Advertisement

The Changing Privacy Legal Landscape

  • Robert W. PalmatierEmail author
  • Kelly D. Martin
Chapter

Abstract

This chapter centers on informational privacy and the rules that give people control over their personal data—defined as any information that can be used by itself or in combination with other information to identify someone. The European Union (EU), Canada, and Japan each protect informational privacy using a single, comprehensive privacy law. But the United States takes a different approach and uses a hodgepodge of federal and state laws to protect informational privacy. Some regulate specific categories of information (financial, health care, medical), while others apply to usage activities (e.g., telephone marketing, text messaging, emailing). Hundreds of additional data protection laws exist at state levels, California alone has more than 25 unique privacy and data security laws on its books.

References and Notes

  1. 1.
    Warren, S., & Brandeis, L. (1890). The Right to Privacy. Harvard Law Review, 4(5), 193–220.  https://doi.org/10.2307/1321160. Available at http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html.CrossRefGoogle Scholar
  2. 2.
    According to Daniel Solove: “In the second latter half of the 19th century, newspapers were the most rapidly growing type of media. Circulation of newspapers rose about 1000% from 1850 and 1890, from 100 newspapers with 800,000 readers in 1850 to 900 papers with over 8 million readers by 1890.” Solove, D. J. (2003). The Origins and Growth of Information Privacy Law, 10. Available at https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=2091&context=faculty_publications.
  3. 3.
    Ibid., 11.Google Scholar
  4. 4.
    Warren, S., & Brandeis, L. at 1.Google Scholar
  5. 5.
  6. 6.
  7. 7.
    Pollak, M. (2018). A Short History of Wiretapping. Nytimes.com. Available at https://www.nytimes.com/2015/03/01/nyregion/a-short-history-of-wiretapping.html. Accessed May 23, 2018.
  8. 8.
    Kaplan, H. J., Matteo, J. A., Sillett, R., & Arkin Kaplan Rice, L. L. P. (2012). The History and Law of Wiretapping. In ABA Sections of Litigation 2012 Section Annual Conference April (pp. 18–20).Google Scholar
  9. 9.
    Olmstead v. United States. (n.d.). Oyez. Retrieved May 22, 2018, from https://www.oyez.org/cases/1900-1940/277us438.
  10. 10.
  11. 11.
    Tokson, M. (2016). Knowledge and Fourth Amendment Privacy. 111 Northwest University Law Review, 139. https://scholarlycommons.law.northwestern.edu/nulr/vol111/iss1/3.
  12. 12.
    Katz v. United States, 389 U.S. 347, 359 (1967).Google Scholar
  13. 13.
    Ibid., 360 (Harlan J., concurring).Google Scholar
  14. 14.
    Kerr, O. S. (2011). An Equilibrium-Adjustment Theory of the Fourth Amendment. 125 Harvard Law Review, 476, 533–534.Google Scholar
  15. 15.
    McDonald, A. M., & Cranor, L. F. (2008). The Cost of Reading Privacy Policies. ISJLP, 4(543). Available at https://kb.osu.edu/bitstream/handle/1811/72839/ISJLP_V4N3_543.pdf?sequence=1&isAllowed=y.
  16. 16.
    See Reidenberg, J. R., Breaux, T., Cranor, L. F., French, B., Grannis, A., Graves, J. T., & Ramanath, R. (2015). Disagreeable Privacy Policies: Mismatches Between Meaning and Users’ Understanding. Berkeley Tech. LJ, 30, 39; and Waldman, A. E. (2017). A Statistical Analysis of Privacy Policy Design. Notre Dame Law Review Online, 93, Forthcoming. Available at SSRN https://ssrn.com/abstract=2940505.
  17. 17.
    15 USCS § 1681, et seq.Google Scholar
  18. 18.
    EPIC—The Fair Credit Reporting Act (FCRA) and the Privacy of Your Credit Report. (2018). Retrieved from https://epic.org/privacy/fcra/#introduction.
  19. 19.
    Department of Health, Education, and Welfare (HEW) Secretary’s Advisory Committee on Automated Personal Data Systems (SACAPDS) (testimony of Kenneth A. McLean, May 18, 1972).Google Scholar
  20. 20.
    Federal Trade Commission Marketers of Criminal Background Screening Reports to Settle FTC Charges They Violated Fair Credit Reporting Act. (2013). Available at https://www.ftc.gov/news-events/press-releases/2013/01/marketers-criminal-background-screening-reportsto-settle-ftc.
  21. 21.
    Hoofnagle, C., & Honig, E. EPIC Victoria’s Secret GLBA Privacy Page. Available at https://epic.org/privacy/glba/victoriassecret.html.
  22. 22.
    Office for Civil Rights, H. H. S. (2002). Standards for Privacy of Individually Identifiable Health Information. Final Rule. Federal Register, 67(157), 53181.Google Scholar
  23. 23.
    US Department of Health and Human Services. (2005). Security Standards for the Protection of Electronic Protected Health Information. Code of Federal Regulations.Google Scholar
  24. 24.
    Francke, G., Greene, A., & Williams, B. (2017, May 16). Public Still Must Be Kept Private Under HIPAA. Available at https://www.dwt.com/Public-Still-Must-be-Kept-Private-under-HIPAA-05-16-2017/.
  25. 25.
    Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy (p. 236). Cambridge University Press.Google Scholar
  26. 26.
    Monty Python—Spam. (2007). [Video]. Retrieved from https://www.youtube.com/watch?v=anwy2MPT5RE.
  27. 27.
    The Origin of SPAM (The Food) & Spam (The Email). (2009). Retrieved from http://mentalfloss.com/article/20997/origin-spam-food-spam-email.
  28. 28.
    Federal Trade Commission. CAN-SPAM Act: A Compliance Guide for Business. Retrieved from https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business.
  29. 29.
    Manjoo, F. (2003). The Day the Dinnertime Phone Calls Stopped. Retrieved from https://www.salon.com/2003/07/15/do_not_call.
  30. 30.
    47 U.S.C. § 227(b), (c).Google Scholar
  31. 31.
    Wireline Competition. (2018). FCC Strengthens Consumer Protections Against Unwanted Calls and Texts. Retrieved from https://www.fcc.gov/document/fcc-strengthens-consumer-protections-against-unwanted-calls-and-texts.
  32. 32.
    Mailing Standards of the United States Postal Service, Domestic Mail Manual (DMM). (2007). Available from https://pe.usps.com/cpim/ftp/manuals/dmm300/dmmtoc.pdf.
  33. 33.
    EPIC—Children’s Online Privacy Protection Act (COPPA). Retrieved from https://epic.org/privacy/kids/.
  34. 34.
    Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy (p. 195). Cambridge University Press.Google Scholar
  35. 35.
    Ibid., 193.Google Scholar
  36. 36.
  37. 37.
    Complying with COPPA: Frequently Asked Questions. (2018). Retrieved from https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
  38. 38.
  39. 39.
    Lazzarotti, J. J., Gavejian, J. C., & Atrakchi, M. (2018, April 9). State Data Breach Notification Laws: Overview of the Patchwork. https://www.jacksonlewis.com/publication/state-data-breach-notification-laws-overview-patchwork.
  40. 40.
    See IBM Security, Ponemon Institute. (2017). 2017 Cost of Data Breach Study. Available at https://www.ibm.com/security/data-breach. Accessed March 1, 2018
  41. 41.
  42. 42.
    Bryan Cave. (2017). 2017 Data Breach Litigation Report [Ebook] (1st ed., p. 6). Retrieved from https://d11m3yrngt251b.cloudfront.net/images/content/9/6/v2/96690/Bryan-Cave-Data-Breach-Litigation-Report-2017-edition.pdf.
  43. 43.
    Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy (p. 75). Cambridge University Press.Google Scholar
  44. 44.
    Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy (Chap. 1). Cambridge University Press.Google Scholar
  45. 45.
    16 CFR para 2.31–2.32.Google Scholar
  46. 46.
    Federal Trade Commission. (2008). A Brief Overview of the Federal Trade Commission’s Investigative and Law Enforcement Authority. Retrieved from https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority.
  47. 47.
    Solove, D. J. (2008). Understanding Privacy (p. 613). Harvard University Press.Google Scholar
  48. 48.
    Ibid., 121.Google Scholar
  49. 49.
    Ibid., 620.Google Scholar
  50. 50.
    E.g., In re Eli Lilly & Co., 133 F.T.C. 763 (2002) (complaint) (charging company with breaking privacy agreement by disclosing customers’ personal information).Google Scholar
  51. 51.
    E.g., In re HTC Am. Inc., FTC File No. 122 3049, No. C-4406 (F.T.C. June 25, 2013). Available at http://www.ftc.gov/sites/default/files/documents/cases/2013/07/130702htccmpt.pdf (charging company with failing to mitigate security vulnerabilities when providing third parties with sensitive information); In re Microsoft Corp., 134 F.T.C. 709, 715 (2002) (complaint) (charging company with collecting information beyond that provided for in privacy policy).
  52. 52.
    E.g., In re Genica Corp., FTC File No. 082 3113, No. C-4252 (F.T.C. March 16, 2009). Available at http://www.ftc.gov/sites/default/files/documents/cases/2009/03/090320genicacmpt.pdf; Microsoft, 134 F.T.C. at 711–712.
  53. 53.
    E.g., In re Compete, Inc., FTC File No. 102 3155, No. C-4384 (F.T.C. February 20, 2013). Available at http://www.ftc.gov/sites/default/files/documents/cases/2013/02/130222competecmpt.pdf (charging company with failing to strip personal information before transmission of data to servers).
  54. 54.
    In re Toysmart.com, FTC File No. X00 0075, No. 00-11341 RGS (F.T.C. July 21, 2000) (Swindle, Comm’r, dissenting). Available at http://www.ftc.gov/sites/default/files/documents/cases/toysmartswindlestatement_0.htm.
  55. 55.
    Federal Trade Commission. In the Matter of Uber Technologies, Inc., Complaint. FTC File No. 152 5034. Retrieved from https://www.ftc.gov/system/files/documents/cases/170206_vizio_stipulated_proposed_order.pdf.
  56. 56.
  57. 57.
    Sims, P. (2014). Can We Trust Uber?—Silicon Guild. Retrieved from https://thoughts.siliconguild.com/can-we-trust-uber-c0e793deda36.
  58. 58.
    Federal Trade Commission. Analysis of Proposed Consent Order to Aid Public Comment In the Matter of Craig Brittain File No. 132 3120. Federal Trade Commission. Retrieved from https://www.ftc.gov/system/files/documents/cases/150129craigbrittainanalysis.pdf.
  59. 59.
    E.g., In re H&R Block, Inc., 80 F.T.C. 304, 304–09 (1972) (complaint) (discussing notice-related reasons for FTC violation). E.g., In re Sears Holdings Mgmt. Corp., FTC File No. 082 3099, No. C-4264 (F.T.C. Aug. 31, 2009) [hereinafter Sears Complaint]. Available at http://www.ftcgov/sites/default/files/documents/cases/2009/09/090604searscmpt.pdf.
  60. 60.
    Federal Trade Commission. In the Matter of Lenovo (United States) Inc., Complaint. FTC File No. 152 3134. Retrieved from https://f.datasrvr.com/fr1/018/84049/1523134_lenovo_united_states_complaint.pdf.
  61. 61.
    Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy (p. 160). Cambridge University Press.Google Scholar
  62. 62.
    (15 U.S.C. Sec. 45(n)).Google Scholar
  63. 63.
    Federal Trade Commission. In the Matter of Facebook, Inc., (United States) Inc., Complaint., FTC File No. 092 3184 (July 27, 2012). Retrieved from https://www.ftc.gov/sites/default/files/documents/cases/2012/08/120810facebookcmpt.pdf.
  64. 64.
    Federal Trade Commission. In the Matter of Vizio, Inc., Stipulated Order for Permanent Injunction and Monetary Judgement. Retrieved from https://www.ftc.gov/system/files/documents/cases/170206_vizio_stipulated_proposed_order.pdf.
  65. 65.
    Francke, G. (2018). UK Facebook Investigation Offers Early GDPR Lessons—Law360. Retrieved from https://www.law360.com/articles/1031676/uk-facebook-investigation-offers-early-gdpr-lessons.
  66. 66.
    Whatsapp Blog. https://blog.whatsapp.com/499/Facebook? February 19, 2014.

Copyright information

© The Author(s) 2019

Authors and Affiliations

  1. 1.Foster School of BusinessUniversity of WashingtonSeattleUSA
  2. 2.Colorado State UniversityFort CollinsUSA

Personalised recommendations