Privacy Rights/Conflicts with other Rights/Federalism
How does federalism change, if at all, the exercise or application of this right? What examples of this can one point to?
With federalism, there is often one state that leads the rest – in terms of privacy legislation, California leads the United States, and the German state Hessen led Germany and the European Union (Mills, 2008, 167; Petkova, 2016, 5, 4). Though the EU is not properly a federalist entity, federalism encouraged and promoted privacy as a fundamental right. Privacy rights began in Hessen, became federal law after German parliamentary action, and eventually became supranational as the EU passed encompassing privacy legislation in 1995 (Petkova, 2016, 4). Later iterations of the 1995 law led to the 2018 General Data Protection Regulation which has provisions that help regulate information privacy outside of EU borders, including in the United States.
In the United States, federalism clarifies and further protects the right to privacy. This is important because the federal right is still based on Supreme Court opinions rather than explicit constitutional provisions or legislation. This lack of explicit language allows states to “provide leadership in the privacy area because of the constitutional options available” and drive for change (Mills, 2008, 162; Petkova, 2017, 24). As of 2008, ten states in the US (Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington) explicitly protect privacy in their constitutions (Mills, 2008, Appendix II). At least twenty states have passed privacy legislation (with some overlap between the ten with constitutional provisions, namely California). State privacy legislation focuses on data privacy, improving security measures for storing personal information, notifying individuals of security breaches, and enabling security alerts and/or freezes on credit reports (Mills, 2008, 167). Most states hoped their passage would signal the federal government to pass privacy legislation (Sabin, 2021) . Schwartz acknowledges that this legislation would be possible under the Commerce Clause, though the effects would depend on the text (2009, 922). Some scholars are wary of federal legislation as states have created a successful legal landscape based on experimentation and consequence, and federal legislation could disrupt the balance, create uncertainty, and be hard to amend (Bellia, 2009; Schwartz, 2009, 922-931).
Federalism results in the lack of consistent privacy laws and rights. For instance, in Germany, every company needs to have a data protection officer. In the EU, the GDPR only requires public companies and certain private companies to have this position, while allowing all other private companies to opt-in to having this role (Petkova, 2017, 20). These different laws can alter privacy protection outcomes based on the jurisdiction in which the incident took place, especially if the rights are challenged in courts. This was the case in Florida’s Rolling v. State. Six college students were brutally murdered in Gainesville, Florida and their families hoped to prevent the press from releasing the photos of their bodies. Mills, who was asked to consult on the case, knew this would be a complex legal question as the Florida laws technically allowed for these records to be open to ensure police accountability, but he also knew the families would suffer severe harm were these photos to appear publicly. The Florida Supreme Court decided that the laws in place allowed for a compromise: the photos could be made available to the public by the records custodian upon a reasonable request provided there were restrictions on the copying and removal of the photos. Mills acknowledges that had the situation been occurred in another jurisdiction, the result would not have been the same and the photos likely would have been published (Mills, 2008, 247-251).
References:
Bellia, P.L. (2009) . Federalization of Information Privacy Law. Yale Law Journal 118(5), 868-900. https://www.jstor.org/stable/40389431
Mills, J.L. (2008) . Privacy: The lost right. Oxford University Press.
Petkova, B. (2016) . The Safeguards of Privacy Federalism. Lewis & Clark Law Review 20(2). https://www.law.nyu.edu/sites/default/files/upload_documents/Petkova%20The%20Safeguards%20of%20Privacy%20Federalsim_0.pdf
Petkova, B. (2017) . Domesticating the “foreign” in making transatlantic data privacy law. International Journal of Constitutional Law 15(4), 1135- 1156) . https://www.law.nyu.edu/sites/default/files/upload_documents/Petkova%20Domesticating%20the%20Foreign%20in%20Making.pdf
Sabin, S. (2021, Apr. 27). States are moving on privacy bills. Morning Consult. https://morningconsult.com/2021/ 04/27/state-privacy-congress-priority-poll/
Schwartz, P.M. (2009) . Preemption and privacy. Yale Law Journal 118(5). https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=5155&context=ylj