".[39]

Washington

Article 1, §7 of the Washington Constitution states that "No person shall be disturbed in his private affairs, or his home invaded, without authority of law".[40]

State privacy laws

The right to privacy is protected also by more than 600 laws in the states and by a dozen federal laws, like those protecting health and student information, also limiting electronic surveillance.[43]

"Opt-out" requirements

Several of the US federal privacy laws have substantial "opt-out" requirements, requiring that the individual specifically opt-out of commercial dissemination of personally identifiable information (PII). In some cases, an entity wishing to "share" (disseminate) information is required to provide a notice, such as a GLBA notice or a HIPAA notice, requiring individuals to specifically opt-out.[44] These "opt-out" requests may be executed either by use of forms provided by the entity collecting the data, with or without separate written requests.

See also

References

  1. "Invasion of Privacy Law & Legal Definition", US Legal. Retrieved October 17, 2013.
  2. "Right to Privacy Law & Legal Definition", US Legal. Retrieved 17 October 2013.
  3. "Results for '"the law of privacy explained"' [WorldCat.org]". www.worldcat.org. Retrieved 2019-11-05.
  4. Lazarus, David (5 January 2018). "Months after Equifax data breach, we're still no closer to privacy protections". Retrieved 6 January 2018 via LA Times.
  5. Gormley, Ken. "One hundred years of privacy". Wis. L. Rev.
  6. Solove, Daniel J., Marc Rotenberg, and Paul M. Schwartz (2006), Privacy, Information, and Technology, Aspen Publishers, pp. 9–11, ISBN 0735562458.
  7. DeCew, Judith Wagner (1997). In Pursuit of Privacy: Law, Ethics, and the Rise of Technology. Ithica, NY: Cornell University Press. p. 23. ISBN 978-0801484117.
  8. Samuel Warren and Louis D. Brandeis (1890), "The Right To Privacy", Harvard Law Review (Vol. 4, No. 193). Retrieved 17 October 2013.
  9. Mason, Alpheus Thomas (1946), Brandeis: A Free Man's Life, Viking Press, p. 70.
  10. Aljeraisy, Atheer; Barati, Masoud; Rana, Omer; Perera, Charith (2022-06-30). "Privacy Laws and Privacy by Design Schemes for the Internet of Things: A Developer's Perspective". ACM Computing Surveys. 54 (5): 1–38. doi:10.1145/3450965. ISSN 0360-0300.
  11. William Prosser (1960), "Privacy" Archived 2013-10-19 at the Wayback Machine, California Law Review (Vol 48, No. 3, pp. 383–423). Retrieved 17 October 2013.
  12. Cason v. Baskin, 20 So. 2d 243 (Fla. 1944) (note: Baskin was Rawlings' married name).
  13. "The Right to Privacy". CSE334: Introduction to Multimedia Systems. SUNY Stony Brook. Archived from the original on May 14, 2012. Retrieved October 17, 2013.
  14. Doug Stanglin (February 18, 2010). "School district accused of spying on kids via laptop webcams". USA Today. Retrieved February 19, 2010.
  15. Dietemann v. Time Inc. (9th Cir. 1971)
  16. Joey Senat (2000), "4 Common Law Privacy Torts" (archive.org, 2013).
  17. Martin, Edward C. "False Light". Cumberland School of Law, Samford University. Archived from the original on February 27, 2008.
  18. Restatement 2d of Torts § 652E (1977), The American Law Institute. Retrieved October 17, 2013.
  19. Simmons, Jack H., Donald N. Zillman, and David D. Gregory (2004) Maine Tort Law, Newark: LexisNexis, ISBN 0327163631, citing Cole v. Chandler (2000 ME 104) Archived 2013-06-21 at the Wayback Machine, 752 A.2d 1189, 1196. Retrieved October 17, 2013.
  20. Gautschi v. Maisel, 565 A.2d 1009 (Me. 1989).
  21. Kashyap, D.R; Vohra, P.K; Chopra, S.; Tewari, R. (2001-05-01). "Applications of pectinases in the commercial sector: a review". Bioresource Technology. 77 (3): 215–227. doi:10.1016/S0960-8524(00)00118-8. ISSN 0960-8524. PMID 11272008.
  22. "Fair Credit Reporting Act". Federal Trade Commission. 2013-07-19. Retrieved 2021-10-20.
  23. "A Guide to the Federal and State Data Privacy Laws in the U.S". Comparitech. 2021-07-18. Retrieved 2021-10-13.
  24. Andy Green Updated (2019-12-16). "Complete Guide to Privacy Laws in the US | Varonis". Inside Out Security. Retrieved 2021-10-13.
  25. "Children's Online Privacy Protection Rule ("COPPA")". Federal Trade Commission. 25 July 2013. Retrieved 21 March 2019.
  26. "Electronic Code of Federal Regulations". Government Publishing Office. Retrieved 21 March 2019.
  27. "Charters of Freedom – The Declaration of Independence, The Constitution, The Bill of Rights". National Archives. Retrieved October 17, 2013.
  28. Brandeis, Louis. Dissenting opinion. Olmstead v. United States. 4 June 1928. Legal Information Institute, Cornell U Law School.
  29. "Alaska Right of Privacy, Amendment". Ballotpedia. 3 August 1972. Retrieved 6 January 2018.
  30. "Alaska's Constitution". Ltgov.alaska.gov. Retrieved 6 January 2018.
  31. Cal. Const. art. I § 2
  32. "US State Privacy Laws". Protegrity. n.p., 2008. Web. October 25, 2010. Archived November 13, 2010, at the Wayback Machine
  33. Cal. Government Code § 6267
  34. "SB 602: Reader Privacy Act", Legislative Counsel's Digest, Legislative Counsel, State of California, February 17, 2011. Retrieved October 17, 2013.
  35. "The New California Privacy Protection Agency and Its Impacts on Business and Consumers". JD Supra. Retrieved 2021-10-08.
  36. "California Will Be First State With Its Own Privacy Regulator". news.bloomberglaw.com. Retrieved 2021-10-08.
  37. "Article I: Declaration of Rights, Section 23: Right of privacy". Constitution of Florida. Florida Legislature. November 5, 1968. Retrieved November 10, 2013.
  38. "Article II: Declaration of Rights, Section 10: Right of privacy". Constitution of Montana. Montana Legislative Services. March 22, 1972. Archived from the original on October 17, 2013. Retrieved October 17, 2013.
  39. "Privacy Protections in State Constitutions". National Conference of State Legislatures. 2018-11-07. Archived from the original on 2019-02-22. Retrieved 2019-03-03.
  40. Farivar, Cyrus (12 May 2015). "Cops must now get a warrant to use stingrays in Washington state". Arstechnica.com. Retrieved 31 May 2015.
  41. Sara Jean, Green (27 February 2014). "State high court upholds privacy rights on text messages, tosses out 2 drug convictions". Seattletimes.com. Retrieved 31 May 2015.
  42. Smith, Robert Ellis; Sulanowski, James (2002). Compilation of state and federal privacy laws. Providence, RI: Privacy Journal. ISBN 9780930072179. OCLC 50087291.
  43. "How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act". Federal Trade Commission. July 2, 2002.

Further reading

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.