Right/Privacy Rights/Legal Codification
Privacy Rights
History | Legal Codification | Philosophical Origins | Culture and Politics | Conflicts with other Rights | Limitations / Restrictions | Utilitarian / Fairness Assessments | Looking Ahead | Policy Recommendations
Is this right enshrined in international and regional human rights treaties? 🖉 edit
Although there are various regional and international human rights treaties protecting the right to privacy, the International Covenant on Civil and Political Rights (ICCPR), as well as the European Convention for the protection of Human Rights and Fundamental Freedoms (ECHR) are often regarded as the most fundamental and widely respected. Article 17 of the ICCPR states that âno one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondenceâ and Article 19 continues: (1) Everyone shall have the right to hold opinions without interference. (2) Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice. (3) The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary: (a) For respect of the rights or reputations of others, and (b) For the protection of national security or of public order, or of public health or morals. In his paper âThe Privacy Principle,â Frederic Gilles Sourgens claims that ââthese two provisions make up the backbone of the human right to privacyâ (351), where protection applies to any intrusion of personal information, including thoughts opinions, religious beliefs, health, relationships, and sexual encounters (Sourgens, âPrivacy Principle,â 351). The ICCPR supports that the state must inform persons of reason of intrusion in non public spaces, as well as the nature of the information collected, but may intrude âto the extent proportionate with specific threatsâ (Sourgens, âPrivacy Principle,â353). The ICCPR âexplicitly distinguishes between the obligations to respect and to ensure human rights, while the ECHR speaksâŚonly of the obligation to secure in the actual textâ (Milanovic âPrivacy in the Digital Age,â 102). Additionally, Article 2(1) of the ICCPR claims that states are responsible for âall individuals within its territory and subject to its jurisdictionâ (Milanovic âPrivacy in the Digital Age,â 101). Although there are frameworks within the treaties that support the protection of privacy, there are many limitations to the legislation itself. The primary flaw is that the interpretation of âjurisdictionâ and âterritoryâ are contested by states (Milanovic âPrivacy in the Digital Age,â101). The common conception is that human rights instruments are purely territorial, however, intelligence programs often operate outside the territory of signatory states (Sourgens, âPrivacy Principle,â 353). The International Court of Justice (ICJ) has ruled that âStates parties to the Covenant should be bound to comply with its provisionsâ, (Sourgens, âPrivacy Principle,â353) with regional treaties such as the ECHR and American Convention on Human Rights (ACHR) respecting this claim (354). However, many states reject this extraterritorial application of privacy protection, arguing that treaty rights only apply within the sovereign territory of signatory states (Sourgens, âPrivacy Principle,â 356). Historically, the US and other states had not expressed a clear view on the territorial scope of ICCPR (Milanovic âPrivacy in the Digital Age,â 103), with the US eventually stating that there is a default presumption against extraterritorial application of the treaties in 1995 (Milanovic âPrivacy in the Digital Age,â105). Additionally, countries such as China are not a party to the ICCPR or other treaties with privacy protections, and do not have domestic laws to restrict government surveillance powers (Sourgens, âPrivacy Principle,â 358). Russia has also attempted to counteract rulings of the European Court using domestic legislation, and France similarly minimized its basic privacy protections after the 2015 mass shootings in Paris (Sourgens, âPrivacy Principle,â 358). The COVID-19 pandemic has also placed national surveillance at the forefront, as governments and research institutions use location data to keep track of cases (Zwitter and Gstrein, âBig Data,â 2). Location data is collected through phone network, wifi connections, and satellite based radio navigation (GPS) (Zwitter and Gstrein, âBig Data,â 2). Article 15 of the ECHR was updated in December 2019 to allow states to derogate in situations of: (1) war or other public emergency threatening the life of the nation, (2) taking measures which are strictly required by the exigencies of the situation, and (3) provided that measures are not inconsistent with other obligations under international law (Zwitter and Gstrein, âBig Data,â 3). Data protection and privacy are included in those rights that are subject to derogation during times of crises (Zwitter and Gstrein, âBig Data,â3). Data ownership, such as location tracking, is a matter of contract law and is often included in the terms of use, leaving the legality of the practice to individual consent (Zwitter and Gstrein, âBig Data,â 3). The conclusion that Zwitter and Gstrein come to is that there is a âlack of dedicated legal frameworks to address the use of data in times of political crisisâ (Zwitter and Gstrein, âBig Data,â4), therefore allowing for the infringement of privacy rights despite the existence of international and regional treaties.
REFERENCES:
Sourgens, Frederic Gilles. âThe Privacy Principle.â Yale Journal of International Law, 42(2), 345-408, 2017.
Milanovic, Marko. âHuman rights treaties and foreign surveillance: privacy in the digital age.â Harvard International Law Journal, 56(1), 81-146, 2015.
Zwitter, Andrej and Gstrein, Oskar J. âBig data, privacy and COVID-19 â learning from humanitarian expertise in data protection.â Int J Humanitarian Action 5, (4), 2020.
Is it contained in the US Constitution? 🖉 edit
The right to privacy is not explicitly contained in the United States Constitution.
REFERENCES:
Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy
Has it been interpreted as being implicit in the US Constitution? 🖉 edit
In the United States, the right to privacy was not originally codified but established through Supreme Court cases around the 1960s (Privacy, n.d.). Prior to this time, the Court recognized in Snyder v. Massachusetts (1934) that some concepts of fairness are fundamental, but not expressed. In 1965, the Court heard and decided Griswold v. Connecticut. In the majority opinion, Justice William Douglas argues that the Court had previously ruled on cases in which rights were not explicit in the Bill of Rights, but the rights were justifiable to the Court through the First and Fourteenth Amendments (Griswold v. Connecticut, 1965, par. 11). Later in the opinion of the court, he states that in other cases, such as Boyd v. United States (1886), Mapp v. Ohio (1961), and Poe v. Ullman (1961), the court used the âpenumbrasâ of the First, Third, Fourth, Fifth, and Ninth Amendments to make decisions on implicit liberties (Griswold v. CT, 1965, pars. 14-15). Combined, these penumbras create what the Griswold v. Connecticut majority opinion calls âzones of privacyâ (Privacy, n.d.). In a concurring Griswold opinion, Justice Arthur Goldberg argues that while liberties extend beyond the Bill of Rights, he, Chief Justice Earl Warren, and Justice William Brennan feel that the Due Process Clause of the Fourteenth Amendment does not include âall of the first eight amendmentsâ (Griswold v. CT, 1965, par. 21). However, in a different concurring opinion, Justice John Marshall Harlan found â[t]he Due Process Clause of the Fourteenth Amendment stands [âŚ] on its own bottomâ (Griswold v. CT, 1965, par. 53; Privacy, n.d.). Justice Harlanâs concurring opinion became the predominant argument used in later privacy cases (Privacy, n.d.). In 1967, the Supreme Court decided the case of Katz v. United States (Katz v. US, n.d.). Katz, located in Los Angeles, had been using a public phone booth to inform bettors in Boston and Miami, and in an effort to convict him, federal agents tapped the phone booth (Katz v. US, n.d.). A lower court allowed this evidence to be admitted, but Katz claimed it was a violation of the Fourth Amendment (Katz v. US, n.d.). The Supreme Court sided 7-1 with Katz and establishes that âthe Fourth Amendment protects people, not placesâ (Katz v. United States, 1967). In a concurring opinion, Justice Harlan established the Expectation for Privacy Test (Katz v. US, n.d.; Expectation of Privacy, n.d.). This test is two-fold â the individual must have an expectation for privacy which is rooted in law and society finds that expectation for privacy to be reasonable â and has been used as a basis for privacy since (Expectation of Privacy, n.d.). After these two cases, the Supreme Court has continued to extend the right to privacy, notably so in three landmark cases: Eisenstadt v. Baird (1971), Roe v. Wade (1972), and Lawrence v. Texas (2003) through the use of the Fourteenth Amendment and Justice Harlanâs concurring Griswold opinion (Privacy, n.d.). Eisenstadt extended the use of contraceptives beyond married couples to individuals (Privacy, n.d.). Roe extended the right to privacy to the womenâs right to have an abortion (Privacy, n.d.). Lawrence v. Texas' overturned Bowers v. Hardwick (1986) and extended privacy to private conduct (Privacy, n.d.).
REFERENCES:
Expectation of Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 13, 2021, from https://www.law.cornell.edu/wex/expectation_of_privacy
Griswold v. Connecticut, 381 U.S. 479 (1965). https://www.law.cornell.edu/supremecourt/text/381/479
Katz v. United States. (n.d.). Oyez. Retrieved September 13, 2021, from https://www.oyez.org/cases/1967/35
Katz v. United States, 389 U.S. 347 (1967). https://www.law.cornell.edu/supremecourt/text/389/347
Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy
Snyder v. Massachusetts, 291 U.S. 97 (1934). https://www.law.cornell.edu/supremecourt/text/291/97
Are there any exceptions in American law to this right? 🖉 edit
Most recent US legislation regarding the right to privacy concerns the collection, retention, and transfer of personal data. Under the Department of Justice, the Office of Privacy and Civil Liberties (OPCL) enforces privacy laws, recommends privacy policies (including exceptions), and responds to data breaches (Office of Privacy and Civil Liberties, n.d.). Freedom of Information Act 1966 (as amended 2016) In 1966, Congress passed the Freedom of Information Act (FOIA). This act granted anyone the ability to request access to federal agency records but not the records of private companies. However, nine exemptions and three exclusions may prevent access to these records (Freedom of Information Act, n.d.). The exclusions are narrow and related to law enforcement and ongoing intelligence investigations and are unaffected by FOIA (Freedom of Information Act, n.d.). The exemptions authorize government agencies to withhold information from those requesting it (Freedom of Information Act, n.d.). The nine exemptions prevent the sharing of information if it is classified for national security, part of internal rules or practices, prohibited through other laws (such as the Privacy Act, see below), a trade secret, legally protected, a medical file, law enforcement records, regarding bank supervision, or locational information (Freedom of Information Act, n.d.). FOIA was most recently updated with the FOIA Improvement Act of 2016, which increased transparency and altered procedures (OIP Summary of the FOIA Improvement Act of 2016, 2016). Privacy Act 1974 The Privacy Act of 1974 was an effort to balance the âgovernmentsâ need to maintain informationâ and the ârights of individuals to be protected against unwarranted invasions of their privacyâ (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). It prevents agencies from disclosing records to any person or agency unless it falls into one of the twelve approved guidelines (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). The most used reasons which allow for disclosure are subsections 1, 2, and 3 of 5 US Code § 552a(b) (Overview of the Privacy Act: 2020 Edition, 2021). Subsection One allows for the disclosure of information between agencies on a need-to-know basis. Subsection Two allows the FOIA to overrule the Privacy Act with regards to when to disclose information. Subsection Three allows for disclosure to another party if their use is similar to the use for which the data was originally collected. This third exception is quite broad, which causes controversy (Overview of the Privacy Act: 2020 Edition, 2021). Other exceptions include use for public record (used for the Census or National Archive data), or requests by law enforcement or the court system. In addition to putting forth information disclosure guidelines, this act requires agencies to keep accurate records of how, where, and why they sent information if they had sent information (Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). Gramm-Leach-Bliley Act 1999 The Gramm-Leach-Bliley Act (GLBA) was passed to regulate the transfer of consumersâ ânonpublic personal informationâ by financial institutions (FDIC, 2021). At its core, the law says financial institutions cannot pass along personal data to third parties unless the customer is put on notice, given the opportunity to opt out, and they do not opt out (FDIC, 2021). Exceptions to this rule appear in Sections 13-15 (FDIC, 2021, VIII-1.3). Section 13 permits the transfer of some personal data to a third party if they are performing services on behalf of the financial institution, but they must be contractually bound to not do anything else with the data (FDIC, 2021, VIII-1.3). Section 14 allows the bank to disclose information as needed to perform banking functions initiated by the customer, while Section 15 extends that disclosure to normal financial institution acts, such as fraud detection (FDIC, 2021, VIII-1.3). Of these exceptions, only Section 13 requires the customer to be notified that their information is being shared (FDIC, 2021). USA PATRIOT Act 2001 & USA Freedom Act 2015 Enacted less than two months after the 9/11 attacks, the PATRIOT Act was passed with the intention of increasing homeland security by allowing surveillance techniques used in local crime to be used to fight terrorism (Highlights of the USA PATRIOT Act, n.d.; USA PATRIOT Act, n.d.). Most importantly, this law allowed for the sharing of information between law enforcement agencies at various levels without notice (Highlights of the USA PATRIOT Act, n.d.). This law wasnât the most protective of civil rights and liberties and to rectify that President Obama signed the USA Freedom Act in 2015, ending government collection of metadata (Patriot Act, n.d.; Fact sheet, 2015).
REFERENCES: Fact sheet: Implementation of the USA Freedom Act of 2015. (2015, Nov. 27). Central Intelligence Agency. https://www.intelligence.gov/index.php/ic-on-the-record-database/results/787-fact-sheet-implementation-of-the-usa-freedom-act-of-2015
Federal Deposit Insurance Corporation (FDIC). (2021, April). FDIC Consumer Compliance Examination Manual: VIII-1.1 Gramm-Leach-Bliley Act. Author. https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/index.html
Freedom of Information Act, 5 U.S.C. § 552. (1966). Freedom of Information Act, The. (n.d.). Department of State. Retrieved Sept. 14, 2021, from https://foia.state.gov/learn/foia.aspx
Highlights of the USA PATRIOT Act. (n.d.) Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/archive/ll/highlights.htm
Office of Privacy and Civil Liberties. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/opcl
OIP Summary of the FOIA Improvement Act of 2016. (2016, Aug. 17). Department of Justice. https://www.justice.gov/oip/oip-summary-foia-improvement-act-2016
Overview of the Privacy Act: 2020 Edition. (2021, Feb. 16). Department of Justice. https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/disclosures-third-parties
Patriot Act. (n.d.) History.com. Retrieved Sept. 14, 2021, from https://www.history.com/topics/21st-century/patriot-act
Privacy Act of 1974. 5 U.S.C. § 552a. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1279#vf4tzl
Privacy Act, 5 U.S.C. § 552a(b). (1974). USA PATRIOT Act. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1281
Walls, T. (n.d.). FOIA v. Privacy Act: A comparison chart. IAPP. https://iapp.org/resources/article/foia-v-privacy-act-a-comparison-chart/