This article has been written by guest author Scott Shackelford, Assistant Professor of Business Law and Ethics, Indiana University.
Defining Privacy in the Information Age
Privacy is the subject of literally thousands of scholarly and popular books and articles.[i] Despite this great effort, the old challenge of protecting civil liberties while also providing public safety, including cybersecurity, remains a critical question, especially in the Information age. Civil libertarians push for preserving Internet freedom, while many countries are increasingly anxious to protect critical national infrastructure, stop cyber espionage and cybercrime, and even prepare for cyber war.[ii] But does this inevitably mean the end of anonymity for Internet users? Not necessarily. According to Colonel Charles Williamson, “each nation has to strike a balance between cybersecurity and civil rights, especially privacy.”[iii] How nations accomplish this balancing act will go a long way in determining the extent of national regulation over cyberspace, as well as ultimately defining privacy in the Information age.
As with property and pornography, different countries define privacy in different ways. Nations around the world, in particular the common and civil law nations of Europe that share similar legal cultures with the United States, are grappling with how best to strike a balance between the competing rights of privacy and freedom of expression—both of which are critical to the functioning of democratic society. In the United States, for example, privacy law began as “the right to be left alone,”  whereas in Germany courts often grant privacy rights on a temporal basis. Simply put, if the public interest is defined broadly enough, then nations have a freer hand in intruding on citizens’ privacy protections.
Privacy concerns generally arise on the Internet in two circumstances. The first case involves businesses, as many surveys have indicated that privacy concerns are the main factor holding back e-commerce worldwide. This may in part be self-inflicted, as a May 2000 Federal Trade Commission (FTC) report found that while 90 percent of U.S. websites voluntarily display privacy policies, only 20 percent comply with them.[iv] Second, the impact of cyberspace on personal freedoms and human rights has been the focus of civil rights organizations worldwide. These groups note that privacy may be violated online in three primary ways: (1) the user’s IP address may be compromised, allowing an attacker to create a profile of the user by viewing all of the websites that they visit; (2) an attacker can clone temporary files called “cookies,” allowing an attacker to store information during subsequent visits to the same websites; and (3) website operators themselves can collect, store, and trade information with or without users’ tacit permission.[v] It is this second privacy concern that I focus on here.
Much of the problem with strengthening privacy online is due to the fact that we live in a time in which the very definition of privacy itself is being rewritten, often in a conflicting fashion. In an era in which the willingness of millions of people to sacrifice their personal privacy online is made manifest by an explosion in smartphone use and social networking. Facebook.com recently faced a wave of criticism from its more than 500 million users and backed down from proposed changes to its user agreement that would have made it nearly impossible to delete user profiles and protect private information.[vi] And while a growing number of people are choosing to broadcast every intimate detail of their lives through blogs, other users are fighting privacy violations due to court rulings requiring YouTube.com to hand over information about its clients’ viewing habits.[vii]
Thus, while some individuals wish to promote their freedom of expression even at the expense of their privacy, many others do not. Despite this disparity, current U.S. laws, where they exist at all, often maximizes freedom of expression at the expense of privacy in most circumstances. Technology has made it easier than ever to breach the increasingly sheer veil of privacy, whether by media, private investigation, workplace monitoring, or government surveillance. As a result, the debate about how best and when to protect privacy in a digital world, as encapsulated by the Facebook and YouTube sagas, is playing out in courtrooms around the world with widely varying results. And despite the presence of guiding international law on the subject, privacy rights have not converged in countries even as similar as Europe and the United States, though there has been increasing intra-European convergence. Many nations agree in principle for example that the individual’s right to privacy is a human right recognized in international treaties, including the UDHR and the 1966 International Covenant on Civil and Political Rights.[viii] But it is answering what constitutes infringement of this right that cultural differences begin to arise. Breaches of privacy may constitute spying, taping conversations, taking pictures, and publicizing information in the press about an individual’s private life, depending on the jurisdiction.[ix]
Consequently, despite its acknowledged importance, the concept of individual privacy varies greatly across cultures—British paparazzi are commonly thought to be among the most intrusive in the world,[x] while in New Zealand celebrities enjoy relative privacy.[xi] For example, consider the vague Greek right to privacy, in particular that “one’s private life is considered to be the space set by the person itself within which he is considered to enjoy his private and family activities uninterrupted and without intrusions by third parties.”[xii] And these differences, especially between the United States and Europe, are growing ever more divergent. Defining privacy is critical, beyond merely economic reasons, since “the Internet presents unparalleled opportunities to collect, aggregate, and disseminate information about a person or to develop a profile on a person that might be used by governments, businesses, employers, one’s personal enemies, or other organizations.”[xiii] Greater efforts are needed to incentivize multilateral collaboration on privacy protections in line with international legal protections lest we prove Benjamin Franklin’s maxim “Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.”
 Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 193 (1890).
[i] See for example Fred Cate, Privacy in the Information Age 1 (1997).
[ii] Tom Gjelten, Does Averting Cyberwar Mean Giving Up Web Privacy?, NPR News, June 9, 2010, available at http://www.npr.org/templates/story/story.php?storyId=127575960.
[iii] Electronic interview with Col. Charles Williamson, Deputy Staff Judge Advocate, U.S. Air Force, Apr. 22, 2010.
[iv] Marcus Franda, Governing the Internet: The Emergence of an International Regime 159 (2001).
[v] Id. at 158.
[vi] Alan Cowell, Facebook Withdraws Changes in Data Use, N.Y. Times, Feb. 18, 2009, available at http://www.nytimes.com/2009/02/19/technology/internet/19facebook.html?hp. See also Scott Neuman, Facebook CEO’s Gift: Philanthropy or Image Control?, NPR News, Sep. 24, 2010, available at http://www.npr.org/templates/story/story.php?storyId=130101294&ft=1&f=1001.
[vii] Google must divulge YouTube log, BBC News, July 3, 2008, available at http://news.bbc.co.uk/2/hi/technology/7488009.stm (last visited Feb. 19, 2009).
[viii] Universal Declaration of Human Rights of 1948. GA Res. 217A (III), UN Doc. A/810, at Art. 12 (1948) (stating that “No one shall be subject to arbitrary interference with his privacy, family, home, or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of law against such interference or attacks”); International Covenant on Civil and Political Rights, G.A. Res. 2200A, 21st Sess., U.N. GAOR, art. 17, U.N. Doc. A/6456 (1966).
[ix] Public Figures and Right of Privacy in Greek Private Law, http://www.ucl.ac.uk/laws/global_law/publications/institute/docs/karakostas.pdf (last visited Feb. 17, 2009).
[x] See generally Wibke Ehlers, The Right to Privacy and Public Figures (2004).
[xi] New Zealand’s Privacy Act 1993, Privacy Amendment Act 1993, Privacy Amendment Act 1994, http://www.privacy.org.nz/slegisf.html.
[xii] See also P. D. Dagtoglou, Constitutional Law, Private Liberties 324 (1991); and A. Manesis, Constitutional Rights 229-30 (1982). For the proposed definitions in Greek and foreign literature see generally Michaelides-Nouaros, The inviolable of Private life and the Freedom of the Press (1983). This right is also enshrined in the Greek Constitution which provides for one’s freedom to develop his personality as he wishes. Greek Const., art. V.
[xiii] Franda, supra note iv, at 158.