United States and Europe: Still an Ocean Apart When It Comes to Privacy Concerns

by Matthew L. Schafer

Keg stands; beer bongs; just bad judgment in general is out there for everyone to see.  Indeed, your information has found a home in the digital cloud – on Twitter and Facebook; Flickr and Youtube.  For many, that cloud, while convenient in too many ways to explain, has turned into something of an inconvenient rain cloud, following them anywhere they go.

Privacy is an old concept, but this is a new problem.  While ink used to fade from yellowing papers collecting dust in old courthouses or in the back of a forgotten desk drawer, today there is no ink – there are only the indelible 0’s and 1’s of the Internet.

This state of affairs has launched a fury of debate about whether Internet users must suffer the side effects of the downpour of private information, or whether people should be able to keep their private life, well, private.

How to confront privacy online is an especially problematic issue, because online privacy concerns reach across legal jurisdictions from London to Beijing, from New York to Buenos Aires.  This global characteristic inflames debates about Internet privacy, because not all countries agree on the extent of individual privacy and whether privacy should yield to other competing norms.

Flickr/Dave Makes

In France, for example, personal privacy is viewed as a right inherent in every person.  Privacy is a personality right, a dignity interest.  Article 8 of the French Civil Code protects this right: “[T]he court may prescribe any measures . . . appropriate to prevent or put an end to an invasion of personal privacy.”

As one of my French friends explained when I asked about France’s protective stance on privacy, “French psyche developed an absolutely boundless admiration for the Résistance [during World War II], and by extension a certain defiance to being listed in government databases, or having any kind of organisation looking into your life too closely, and an affection for the underdog in larger conflicts.”

The rest of continental Europe holds a similar stance on privacy.  Germany, for example, expansively defines privacy, “[German citizens] have the right to a private, secret, intimate sphere of life . . . , to personal honor and the rightful portrayal of one’s own person, to one’s own image and spoken word, and under certain circumstances, the right not to have statements falsely attributed to oneself.”

Article 8 of the European Convention on Human Rights reads, “Everyone has the right to respect for his private and family life, his home and his correspondence.”  Similarly, as Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship noted, “The protection of personal data is a fundamental right for all Europeans.”

In the United States, however, privacy is interpreted much more narrowly.  First, the right was originally tethered to property as opposed to one’s personality.  Simply, a man’s privacy existed within his castle.  Second, even if privacy extended beyond one’s castle, it nonetheless was limited by First Amendment protections for freedom of speech and of the press.

This conception was quite narrow and led Warren and Brandeis to advocate for an expansion of the privacy right: “[A privacy right should] be invoked to protect the privacy of the individual from invasion either by the too enterprising press, the photographer, or the possessor of any other modern device for rewording or reproducing scenes or sounds.”

Warren and Brandeis’s appeal would not fall on deaf ears.  In the last half of the twentieth century, the Court expanded the definition of privacy, defining it, in the context of searches and seizures, for example, as whether one had a reasonable expectation of privacy in the thing invaded.  Because the Court defined privacy according to the “reasonableness” of the expectation, that rule is necessarily fluid and, therefore, subject to change as society becomes used to new technologies, for example.

Thus, some technologists and tech entrepreneurs have argued that the world community should simply adapt to the era of lower expectations of privacy – Privacy Lite, in tech terminology.  As Facebook founder Mark Zuckerberg has said, “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.  That social norm is just something that has evolved over time.”

Said another way, as United States citizens become used to posting their feelings, seeing their pictures uploaded online by friends, compiling blogs on their travels, and being recorded at a second’s notice, a reasonable expectation of privacy becomes a smaller and smaller portion of citizens’ daily lives.

Said another way, as United States citizens become used to posting their feelings, seeing their pictures uploaded online by friends, compiling blogs on their travels, and being recorded at a second’s notice, a reasonable expectation of privacy becomes a smaller and smaller portion of citizens’ daily lives.

Earlier this year, the European Union began to push back against this quasi-forced technological understanding of privacy by proposing a new regulation.  In this rule that would apply to all EU countries, Internet service providers would, among other things, have to give in to a user’s “right to be forgotten.”

As the European Commission describes it, under the right, “people will be able to delete their [online] data if there are no legitimate grounds for retaining it.”  At bottom, under the law, individuals could demand that websites remove any information relating to the individual.  If the website refuses, it could be subject to damages.

First off, the name alone is excellent.  At first blush, the right is attractive, especially to people who have lost their jobs as a result of a certain photograph on Facebook or suffered embarrassment from a video posted to Youtube.  Certainly, why shouldn’t someone have the right to control his or her likeness online?  Why shouldn’t someone have a right to be forgotten?  Of course, however, it is not this simple.

“At the very least, Facebook will have to engage in the kinds of difficult line-drawing exercises previously performed by courts,” Jeffrey Rosen recently wrote of the regulation.  “And the prospect of ruinous monetary sanctions for any data controller that ‘does not comply with the right to be forgotten or to erasure’—a fine up to 1,000,000 euros or up to two percent of Facebook’s annual worldwide income—could lead data controllers to opt for deletion in ambiguous cases, producing a serious chilling effect.”

As a legal matter, it is also unclear how the EU laws would be enforceable against United States companies that do not have any assets in the EU.  Frankly, no one really knows how this law or its enforcement will look in the future, and for that reason it has rightly caused alarm among many.

While any law requiring companies to erase information smacks of censorship, many would likely agree that the reason for the law – privacy – is a valid one.  As of now, it is unclear whether the EU is attempting to vindicate this right with a hammer or a scalpel though.

What is clear, however, is that people, even Americans, are becoming increasingly concerned about their online privacy (an oxymoron?).  Perhaps it is the horror stories of long ago and regrettable actions coming back to digitally haunt their actors or maybe it is simply a long last realization about how far Americans have gone in voluntarily giving up their privacy.

While the United States law surely is not as protective of privacy as privacy laws in Europe, if one takes a gander at Supreme Court privacy decisions, privacy concerns are lurking and real.

In one context, the Court explained, “the fact that ‘an event is not wholly ‘private’ does not mean that an individual has no interest in limiting disclosure or dissemination of the information.’”  Perhaps most poignantly, Justice Sotomayor recently noted,

[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.  This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.  People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, . . . some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “diminution of privacy” as “inevitable,” and perhaps not.

Privacy concerns are real and the future of privacy has yet to be mapped out with any real certainty.  Even if the EU law is not the most efficient or effective way to address these concerns or guide the development of future privacy laws and regulations, it is, at the very least, bringing privacy concerns to the forefront of the discussion.  And, if nothing else, that in and of itself is a good thing.


About Matthew L. Schafer

Matthew L. Schafer graduated from the University of Illinois in 2009 with a Bachelor of Science in Media Studies. He later attended Louisiana State University’s Manship School of Mass Communication where he earned a Masters of Mass Communication and Georgetown University Law Center where he earned his J.D.
This entry was posted in Privacy and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s