Digital Privacy
EU Laws
In March 2006, the European Commission passed the European Data Retention Directive. This directive legally requires all Internet and telephone service providers in the EU to retain records of communication data for up to 2 years. While communication service providers are _not_ allowed to retain records of the _content_ of communications, virtually all other data about the communications is required to be collected and stored, to be turned over to the authorities upon request. The data required to be collected, at each instance of communication, is as follows:
For telephone communications (both mobile and stationary):
- The telephone number, name, and address of registered user(s) of both call or sms initiator and call or sms recipient.
- The date, start time, and end time of the communication.
- Data identifying the type of communication service used (eg. phone call, sms, video message).
- The geographical location of both parties in the entire duration of the communication.
- Data identifying user's communication equipment
For Internet communications (including Internet access, e-mail, and Internet telephony):
- The userID (unique ISP provided ID), telephone number (if dial-up), name and address of registered user of both the internet communication initiator and recipient.
- The date and time of log-in and log-off to Internet access service, IP address, whether dynamic or static, user ID, date and time of the log-in and log-off of e-mail or VoIP service of both parties.
- Data identifying the type of communication service used (eg. site access, Sype, AIM).
- The phone number for dial-up access; the digital subscriber line (DSL) or other end point of the originator of the communication.
The History of U.S. Privacy Laws
American privacy laws include:
- In 1782, the Continental Congress passed a law to protect the confidentiality of letters [1]
- In 1825, Congress enacted another law to protect the confidentiality of letters by criminalizing taking âany letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier.â [2]
- And in 1877, in Ex Parte Jackson,110 the Supreme Court concluded that the Fourth Amendment protected letters from government inspection without a warrant. The fact that people willingly gave the government their letters for delivery did not waive protection, as the government was expected to keep them confidential. (SSRN)
- Numerous American cases protected the confidentiality of private letters prior to 1890. For example, in Dennis v. LeClerc,128 a newspaper editor sought to publish an improperly obtained letter from a sender to a female acquaintance. The court enjoined the publication of the letter, holding that the sender of a letter retained a qualified property right in the letter that allowed him to prevent its publication, copying, or even its use contrary to the presumed intention of the sender.129 The court also discussed when wrongfulness of the âdisclosure of the contents of a confidential communication,â130 concluding that because the letter was written in âmystery and confidenceâ (a term of art in Louisiana law), âthe defendant could not produce it to light without crime.â131 Moreover, just as the defendant could not produce it to his associates, he could also not publish it in the press, due to the âsacrednessâ of the âconfidential letter.â [3]
- In 1890 Samuel Warren and Louis Brandeis termed the phrase "the right to be let alone" in their article in the Harvard Law Review. This was one of the earliest legal articles in the U.S relating to privacy issues.
- In 1891, just a year after the article was published, the âright to be let aloneâ found its way into constitutional law. The Supreme Court held in Union Pacific Railway Company v. Botsford,223 that a court could not compel a plaintiff in a civil suit to undergo a surgical examination: âAs well said by Judge Cooley: âThe right to oneâs person may be said to be a right of complete immunity; to be let aloneâ (SSRN)
- In the famous 1902 case of Roberson v. Rochester Folding Box Company,150 that court squarely rejected the right to privacy. An advertisement for Franklin Mills Flour used a drawing of a young woman, Abigail Roberson, without her consent. The picture was a flattering one, but Roberson sued because she was âhumiliatedâ by it and suffered mental distress as a result.151 The court concluded that there was âno precedentâ to recognize Warren and Brandeisâs tort remedies for invasion of privacy, and that such a right was best left to the legislature to enact [4]
- In 1905, the Georgia Supreme Court recognized in the common law a tort remedy for invasions of privacy. The case, Pavesich v. New England Life Insurance Company,157 involved a situation similar to that in Roberson â a manâs image was used in an advertisement without his consent. The court concluded that a âright of privacy in matters purely private is . . . derived from natural law.â [5]
- In 1967, in Time, Inc. v. Hill,204 the Court held that the First Amendment required the actual malice standard to establish a false light claim.205 The right of publicity tort was examined by the Court in 1977 in Zacchini v. Scripps-Howard Broadcasting Co.206 The Court distinguished appropriation from false light, and the branch of the appropriation tort known as the âright of publicityâ narrowly survived a First Amendment challenge. The public disclosure tort came to the Courtâs attention in 1975 in Cox Broadcasting v. Cohn.207 The Court discussed the origins of the tort in Warren and Brandeisâs article and observed that âthe century has experienced a strong tide running in favor of the so-called right of privacy.â208 Basing its decision on the First Amendment, the Court held that despite the right to privacyâs âimpressive credentials,â when âtrue information is disclosed in public court documents open to public inspection, the press cannot be sanctioned for publishing it.â209 The Court declined to address âthe broader questionâ that would implicate the constitutionality of the tort in all its applications â namely, âwhether the State may ever define and protect an area of privacy free from unwanted publicity in the press [6]
- Subsequent Supreme Court cases reiterated the Cox rule. In Smith v. Daily Mail,211 the Court held: âIf a newspaper lawfully obtains truthful information about a matter of public significance then state officials may not constitutionally punish publication of the information, absent a need to further a state interest of the highest order.â212 In Florida Star v. B.J.F.,213 the Court reiterated the rule in Daily Mail in concluding that the First Amendment prohibited liability when a newspaper published the name of a rape victim obtained from a police report [7]
- [U.S Privacy Act of 1974] [1] mandated a set of fair information practices, including disclosure of private information only with the an individualâs consent (with exceptions for law enforcement, archiving, and routine uses), and established the right of the subject to know what was recorded about her and to offer corrections. While it originally intended to apply to a broad range of public and private databases to parallel the H.E.W. report, the Act was amended before passage to apply only to government agenciesâ records (Zittrain chapter 9)
- U.S Privacy Act of 1974 (http://www.usdoj.gov/oip/04_7_1.html) - Fair Information Practice Principles (http://www.ftc.gov/reports/privacy3/fairinfo.shtm)
- The Privacy Act of 1974 mandated a set of fair information practices, including disclosure of private information only with the an individualâs consent (with exceptions for law enforcement, archiving, and routine uses), and established the right of the subject to know what was recorded about her and to offer corrections. While it originally intended to apply to a broad range of public and private databases to parallel the H.E.W. report, the Act was amended before passage to apply only to government agenciesâ records (Zittrain chapter 9)
Problems
Disparities between digital privacy laws of the European Union and those of the United States.
'CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION'
Article 7 Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications.
Article 8 Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.[2] [3]
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [4]
Regulation 45/2001 [5]
U.S. Laws
* United States Code o TITLE 17 - COPYRIGHTS + CHAPTER 12 - COPYRIGHT PROTECTION AND MANAGEMENT SYSTEMS
Section 1205. Savings clause
Nothing in this chapter abrogates, diminishes, or weakens the provisions of, nor provides any defense or element of mitigation in a criminal prosecution or civil action under, any Federal or State law that prevents the violation of the privacy of an individual in connection with the individual's use of the Internet. [6]
Solutions
Relevant Research and Articles
Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing (Mayer-Schoenberger, 2007)
How Many Ways You're Being Watched, USA Today (2007)
Enjoying Technologies Conveniences But Not Escaping Its Watchful Eyes, Washington Post (2007)
Your Identity, Open to All (Wired News, 2005)
Why Web 2.0 will end your privacy (Bit Tech, 2006)
Strong privacy laws may explain data security in Europe (Intl. Herald Tribune, 2005)
COPPA - Children's Online Privacy Protection Act
U.S. Privacy Articles
Digital Millenium Copyright Act of 1998
Software lets parents monitor kids' calls
A privacy paradox: Social networking in the United States (Barnes, 2006)
Your first girlfriend -- and the other things search engines store about you
European Privacy
Relevant Legislation
EU Data Retention Directive, Article 5,6,10
EU Directive on Privacy and Electronic Communications, Article 4,5,6,9,12
Resources and Articles
Digital Civil Rights in Europe
European Data Protection Supervisor
French State Council allows tracing P2P users
The European Parliament voted for stronger data protection
Europe votes to restrict police data sharing
Google may use games to analyse net users
Minister of the Interior renews call for legal online PC search option
German government admits it is already conducting online searches
ICT lobby says Dutch law protects privacy rights in RFID applications
Privacy in US v. Europe: Comparing conceptions and legislation
âLa differenceâ is stark in EU, U.S. privacy laws
Internet privacy law: a comparison between the United States and the European Union
Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground
Suddenly, the Paranoids Don't Seem So Paranoid Anymore, Wired, June 2007
Strong privacy laws may explain data security in Europe, The New York Times', August 2005