Protecting the Right to Privacy in the Twenty-First Century

i Jun 20th No Comments by

Privacy is the state of being alone.  Therefore, having the right to privacy means having the choice to be left alone.  However, in recent years, privacy and more specifically, the right to privacy has taken on new meaning.  In the past, privacy was about being left alone in the physical sense.  It was about individuals having the right to physically shut a door to achieve privacy.  It was about having a right to protect oneself from physical abuse or assault.  Laws were enacted to protect against these notions of privacy.

With the advent of modern technology, the right to privacy is being challenged by new and invisible threats.  Instead of threatening individuals’ physical right to be left alone, modern technology is taking on individuals’ intangible rights, including the right to protect ones’ own reputation, personal information and emotional well-being.  Addressing how to protect intangible rights has proven complicated.  For one, intangible rights must be balanced by other rights, such as the freedom of speech.  In addition, technology remains ever changing and it is difficult to legislate preemptively against new threats to privacy.

That being said, for the most part, legislators have chosen to address modern threats to privacy as if intangible rights could be protected the same way as physical rights.  For example, laws such as HIPPA and FERPA, place emphasis on preventing access to individuals’ private information.  These types of laws are the prodigy of how legislators have traditionally protected privacy, by shutting the door to those who would want to breach a person’s confidential information.  The seemingly everyday announcement of a new privacy breach is proof that intangible information is not so easily protectable.  While access restrictions serve an important purpose for protecting privacy, such laws are insufficient provided modern realities.  Accordingly, politicians need to reevaluate how privacy is being legislated.  The Privacy Initiative of New Jersey believes in three principles that should be considered when debating privacy legislation: use limitation, victim empowerment and the use of technology to solve privacy abuses.

Use Limitation

It is undeniable that the term data breach is becoming part of the American lexicon.  The dangers or harms associated by data breaches could be eliminated or diminished if the government and private enterprise were prevented from utilizing common personal identifiers.  For example, social security numbers is required for a wide variety of purposes, from conducting personal banking to filing tax returns to gaining access to medical records.  Therefore, when a social security number is breached, third-parties can potentially utilize an individual’s social security number to gain access to a wealth of a person’s information.  Many of the harms associated with data breaches can be prevented if personal identifiers could not be used across multiple platforms.  While using the Internet, people are told not to use the same password for every website.  This advice makes logical sense.  However, the same advice is not being incorporated into how banks, insurance companies, governments and other entities identify individuals.  This needs to change and use limitation principles must be incorporated into legislation to prevent the harms associated by data breaches.

Victim Empowerment

When someone is victimized by a privacy breach, it is critical for that person to have the resources to address and remedy any resultant harms.  Too often, victims of modern privacy breaches, including for example, online defamation, online harassment and/or cyber-impersonation, are left feeling helpless and frustrated.   This should not be and need not be the case and laws should be created to empower victims of privacy abuses.  One way to empower victims is to ensure that victims can turn to informed and knowledgeable law enforcement personnel who have the resources to locate online abusers and bring them to justice.  Another example of legislation that would empower victims of modern privacy abuses would be to make it easier for victims of privacy crimes to achieve anonymity.  Victims of privacy crimes, such as stalking or harassment, may have a legitimate need to hide their location information out concern for their personal safety. Currently, it is difficult to achieve anonymity as a result of online data brokers and public record laws.  By expanding address confidentiality programs, victims of privacy crimes would be able to assert their Right to Privacy and achieve the peace of mind they deserve.

Encourage Technological Solutions

Modern technology is just as a much a tool for protecting privacy as it is a weapon to cause privacy abuses.  That being said, legislators should not afraid to utilize technology for solving privacy concerns.  For example, the issue of online data brokers has gained recent attention.  Online data brokers now collect a wealth of personal information about each American and distribute this information over the Internet.  Ironically, data brokers often possess and distribute the same information that would be subject to notification when a company experiences a security breach.

Legislation has been introduced in Congress to address Data Brokers, including the Data Broker Accountability and Transparency Act.  The proposed bill would require that data brokers establish procedures to ensure the accuracy of the information it collects and provide access to consumers to review information collected about them.  In addition, the law would allow consumers to opt-out of having their information use for marketing purposes and calls for the establishment of a central website that would list data brokers subject to the law.  The Data Broker Accountability and Transparency Act could be improved by using technology to create a Do-Not Collect Registry patterned on the Do-Not Call Registry.  In that case, technology would both be the source of the problem (data brokers) and the solution to the problem (Do-Not Collect Registry).

In the modern Age, privacy is increasingly important but harder to achieve.  Other privacy organizations are typically subject driven, focusing on for example, government surveillance, data rights or revenge porn.  The Privacy Initiative is result focused.  It is the ultimate goal of the Privacy Initiative to ensure the Right to Privacy can still be achieved in the twenty-first century.