By Jennifer Wriggins, Associate Dean for Academic Affairs & Peter Guffin, Visiting Professor of Practice
The concept of privacy has been part of Western Civilization at least as far back as the Greeks, yet it has always been and remains maddeningly difficult to define. It has numerous personal and social dimensions. There is information privacy, bodily privacy, territorial privacy and communications privacy. Privacy issues, and the individual and societal values they reflect, including human dignity and self-determination, are multi-faceted and ever-changing.
Changes in our conception of privacy, and the rules and norms society creates to regulate privacy, can be directly linked to developments in technology. For example, the influential 1890 law review article, “The Right of Privacy”, by Warren and Brandeis, which defined privacy as “the right to be left alone,” was a response to the intrusion into an individual’s personal life and affairs which was made possible by the invention of the portable camera and flexible film. That article laid the foundation for development of the common law privacy torts in the U.S. during the 20th century.
The modern era of information privacy law may be traced to Allan Westin’s 1967 book, Privacy and Freedom. Prof. Westin presciently saw that mainframe computers would lead to the gathering of huge amounts of personal information stored in those computers, at that time mostly owned by the government. He developed the framework of individual control of personal information (known as the Fair Information Privacy Principles) that is the inspiration for many laws we live by today—when you go to a doctor’s office and sign forms under HIPAA, or when companies send you notice of their privacy practices, that is the framework developed by Prof. Westin.
But the world and technology have changed much since 1967. Computers are now connected world-wide, and private businesses like Google and Apple may know more about us than the government does. The internet of things changes our concept even of what a ‘thing’ is. People share much more information on computers than ever before. When online information about individuals is appropriated and used by others, it is called ‘identity theft,’ even though the person whose information is stolen presumably has the same underlying identity as before the theft. Behavioral psychology has learned much about human decision making that is used for profit by private companies through the web. A legal response to hacking is breach notification laws, first passed in California in 2003 and now widespread. But legal responses to privacy rights and freedoms struggle to keep up with technological change and human ingenuity.
As more and more of our personal information is gathered and processed by technology, our concepts of privacy develop, morph and are contested. One example: Cars and data recorders. Before data recorders in cars, most drivers would not have thought to argue that their actual driving habits and behaviors raised any serious privacy issues. Driving takes place in public, it is not a private activity. Yet detailed information gathered by data recorders that are now standard equipment in many cars, and its use and potential use in criminal prosecutions and insurance pricing, have led many to argue that some aspects of public driving are in fact private.
Information privacy law inhabits this space. Privacy legal theories and frameworks, deeply rooted in history and culture, are constantly being challenged, as technology and people change. Societal rules and norms regulating privacy also vary from continent to continent. The “right to be forgotten” principle enshrined in EU privacy law, but considered very controversial in the U.S., is just one example. There are many more. With economic globalization, however, we may see increased harmonization among different privacy legal regimes around the world. Stay tuned as the privacy landscape shifts around us.