A Lawyer’s Guide to Privacy in America
As part of Internet Privacy Week, Namecheap is bringing you a number of articles that examine privacy issues.
In this article we go to the heart of the matter, exploring what privacy means (in a legal context) and what laws exist in the US to protect citizens from unlawful breaches of privacy.
What is Privacy?
We all know to shut the door, draw the curtains, or find a secluded spot if we want to get some privacy in our lives. But the legal definition of privacy is, at its core, a much more complicated legal concept.
Privacy law can be very roughly divided into three categories:
- Privacy from government intrusion on a person’s privacy or regulation of private activity.
- Privacy from the public, or the right of individuals to be free from publication of defamatory or embarrassing information.
- Privacy of information, which limits the availability of personal information to the public.
One under-recognized aspect of privacy is the “right to be forgotten.” This refers to the removal of personal information from the public sphere (particularly the Internet) that no longer accurately represents a person. The United States has been slow to acknowledge this crucial facet of information security, but is gaining ground in the European Union and other countries.
Most of our online privacy relies on private entities, such as Internet Service Providers. As we’ll discuss later, these business’ Terms of Service (TOS), privacy policies, and end-user license agreements (EULAs) are often just as important as privacy laws, if not more so, in protecting your data.
First, we’ll talk about what is protected by law.
Privacy from the government
The Fourth Amendment to the U.S. Constitution guards against “unreasonable searches and seizures.” Police must obtain a warrant before searching a person or their property, but the U.S. Supreme Court has identified multiple exceptions to this requirement.
A key factor in this determination is whether or not a person has a “reasonable expectation of privacy” in the place that police want to search. Courts are currently working out exactly when and where a person has a reasonable expectation of privacy for information stored online.
The “right to privacy” relates to the government’s power to intrude into people’s private lives. One of the most well-known Supreme Court rulings of recent years relating to the right to privacy was Lawrence v. Texas in 2003, which struck down a state law prohibiting certain bedroom activities between certain consenting adults.
Privacy from the public
People also have the right to be free from excessive intrusions on their privacy by non-government entities. Typically, they can enforce this right through civil lawsuits, although the criminal justice system may intervene in extreme cases such as:
- Invasion of privacy
A person can recover damages for the publication, without their consent, of information that a reasonable person would consider private. Hulk Hogan’s recent lawsuit against Gawker Media over the company’s release of a “sex tape” is one example.
The First Amendment right to freedom of speech does not extend to those knowingly making false statements about someone.
Some invasions of privacy could result in criminal penalties. Many states have enacted laws regarding the use of cell phone cameras to photograph people in intimate settings without their consent.
Privacy of information
Privacy laws protect certain types of information:
- The Privacy Act of 1974
This act regulates the use of federal government records. States have passed similar laws for state and local government records. These laws restrict access to public records containing personal information such as addresses, dates of birth, and Social Security numbers.
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
This law requires medical service providers to protect patient privacy by safeguarding their medical records. Similar laws protect the privacy of financial and educational records. Whoever has custody of these records can use them in the ordinary course of their business, but cannot disclose them to others without permission, or use them for personal gain.
But here’s where your protection starts to get a little less robust. Information stored electronically is effectively protected by laws regarding unauthorized access (“hacking”, etc.) to computer systems.
It’s important to understand here that the laws in this case do not protect the information itself, but instead prohibit the method of obtaining the information.
Non-legal duties to protect privacy
Believe it or not, Internet service providers have no specific legal duty to their customers to keep their information private. They are bound only by their own TOS and EULAs. Customers should therefore be aware of the potential ways in which their information might be used (or misused) by a certain service or company.
Most legitimate businesses will not only carefully protect the information entrusted to them, they will also be responsible for maintaining the privacy of this information. This includes compensating victims of data breaches, such as consumers who are made vulnerable to identity theft and other cyber crimes when their financial data is compromised.
Companies should also stand up to government overreach regarding surveillance and access to communications data, as we saw in Apple’s refusal to comply with far-reaching subpoenas.
Knowledge is power. Get the facts about your privacy rights online.
October 18-24 is Internet Privacy Week – an entire week dedicated to raising awareness about threats to consumer data and privacy. Join us in supporting an Internet Privacy Bill of Rights.
David C. Wells is an Austin, Texas-based writer and blogger. He was a lawyer for nine years, and while he no longer practices law, the experience helped make him a better writer. Also, he still sometimes gets to play a lawyer on the internet. David is also a dog caretaker, an improviser and actor, an avid comic book reader, and a proud husband.