Archives

Neil M. Richards, Data Privacy and the Right to be Forgotten after Sorrell

By privacylaw | Posted on

Neil M. Richards, Data Privacy and the Right to be Forgotten after Sorrell

Comment by: Lauren Gelman

PLSC 2013

Workshop draft abstract:

This paper takes on the argument that the First Amendment also bars the government from regulating some or all of the commercial trade in personal information.  This argument had some success in the federal appellate courts in the 1990s and 2000s, and the Supreme Court seems to have recently embraced it.  In the 2011 case of Sorrell v. IMS, the Court held that the First Amendment prohibited a state from regulating the use of doctor’s prescribing data for marketing purposes.  These cases present the issue of whether the sale of commercial data is “free speech” or not, and the consequences of this decision for consumers and citizens.  But what is really at stake in Sorrell and in the cases which will inevitably follow it are two very different conceptions of our Information Society.  From the perspective of the First Amendment critics (and possibly a majority of the Roberts Court), flows of commercial information are truthful speech protected by the First Amendment.  This argument has received a boost from the Court’s decision in Sorrell and from the poorly-named and articulated “Right to Be Forgotten” that is on the rise in European data protection circles.  By contrast, privacy scholars and activists have often failed to explain why privacy is worth protecting in these cases, particularly in the face of the constitutional arguments on the other side.

Building on my earlier work on this important question, I argue that the First Amendment critique of data privacy law is largely unpersuasive.  While the First Amendment critique of the privacy torts and some broad versions of the Right to Be Forgotten do threaten important First Amendment interests, the broader First Amendment critique of data privacy protections for consumers does not.  Unlike news articles, blog posts, or even gossip, which are expressive speech by human beings, the commercial trade in personal data uses information as a commodity traded from one computer to another.  The data trade is much more commercial than expressive, and the Supreme Court has long held for good reason that the sale of information is commercial activity that receives very little First Amendment protection.  We must keep faith with this tradition in our law rather than abandoning it.  Moreover, I will show how a more modest form of the Right to be Forgotten can be protected consistent with the First Amendment, and even with Sorrell.  But I argue that we should rethink our use of the general term “privacy” to deal with the commercial trade in personal information.  The use of “privacy” connotes tort-centered notions protecting against extreme emotional harm – a model that poorly tracks the modern trade in personal information, which gives opponents of consumer data protection unnecessary ammunition.  A better way to understand the consumer issues raised by the trade in personal information is the European concept of “data protection,” or perhaps just “data privacy.”  Putting the old tort-focused conception of anti-disclosure away allows us to better understand the problem, and can suggest better solutions.  The regulation of data privacy should focus on managing the flows of commercial personal information and allowing greater consumer input into decisions made on the basis of data about them.

But however we as a society choose to regulate data flows, we should be able to choose.  We should not be sidetracked by misleading First Amendment arguments, because the costs of not regulating the trade in commercial data are significant.  As we enter the Information Age, where the trade in information is a multi-billion dollar industry, government should be able to regulate the huge flows of personal information, as well as the uses to which this information can be put.  At the dawn of the Industrial Age, businesses interests persuaded the Supreme Court in the Lochner case that the freedom of contract should immunize them from regulation.  I explain how and why we should reject the calls of First Amendment critics for a kind of digital Lochner for personal information. It shows how we can have consumer protection law in the Information Age without sacrificing meaningful free speech.

(This paper is an adaptation for PLSC of portions of Chapters 5 and 11 of my forthcoming book, Intellectual Privacy: Rethinking Civil Liberties in the Information Age (forthcoming Oxford University Press 2014)).

Neil Richards, Social Reading and Intellectual Privacy

By privacylaw | Posted on

Neil Richards, Social Reading and Intellectual Privacy

Comment by: Tommy Crocker

PLSC 2012

Workshop draft abstract:

This article deals with the overlooked privacy and media law implications of one of our most important new technologies – electronic reading.  I will examine the importance of privacy protections to the new modes of electronic reading, and the need for intellectual privacy protection of reading habits in order to ensure a robust and free culture of public debate.  I will show how recent radical developments in reading technologies and social media have unsettled many long-standing norms of intellectual privacy, and that legal and technological regulation of reader privacy in particular is necessary to preserve the vital civil liberties at stake. The article builds on my prior work on intellectual privacy, and is part of a larger project I have been working on for several years about the relationships between free speech and privacy, and how we should rethink our approach to these values in media and information law.

The generation of ideas frequently depends on access to the ideas of others who have come before, as intellectual property scholarship has shown in detail.  In a free society, access to new ideas (whether we agree with them or not) requires the ability to read widely and without constraint.  Oversight or interference with our reading habits can curtail our willingness to read freely and to experiment with ideas that others might think deviant, laughable, or embarrassing.  But the right to read has been underappreciated and under-theorized.

At the same time, the right to read is increasingly under threat in the modern age of networked communications and access to information. In terms of making information and ideas broadly available, the Internet has opened up new horizons of access, on a scale that is unprecedented in human history.  Moreover, the rise of laptops, smart phones, tablets, and electronic books means that more and more of what we read is being mediated by digital technologies.  But these technologies have a potential dark side: while they open up new opportunities to read and interact with new ideas, they also create records of reading habits and intellectual explorations.  For instance, Amazon maintains records not just of the books its users buy, but also the books they don’t, and the pages they browse.  The Kindle website allows anyone to view the most-read passages on Kindle readers from automatically collected data on reading habits.  And Facebook wants to become not just a media platform, but a social media platform, with all of our media consumption shared by default to everyone we know.

While companies sometimes claim they will respect the confidentiality of such records, in reality these records are subject to a very low level of legal protection.  Moreover, other legal requirements such as copyright and child protection laws mandate a logic of surveillance that can become highly intrusive.  Thus, the DMCA requires the unmasking of anonymous users in order to protect copyright holders from infringement.  And in order to protect children from adult content, users of Youtube.com who wish to access content flagged as indecent must register with YouTube and create accounts that allow even greater surveillance and identification of their viewing habits.  This creates the irony of greater intellectual privacy protections for users who read and view only the non-objectionable content, and creates a chill on the unfettered right to read anonymously.

In this article, I will show that many of the answers to these pressing problems of modern technology can be found in an unlikely source – in the professional and legal norms of librarians.  Librarians were the original information stewards – a paper version of the Internet in the pre-electronic era.  The norms of reader privacy and patron confidentiality developed by the American Library Association can point the way to a better understanding of reader privacy in the digital age – striking the balance between open access to ideas, and the privacy necessary to engage with those ideas on our own terms.  It may seem paradoxical the solution to such modern problems can be found in such a dusty old source, but in reality this shows the timelessness and importance of the vital civil liberties that are at stake.

Sandra Petronio, Privacy Perils: Deciding to Disclose or Protect Confidentialities

By privacylaw | Posted on

Sandra Petronio, Privacy Perils: Deciding to Disclose or Protect Confidentialities

Comment by: Neil Richards

PLSC 2011

Workshop draft abstract:

Privacy is not only a legal matter; it is a matter of human behavior.  Humans manage private information in a systematic, yet complicated manner (Petronio, 2002). Consequently, on the surface, the process may appear straightforward. However, when someone discloses private information to a confidant, a great deal may happen between the individuals before, as, and after that disclosure occurs. The individual making the disclosure may have chosen the confidant because there is a level of trust upon which that the person can depend. The discloser may assume that the confidant will likely abide by his or her “rules,” even if implicit, regarding protecting or revealing the disclosed information to a third party. Often, these assumptions a discloser makes are typically more ideal than real. With a few exceptions, the more realistic outcome tends to be less clear-cut and more complicated (Petronio & Reierson, 2009).  Using a Communication Privacy Management (CPM) theoretical approach, this paper explores the “problematics” found with the confidant’s role (Petronio, 2002). At issue is how privacy is managed by recipients and the impact that serving as a confidant has on the individual recipient.  CPM theory argues that when people become confidants, they are considered co-owners of the information and therefore have a fiduciary responsibility to abide by the privacy rules the original owner wants them to use.

The confidant, at times, faces ambiguities because original owners may not state the expectations they have regarding how confidants should regulate their information. The role of confidant, especially in professions such as medicine, is often multifaceted. The dilemmas that health providers encounter, while not exclusive to medicine, illustrate the perils that confidants can face. Often physicians must weigh the risks and benefits of breaching confidences to meet best practices for the patient. Further, ambiguities may exist surrounding the legitimacy of seeking pertinent information from a family member. The physician may attempt to identify the best treatment plan or home care options but become hampered by the inability to obtain authorization from the patient to discuss the possibilities with family members. Even more complicated may be situations where patients deny authorization to discuss end-of-life options with family members. Then, subsequently the patient loses physical or mental capacity to change that decision leaving the physician to cope with family members who disagreed with the patient’s choices. Legally, the physician is bound to follow the specified choices of the patient if the documents identifying choice are present. Yet, families often believe they have rights to a member’s private information and control to over-rule decisions a member makes that appear to be no longer functional. Physicians are bound by confidentiality and may not be able to reveal the reasons for the patient’s choices. These obligations protect the patient but the physician, as confidant, must navigate the family’s demands for a rationale explaining the patient’s choices.

The challenging role of confidant that physicians encounter may also take a toll on them personally. Acutely difficult situations can exist when physicians must disclose bad news, including revealing medical mistakes to patients and their families. In these cases, physicians must disclose information that technically belongs to the patient. While the information is private to the patient, the physician controls the flow of the patient’s information. The physician must tell patients about something unknown and potentially anxiety producing. Physicians are the keepers and bearers of bad news in their role as confidants. While physicians understand their obligations to the patient, they are also challenged in determining the balance between hope and honesty regarding the health outcomes for the patient. In some cases, physicians opt to err on the side of hope which may mean the patients do not receive a timely or effective disclosure of information related to their own case. In hospice care, for example, the challenges are many on this point. The confidant role for physicians often requires them to carry the burden of someone else’s information that can simultaneously heighten their sense of responsibility and negatively affect them emotionally. Managing this dual role of responsibility to others and impact it has on the physicians is especially evident in disclosing medical mistakes.  The tension between having to reveal an event that is apt to feel like a threat to personal reputation and recognizing the patient’s rights of ownership clearly illustrates the often perilous nature of a confidant’s role for physicians.

While the legal parameters and responsibilities of physicians to patients may seem more clear-cut, the decisions guiding the communicative nature of revealing or protecting private medical information and the role of confidant seems much less clear in day-to-day interactions.

Peter Winn, History of the Law of Privacy in the 16th & 17th Century

By privacylaw | Posted on

Peter Winn, History of the Law of Privacy in the 16th & 17th Century

Comment by: Neil Richards

PLSC 2010

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1534309

Workshop draft abstract:

The origin of a legal right to privacy is usually traced to the late 19th Century when an article of the same name appeared in the Harvard Law Review by Charles Warren and Louis Brandeis. The belief that a legal right of privacy did not exist before Warren and Brandeis appears to have led many “originalists” to argue that no such right is to be found in the U.S. Constitution — and that claims by the Court in Griswold that there exists a right of privacy “older than the Bill of Rights,” are anachronistic and absurd. Recently, however, several prominent social historians have traced, beginning in the 16th Century, an increasing appreciation of the value of individual privacy in many different areas of European culture. The increased social importance of privacy is reflected by changes in religious practices, in artistic expression, in understandings of sexuality, in eating habits, in architecture, and in clothing. Paralleling these social developments are legal debates beginning in the early 16th Century, and rulings by common law Courts beginning in the 17th Century, challenging the practice of inquisitorial courts to compel an accused person to testify against himself; the investigational use of torture; and the prosecution of individuals based on heretical or treasonous thoughts. At the same time, judges begin to place increasing limits on the ability of state officials to search private homes for evidence. By the middle of the 18th century, as the concept of a sphere of privacy becomes widely recognized in society, one finds a scholar like Blackstone treating as settled law the idea that “private vices” and “particular modes of belief or unbelief” are beyond the jurisdiction of the magistrate to punish. More generally in Blackstone’s work, one can see the concept of privacy developed as an integral part of his concept of liberty. Blackstone’s concept of liberty in turn bears a surprisingly close relationship to the notion of “ordered liberty,” which was developed in late 20th Century Supreme Court decisions, placing Constitutional limits on the power of the state to intrude into the private lives of individuals.

Neil Richards, Brandeis, Privacy, and Speech

By privacylaw | Posted on

Neil Richards, Brandeis, Privacy, and Speech

Comment by: Andrew Taslitz

PLSC 2010

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1584831

Workshop draft abstract:

Although most courts and commentators assume that privacy and free speech are in conflict, in American jurisprudence, each of these traditions can be traced back to writings by Louis D. Brandeis – his 1890 Harvard Law Review article “The Right to Privacy” and his 1927 dissent in Whitney v. California.  How can privacy and speech be irreconcilable if Brandeis played a major role in creating both?  And how, if at all, did Brandeis recognize or address these tensions?  These questions have remained neglected not just by privacy scholars, but by those of Brandeis and free speech as well.  In this paper, I argue that the puzzle of Brandeis’ views on privacy and speech can be resolved, and that its resolution points the way towards a more fruitful and helpful understanding of both privacy and free speech.  My basic claim is that “The Right to Privacy” should be considered neither the central text of American privacy law nor an accurate record of Brandeis’ mature views of privacy and its relationship with free speech.  Brandeis’ views on privacy and speech evolved over the course of his life, from a relatively simplistic theory of privacy at the expense of speech as a young lawyer to a more nuanced understanding of the complex relationships between these two values later in his life.  Unlike tort privacy, which Brandeis seems to have thought about infrequently, a more important hallmark of Brandeis’ public career was the contradictory idea that public disclosure of many kinds of fraud and wrongdoing are in the public interest.  As he famously put it, “sunlight is the best disinfectant.”  In understanding Brandeis’ entire body of work, the best interpretation of his mature views on civil liberties is that we should minimize the importance of tort privacy where it conflicts with free speech.  But to minimize tort privacy is not to suppress it altogether.  A consideration of Brandeis’ free speech writings in light of Olmstead, also written late in his life, suggests some interesting ways in which privacy and First Amendment values are related in the generation of new ideas and the freedom of thought.  Although prior scholarship on Brandeis has overlooked these interesting connections, they suggest some tremendously important implications for modern understandings of our civil liberties.

Neil Richards, Intellectual Privacy

By privacylaw | Posted on

Neil Richards, Intellectual Privacy

Comment by: Neil Richards

PLSC 2008

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1108268

Workshop draft abstract:

This paper is about intellectual privacy – the protection of records of our intellectual activities – and how legal protection of these records is essential to the First Amendment values of free thought and expression. We often think of privacy rules being in tension with the First Amendment, but protection of intellectual privacy is different. Intellectual privacy is vital to a robust culture of free expression, as it safeguards the integrity of our intellectual activities by shielding them from the unwanted gaze or interference of others. If we want to have something interesting to say in public, we need to pay attention to the freedom to develop new ideas in private. Free speech thus depends upon a meaningful level of intellectual privacy, one that is threatened by the widespread distribution of electronic records of our intellectual activities.

My argument proceeds in three steps. First, I locate intellectual privacy within First Amendment theory and show their consistency despite the fact that traditional metaphors for why we protect speech direct our attention to other problems. Second, I offer a normative theory of intellectual privacy that begins with the freedom of thought and radiates outwards to justify protection for spatial privacy, the right to read, and the confidentiality of communications. Third, I examine four recent disputes about intellectual records and show how a greater appreciation for intellectual privacy illuminates the latent First Amendment issues in these disputes and suggests different solutions to them that better respect our traditions of cognitive and intellectual freedom.

Daniel Solove & Neil Richards, Rethinking Free Speech and Civil Liability

By privacylaw | Posted on

Daniel Solove & Neil Richards, Rethinking Free Speech and Civil Liability

Comment by: Raymond Ku

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1355662

Workshop draft abstract:

One of the most important and unresolved quandaries of First Amendment jurisprudence involves when civil liability for speech will trigger First Amendment protections.  When speech results in civil liability, two starkly opposing rules are potentially applicable.  Since New York Times v. Sullivan, the First Amendment requires heightened protection against tort liability for speech, such as defamation and invasion of privacy.  But in other contexts involving civil liability for speech, the First Amendment provides virtually no protection.  According to Cohen v. Cowles, there is no First Amendment scrutiny for speech restricted by promissory estoppel and contract.  The First Amendment rarely requires scrutiny when property rules limit speech.

Both of these rules are widely-accepted.  However, there is a major problem – in a large range of situations, the rules collide.   Tort, contract, and property law overlap significantly, so formalistic distinctions between areas of law will not adequately resolve when the First Amendment should apply to civil liability.  Surprisingly, few scholars and jurists have recognized or grappled with this problem.

The conflict between the two rules is vividly illustrated by the law of confidentiality.  People routinely assume express or implied duties not to disclose another’s personal information.  Does the First Amendment apply to these duties of confidentiality?  Should it?  More generally, in cases where speech results in civil liability, which rule should apply, and when?  The law currently fails to provide a coherent test and rationale for when the Sullivan or Cohen rule should govern. In this article, Professors Daniel J. Solove and Neil M. Richards contend that the existing doctrine and theories are inadequate to resolve this conflict.  They propose a new theory, one that focuses on the nature of the government power involved.