Privacy Rights

Is this right enshrined in international and regional human rights treaties? 🖉 edit

Although there are various regional and international human rights treaties protecting the right to privacy, the International Covenant on Civil and Political Rights (ICCPR), as well as the European Convention for the protection of Human Rights and Fundamental Freedoms (ECHR) are often regarded as the most fundamental and widely respected. Article 17 of the ICCPR states that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence” and Article 19 continues: (1) Everyone shall have the right to hold opinions without interference. (2) Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice. (3) The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary: (a) For respect of the rights or reputations of others, and (b) For the protection of national security or of public order, or of public health or morals. In his paper “The Privacy Principle,” Frederic Gilles Sourgens claims that ““these two provisions make up the backbone of the human right to privacy” (351), where protection applies to any intrusion of personal information, including thoughts opinions, religious beliefs, health, relationships, and sexual encounters (Sourgens, “Privacy Principle,” 351). The ICCPR supports that the state must inform persons of reason of intrusion in non public spaces, as well as the nature of the information collected, but may intrude “to the extent proportionate with specific threats” (Sourgens, “Privacy Principle,”353). The ICCPR “explicitly distinguishes between the obligations to respect and to ensure human rights, while the ECHR speaks…only of the obligation to secure in the actual text” (Milanovic “Privacy in the Digital Age,” 102). Additionally, Article 2(1) of the ICCPR claims that states are responsible for “all individuals within its territory and subject to its jurisdiction” (Milanovic “Privacy in the Digital Age,” 101). Although there are frameworks within the treaties that support the protection of privacy, there are many limitations to the legislation itself. The primary flaw is that the interpretation of ‘jurisdiction’ and ‘territory’ are contested by states (Milanovic “Privacy in the Digital Age,”101). The common conception is that human rights instruments are purely territorial, however, intelligence programs often operate outside the territory of signatory states (Sourgens, “Privacy Principle,” 353). The International Court of Justice (ICJ) has ruled that “States parties to the Covenant should be bound to comply with its provisions”, (Sourgens, “Privacy Principle,”353) with regional treaties such as the ECHR and American Convention on Human Rights (ACHR) respecting this claim (354). However, many states reject this extraterritorial application of privacy protection, arguing that treaty rights only apply within the sovereign territory of signatory states (Sourgens, “Privacy Principle,” 356). Historically, the US and other states had not expressed a clear view on the territorial scope of ICCPR (Milanovic “Privacy in the Digital Age,” 103), with the US eventually stating that there is a default presumption against extraterritorial application of the treaties in 1995 (Milanovic “Privacy in the Digital Age,”105). Additionally, countries such as China are not a party to the ICCPR or other treaties with privacy protections, and do not have domestic laws to restrict government surveillance powers (Sourgens, “Privacy Principle,” 358). Russia has also attempted to counteract rulings of the European Court using domestic legislation, and France similarly minimized its basic privacy protections after the 2015 mass shootings in Paris (Sourgens, “Privacy Principle,” 358). The COVID-19 pandemic has also placed national surveillance at the forefront, as governments and research institutions use location data to keep track of cases (Zwitter and Gstrein, “Big Data,” 2). Location data is collected through phone network, wifi connections, and satellite based radio navigation (GPS) (Zwitter and Gstrein, “Big Data,” 2). Article 15 of the ECHR was updated in December 2019 to allow states to derogate in situations of: (1) war or other public emergency threatening the life of the nation, (2) taking measures which are strictly required by the exigencies of the situation, and (3) provided that measures are not inconsistent with other obligations under international law (Zwitter and Gstrein, “Big Data,” 3). Data protection and privacy are included in those rights that are subject to derogation during times of crises (Zwitter and Gstrein, “Big Data,”3). Data ownership, such as location tracking, is a matter of contract law and is often included in the terms of use, leaving the legality of the practice to individual consent (Zwitter and Gstrein, “Big Data,” 3). The conclusion that Zwitter and Gstrein come to is that there is a “lack of dedicated legal frameworks to address the use of data in times of political crisis” (Zwitter and Gstrein, “Big Data,”4), therefore allowing for the infringement of privacy rights despite the existence of international and regional treaties.

REFERENCES:

Sourgens, Frederic Gilles. “The Privacy Principle.” Yale Journal of International Law, 42(2), 345-408, 2017.

Milanovic, Marko. “Human rights treaties and foreign surveillance: privacy in the digital age.” Harvard International Law Journal, 56(1), 81-146, 2015.

Zwitter, Andrej and Gstrein, Oskar J. “Big data, privacy and COVID-19 – learning from humanitarian expertise in data protection.” Int J Humanitarian Action 5, (4), 2020.

Is it contained in the US Constitution? 🖉 edit

The right to privacy is not explicitly contained in the United States Constitution.

REFERENCES:

Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy

Has it been interpreted as being implicit in the US Constitution? 🖉 edit

In the United States, the right to privacy was not originally codified but established through Supreme Court cases around the 1960s (Privacy, n.d.). Prior to this time, the Court recognized in Snyder v. Massachusetts (1934) that some concepts of fairness are fundamental, but not expressed. In 1965, the Court heard and decided Griswold v. Connecticut. In the majority opinion, Justice William Douglas argues that the Court had previously ruled on cases in which rights were not explicit in the Bill of Rights, but the rights were justifiable to the Court through the First and Fourteenth Amendments (Griswold v. Connecticut, 1965, par. 11). Later in the opinion of the court, he states that in other cases, such as Boyd v. United States (1886), Mapp v. Ohio (1961), and Poe v. Ullman (1961), the court used the ‘penumbras’ of the First, Third, Fourth, Fifth, and Ninth Amendments to make decisions on implicit liberties (Griswold v. CT, 1965, pars. 14-15). Combined, these penumbras create what the Griswold v. Connecticut majority opinion calls “zones of privacy” (Privacy, n.d.). In a concurring Griswold opinion, Justice Arthur Goldberg argues that while liberties extend beyond the Bill of Rights, he, Chief Justice Earl Warren, and Justice William Brennan feel that the Due Process Clause of the Fourteenth Amendment does not include “all of the first eight amendments” (Griswold v. CT, 1965, par. 21). However, in a different concurring opinion, Justice John Marshall Harlan found “[t]he Due Process Clause of the Fourteenth Amendment stands […] on its own bottom” (Griswold v. CT, 1965, par. 53; Privacy, n.d.). Justice Harlan’s concurring opinion became the predominant argument used in later privacy cases (Privacy, n.d.). In 1967, the Supreme Court decided the case of Katz v. United States (Katz v. US, n.d.). Katz, located in Los Angeles, had been using a public phone booth to inform bettors in Boston and Miami, and in an effort to convict him, federal agents tapped the phone booth (Katz v. US, n.d.). A lower court allowed this evidence to be admitted, but Katz claimed it was a violation of the Fourth Amendment (Katz v. US, n.d.). The Supreme Court sided 7-1 with Katz and establishes that “the Fourth Amendment protects people, not places” (Katz v. United States, 1967). In a concurring opinion, Justice Harlan established the Expectation for Privacy Test (Katz v. US, n.d.; Expectation of Privacy, n.d.). This test is two-fold – the individual must have an expectation for privacy which is rooted in law and society finds that expectation for privacy to be reasonable – and has been used as a basis for privacy since (Expectation of Privacy, n.d.). After these two cases, the Supreme Court has continued to extend the right to privacy, notably so in three landmark cases: Eisenstadt v. Baird (1971), Roe v. Wade (1972), and Lawrence v. Texas (2003) through the use of the Fourteenth Amendment and Justice Harlan’s concurring Griswold opinion (Privacy, n.d.). Eisenstadt extended the use of contraceptives beyond married couples to individuals (Privacy, n.d.). Roe extended the right to privacy to the women’s right to have an abortion (Privacy, n.d.). Lawrence v. Texas' overturned Bowers v. Hardwick (1986) and extended privacy to private conduct (Privacy, n.d.).

REFERENCES:

Expectation of Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 13, 2021, from https://www.law.cornell.edu/wex/expectation_of_privacy

Griswold v. Connecticut, 381 U.S. 479 (1965). https://www.law.cornell.edu/supremecourt/text/381/479

Katz v. United States. (n.d.). Oyez. Retrieved September 13, 2021, from https://www.oyez.org/cases/1967/35

Katz v. United States, 389 U.S. 347 (1967). https://www.law.cornell.edu/supremecourt/text/389/347

Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy

Snyder v. Massachusetts, 291 U.S. 97 (1934). https://www.law.cornell.edu/supremecourt/text/291/97

Are there any exceptions in American law to this right? 🖉 edit

Most recent US legislation regarding the right to privacy concerns the collection, retention, and transfer of personal data. Under the Department of Justice, the Office of Privacy and Civil Liberties (OPCL) enforces privacy laws, recommends privacy policies (including exceptions), and responds to data breaches (Office of Privacy and Civil Liberties, n.d.). Freedom of Information Act 1966 (as amended 2016) In 1966, Congress passed the Freedom of Information Act (FOIA). This act granted anyone the ability to request access to federal agency records but not the records of private companies. However, nine exemptions and three exclusions may prevent access to these records (Freedom of Information Act, n.d.). The exclusions are narrow and related to law enforcement and ongoing intelligence investigations and are unaffected by FOIA (Freedom of Information Act, n.d.). The exemptions authorize government agencies to withhold information from those requesting it (Freedom of Information Act, n.d.). The nine exemptions prevent the sharing of information if it is classified for national security, part of internal rules or practices, prohibited through other laws (such as the Privacy Act, see below), a trade secret, legally protected, a medical file, law enforcement records, regarding bank supervision, or locational information (Freedom of Information Act, n.d.). FOIA was most recently updated with the FOIA Improvement Act of 2016, which increased transparency and altered procedures (OIP Summary of the FOIA Improvement Act of 2016, 2016). Privacy Act 1974 The Privacy Act of 1974 was an effort to balance the “governments’ need to maintain information” and the “rights of individuals to be protected against unwarranted invasions of their privacy” (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). It prevents agencies from disclosing records to any person or agency unless it falls into one of the twelve approved guidelines (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). The most used reasons which allow for disclosure are subsections 1, 2, and 3 of 5 US Code § 552a(b) (Overview of the Privacy Act: 2020 Edition, 2021). Subsection One allows for the disclosure of information between agencies on a need-to-know basis. Subsection Two allows the FOIA to overrule the Privacy Act with regards to when to disclose information. Subsection Three allows for disclosure to another party if their use is similar to the use for which the data was originally collected. This third exception is quite broad, which causes controversy (Overview of the Privacy Act: 2020 Edition, 2021). Other exceptions include use for public record (used for the Census or National Archive data), or requests by law enforcement or the court system. In addition to putting forth information disclosure guidelines, this act requires agencies to keep accurate records of how, where, and why they sent information if they had sent information (Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). Gramm-Leach-Bliley Act 1999 The Gramm-Leach-Bliley Act (GLBA) was passed to regulate the transfer of consumers’ “nonpublic personal information” by financial institutions (FDIC, 2021). At its core, the law says financial institutions cannot pass along personal data to third parties unless the customer is put on notice, given the opportunity to opt out, and they do not opt out (FDIC, 2021). Exceptions to this rule appear in Sections 13-15 (FDIC, 2021, VIII-1.3). Section 13 permits the transfer of some personal data to a third party if they are performing services on behalf of the financial institution, but they must be contractually bound to not do anything else with the data (FDIC, 2021, VIII-1.3). Section 14 allows the bank to disclose information as needed to perform banking functions initiated by the customer, while Section 15 extends that disclosure to normal financial institution acts, such as fraud detection (FDIC, 2021, VIII-1.3). Of these exceptions, only Section 13 requires the customer to be notified that their information is being shared (FDIC, 2021). USA PATRIOT Act 2001 & USA Freedom Act 2015 Enacted less than two months after the 9/11 attacks, the PATRIOT Act was passed with the intention of increasing homeland security by allowing surveillance techniques used in local crime to be used to fight terrorism (Highlights of the USA PATRIOT Act, n.d.; USA PATRIOT Act, n.d.). Most importantly, this law allowed for the sharing of information between law enforcement agencies at various levels without notice (Highlights of the USA PATRIOT Act, n.d.). This law wasn’t the most protective of civil rights and liberties and to rectify that President Obama signed the USA Freedom Act in 2015, ending government collection of metadata (Patriot Act, n.d.; Fact sheet, 2015).

REFERENCES: Fact sheet: Implementation of the USA Freedom Act of 2015. (2015, Nov. 27). Central Intelligence Agency. https://www.intelligence.gov/index.php/ic-on-the-record-database/results/787-fact-sheet-implementation-of-the-usa-freedom-act-of-2015

Federal Deposit Insurance Corporation (FDIC). (2021, April). FDIC Consumer Compliance Examination Manual: VIII-1.1 Gramm-Leach-Bliley Act. Author. https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/index.html

Freedom of Information Act, 5 U.S.C. § 552. (1966). Freedom of Information Act, The. (n.d.). Department of State. Retrieved Sept. 14, 2021, from https://foia.state.gov/learn/foia.aspx

Highlights of the USA PATRIOT Act. (n.d.) Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/archive/ll/highlights.htm

Office of Privacy and Civil Liberties. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/opcl

OIP Summary of the FOIA Improvement Act of 2016. (2016, Aug. 17). Department of Justice. https://www.justice.gov/oip/oip-summary-foia-improvement-act-2016

Overview of the Privacy Act: 2020 Edition. (2021, Feb. 16). Department of Justice. https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/disclosures-third-parties

Patriot Act. (n.d.) History.com. Retrieved Sept. 14, 2021, from https://www.history.com/topics/21st-century/patriot-act

Privacy Act of 1974. 5 U.S.C. § 552a. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1279#vf4tzl

Privacy Act, 5 U.S.C. § 552a(b). (1974). USA PATRIOT Act. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1281

Walls, T. (n.d.). FOIA v. Privacy Act: A comparison chart. IAPP. https://iapp.org/resources/article/foia-v-privacy-act-a-comparison-chart/

Is this right protected in the Constitutions of most countries today? 🖉 edit

The right to privacy is a widely accepted right throughout the world. Currently, 186 constitutions around the globe include the right to privacy. Within these constitutions however, there are discrepancies in the language and what is considered to fall under the ‘right to privacy’ umbrella. In the most obvious cases, there is a considerable differentiation between the age of the constitutions being compared. For example, the United States has maintained the same Constitution since 1789 with its last alteration being the 27th Amendment in 1992. Privacy, however, was addressed in the 4th Amendment in 1791 which states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”(U.S. Constitution- Fourth Amendment). While formal alterations or additions to the US Constitution have been relatively scarce, the United States legal system, as it pertains to the Constitution, has evolved. Through judicial review, the Supreme Court has applied interpretations to the original document. We see this instance in the 1960 Supreme Court Case Griswold v. Connecticut. This landmark case ruled that the Constitution protected the right of marital privacy (Griswold v. Connecticut, 381 U.S. 479 (1965)). This provides insight on how the US addresses rights, like the right to privacy, that are not explicitly stated in the Constitution.

Looking at other countries suggests some of the range of approaches to the right to privacy. For an alternate example we can look to the current constitution of Albania. Albania’s active constitution was ratified in 1998 with the latest modification being made in 2016. Articles 35-37 of the constitution addresses the right to privacy in much broader scope than the United States, “No one may be obliged, except when the law requires it, to make public the data connected with his person,” (Constitute Project 2020) “The freedom and secrecy of correspondence or any other means of communication are guaranteed,” and “The inviolability of the residence is guaranteed.” (Constitute Project 2020) More is included within these articles but the three main points address the “data,” the communication, and the residence of the individual. Clearly, the language used in Albania’s constitution applies to a lot more aspects of one's privacy than the language used in the US constitution. With that said, the structure of Albania’s government differs from that of the United States, especially when it comes to the judicial system. Albania has a Supreme Court and a Constitutional Court. The latter is responsible for interpreting “the compatibility of international agreements with the mandates of the Constitution prior to their ratification; verifies compliance with the Constitution in legislative acts passed by local, regional and central government bodies; and adjudicates individual citizens’ claims of constitutional rights breaches and violations,” (“Researching the Albanian Legal System” 2019). Furthermore, “Judicial review by the Constitutional Court may be requested upon petitions submitted by the President of the Republic, the Prime Minister, 1/5th of Parliament’s members, the Head of High State Control as well as any lower court,” (“Researching the Albanian Legal System” 2019). A specific example of this occurred in 2008 as law no. 9887, “On Protection of Personal Data,” expanded and defined privacy rights as it pertained to personal data. This was brought forward by the Council of Ministers, which falls under the executive branch of the Albanian government. This same law was then subsequently amended in 2012 and 2014 to modify the right to privacy in an era of technology. We can see these protections in action as six different multinational companies were fined in April of 2024 for violating Albania's privacy rights (“Albania” 2024). In Albania, there are more avenues for other branches of government to directly bring forward issues of constitutionality and, as we have seen with law no. 9887, propose new legislation meant to refine or analyze contemporary applications of constitutional law. Additionally, justices, for both the Supreme Court and Constitutional Court, serve for a single term of 9 years. This is just another factor in how constitutional rights are interpreted and applied. In 2020, Algeria enacted its current constitution which shares similar constitutional provisions on the right to privacy. In articles 47 and 48 it confirms that, “Every person shall have the right to the protection of his honor and private life. Every person shall have the right to the confidentiality of his correspondence and private communications in all their forms…The protection of individuals when handling personal data shall be a fundamental right.” (Constitute Project 2020).

Another longstanding constitution, that of the Kingdom of the Netherlands, was originally enacted in 1814 but has been subsequently amended up until the year 2008. Articles 10, 12, and 13 state, “Everyone shall have the right to respect for his privacy, without prejudice to restrictions laid down by or pursuant to Act of Parliament,”(Constitute Project 2020) “Entry into a home against the will of the occupant shall be permitted only in the cases laid down by or pursuant to Act of Parliament, by those designated for the purpose by or pursuant to Act of Parliament,”(Constitute Project 2020) and “The privacy of correspondence shall not be violated except in the cases laid down by Act of Parliament, by order of the courts. The privacy of the telephone and telegraph shall not be violated except, in the cases laid down by Act of Parliament, by or with the authorization of those designated for the purpose by Act of Parliament.” (Constitute Project 2020) Again, there is more included within the official articles, but the main points are delivered. Communication and residence are clearly stated but one's data, as proclaimed by the previous two constitutions, is not explicitly stated. We can also look towards Somalia’s constitution which was enacted in 2012 that states, “The home and other dwellings of the person shall be inviolable, and their entry, search or surveillance shall not be allowed without a reasoned order from a judge. Any such order must be read properly to the occupier of the dwelling before entry, and the inspecting authority is prohibited to violate the law,” (Constitute Project 2020). Here, the right to privacy explicitly secures one’s home but not much else. How one’s “other dwellings” are officially defined is not included in the country’s constitution. So, in looking at these examples, and various others, it is hard to definitively define the extent of one's “right to privacy” as there is no international consensus and the language used in many constitutions worldwide are not cut and dry. Furthermore, while the age of a country’s constitution may be a factor, how their political system is structured is also an important consideration when determining the scope of this right.

References:

Congress.gov. 2022. “U.S. Constitution - Fourth Amendment - Resources - Constitution Annotated - Congress.gov - Library of Congress.” Constitution.congress.gov. Constitution Annotated. 2022. https://constitution.congress.gov/constitution/amendment-4/.

“Researching the Albanian Legal System.” n.d. GlobaLex - Foreign and International Law Research. Accessed July 30, 2024. https://www.nyulawglobal.org/globalex/Albania1.html#thejudi.

“Albania.” n.d. DataGuidance. Accessed July 30, 2024. https://www.dataguidance.com/jurisdiction/albania.

Read. 2020. “Read about ‘Right to Privacy’ on Constitute.” Constituteproject.org. 2020. https://www.constituteproject.org/constitutions?key=privacy.

Griswold v. Connecticut, 381 U.S. 479 (1965)