Let's talk about privacy

Brad Frazer, The Daily Record Newswire

Everyone seems to be concerned about privacy these days, and rightly so. There is much talk about identity theft and cell phone hacking and cameras in hotel rooms and naughty celebrity videos and websites like Gawker and TheDirty. All of this relates, generally, to the notion of “privacy,” a concept that with the advent of the Internet has taken on multiple layers of complexity.
Back in the old days, it was not even completely clear if you had a right to privacy. There were a few statutes and a little bit of case law, but because it was actually kind of hard to “peep” into someone’s private life (absent all of today’s technology), privacy was a thing about which most courts were not greatly concerned. They were more concerned about keeping the railroads running and protecting the oil barons.

But now, your privacy, whether it be a real or merely an imagined right, can be violated in multiple ways. Remember that the word “violated” assumes you have a right to privacy. You may not, and you certainly do not in all circumstances. Even today there is no overarching federal or state law that says you have an absolute right to privacy when you are not in public view.

I like to contrast “privacy” with “data security.” They are related, but I think they are different legal concepts. “Data security” connotes the ability to stop someone from hacking into the servers at Target and stealing your social security number and address. That is certainly a crime, and a whole body of law has evolved to address such facts. In my view, “privacy” is more akin to your legal standing when someone places an unflattering photo or video of you on the Internet. Or, uses an email address you provided to a website to send you spam.

Yes, there are a few laws that deal specifically with “privacy,” but they are generally very narrowly tailored to particular facts. For example, the California Online Privacy Protection Act of 2003 requires that websites that collect personally identifiable information have a conspicuous privacy policy. HIPAA, a federal law, deals with the privacy of your personal health information, but not every business is covered by HIPAA. Gramm-Leach-Bliley is another federal privacy law, but it only covers certain financial institutions and related data. COPPA is a federal law that governs how websites directed to children 13 years of age and under must protect the personal information of those children. FERPA is a federal law that protects certain types of public school educational records. Even the seemingly aptly titled federal Privacy Act of 1974 is limited in scope, acting to constrain only federal agencies from disclosure of personal information.
None of these come right out an create a statutory right of privacy on all facts.

Most states have a so-called “common-law” right of privacy, part of the general family of tort law, but most of those theories are not well suited to protecting simple personal information, like an email address or a photo. Note that even in the recent and much-vaunted Hulk Hogan v. Gawker case, the jury’s damages award was based in large part on Hulk’s emotional distress, not a particular right of privacy violation.

So in general, for today, your ability to protect your privacy is principally a matter of contract law. Yes, you can try in each case to invoke a federal or state privacy law, or a state tort law, but as mentioned, those are all fairly narrowly tailored remedies. This means that when feel your privacy has been compromised, look to see if you can find a contact between you and the person who committed the unpermitted disclosure. This is why the often-overlooked website privacy policy is so important. Before you commit personal information to a website, read the privacy policy to see what they can do with it. Can they sell it? Can they re-post pictures you upload? Using a contract, if you can find one, is better than trying to rely on a statute or a common-law theory that is likely not fully applicable. Of course, if a hack has occurred, that is a different issue, and remedies for a data breach may also be available.


Brad Frazer is a partner at Hawley Troxell where he practices Internet and intellectual property law. He is a published novelist (look for “Bradlee Frazer” at www.diversionbooks. com), frequent speaker and regular author of Internet content. He may be reached at bfrazer@hawleytroxell.com.