In his latest weekly Wall Street Journal column, Gordon Crovitz has penned a review of the new Jeff Jarvis book, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live. Gordon’s review closely tracks my own thoughts on the book, which I laid out last week in my Forbes essay, “Is Privacy Overrated?” Gordon’s essay is entitled “Are We Too Hung Up on Privacy” and he finds, like I do, that Jarvis makes compelling case for understanding the benefits of publicness as the flip-side of privacy. Instead of repeating all the arguments we make in our reviews here, I’ll just ask people go check out both of our essays if they are interested.
I did, however, want to elaborate on one thing I didn’t have time to discuss in my review of the Jarvis book. While I like the approach he used in the book, I thought Jarvis could have spent a bit more time exploring some the thorny legal issues in play when advocates of privacy regulation look to enshrine into law quite expansive views of privacy “rights.”
One of the things that both Crovitz and I appreciated about the Jarvis book was the way he tries to get us to think about privacy in the context of ethics instead of law. “Privacy is an ethic governing the choices made by the recipient of someone else’s information,” Jarvis argues, while “publicness is an ethic governing the choices made by the creator of one’s own information,” he says. In my review, I explained why this was so important:
Jarvis’ approach to thinking about privacy and publicness in terms of ethics is particularly smart precisely because privacy is such a subjective human condition—a “conceptual jungle” and a “concept in disarray,” says law professor Daniel J. Solove, author of Understanding Privacy. Thus, a good case can be made for restraint when it comes to legislating to define and protect privacy. That doesn’t mean privacy isn’t important—it is. But how we go about “protecting” it needs to be balanced against other rights and responsibilities.
For example, we’d all agree with Thomas Jefferson and the Founders that we have a “right to pursue happiness,” but a right to happiness would be a different matter altogether. Government can’t guarantee happiness. It wouldn’t even be able to define it. The same is largely true of privacy. We certainly have the right to pursue private lives and take steps to secure facts about ourselves. At the margins, law can sometimes help us do so—most often by safeguarding us against fraudulent activities. And there are plenty of tools on the market that can help people protect their personal data. By contrast, legalistic efforts to define privacy as a strict “right” leads us back into that “conceptual jungle,” which is full of unintended consequences.
Let’s unpack this a bit more because if one agrees with the argument that Jarvis makes–that privacy is better thought of as a matter of ethics and social norms–it has important ramifications for ongoing efforts to speak of privacy in legalistic ways. It’s not that I’m against any sort of privacy “rights,” but I do believe it is important to acknowledge that other important values are at stake here and we must appreciate how increased privacy controls could conflict with them. “Recognizing that we are legislating in the shadow of the First Amendment suggests a powerful guiding principle for framing privacy regulations,” argues Kent Walker, a privacy expert who now serves as a general counsel at Google. “Like any laws encroaching on the freedom of information, privacy regulations must be narrowly tailored and powerfully justified.”
Ironically, many privacy advocates are strongly critical of copyright law and claim that, as currently structured, it represents an unjust or excessive information control regime. Yet, privacy regulation would constitute a stronger information control regime by creating the equivalent of copyright law for personal information, which would, in turn, conflict mightily with the First Amendment. [See my essays, "Two Paradoxes of Privacy Regulation" and "Privacy as an Information Control Regime: The Challenges Ahead." The rest of this essay borrows from those pieces as well as this big filing I submitted to the FTC in February.]
In his recent book Skating on Stilts, Stewart Baker reminds us that the famous 1890 Samuel Warren and Louis Brandeis Harvard Law Review essay on “The Right to Privacy”—which is tantamount to a sacred text for many modern privacy advocates—was heavily influenced by copyright law. As Baker explains:
Brandeis wanted to extend common law copyright until it covered everything that can be recorded about an individual. The purpose was to protect the individual from all the new technologies and businesses that had suddenly made it easy to gather and disseminate personal information: “the too enterprising press, the photographer, or the possessor of any other modern device for rewording or reproducing scenes or sounds.” [...] Brandeis thought that the way to ensure the strength of his new right to privacy was to enforce it just like state copyright law. If you don’t like the way “your” private information is distributed, you can sue everyone who publishes it.
Incidentally, it is important to recall that their call for such a regime was essentially driven by a desire to censor the press. In their article, Warren and Brandeis argued that:
The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.
So angered were Warren and Brandeis by reports in daily papers of specifics from their own lives that they were led to conclude that:
man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.
It is unclear how one could have greater “pain and distress” inflicted by words than “by mere bodily injury,” and yet the law review article that essentially gave birth to American privacy law articulated such a theory of harm. And it only follows, then, that they would advocate fairly draconian controls on speech and press rights if they felt this strongly.
Taken to the extreme, however, giving such a notion the force of law would put privacy rights on a direct collision course with the First Amendment and freedom of speech. As Eugene Volokh argued in a 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking about You”:
The difficulty is that the right to information privacy—the right to control other people’s communication of personally identifiable information about you—is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.
This is what makes efforts to untether privacy regulation from a harms-based model or mode of analysis so troubling. For example, the Federal Trade Commission’s recent privacy review says that “the FTC’s harm-based approach also has limitations [because] it focuses on a narrow set of privacy-related harms—those that cause physical or economic injury or unwarranted intrusion into consumers’ daily lives.” The Commission then suggests that “for some consumers, the actual range of privacy-related harms is much wider and includes reputational harm, as well as the fear of being monitored or simply having private information ‘out there,’” and suggests “consumers may feel harmed when their personal information… is collected, used, or shared without their knowledge or consent or in a manner that is contrary to their expectations.”
Not only does the Commission fail to offer any data on how this supposed harm manifests itself, how severe it is, or what trade-offs it presents to society, but it utterly fails to account for the dangerous slippery slope of speech control it puts us on. If appeals for regulation are based on emotion instead of concrete evidence of consumer harm, where will this take us next? If, for example, the Commission is to regulate based upon the fact that “consumers may feel harmed… when their personal information… in a manner that is contrary to their expectations,” how long will it be before some suggest this standard should trump First Amendment rights in other contexts?
For example, this more emotional approach to privacy regulation brings us one step closer to a “right not to be offended” or a “right to be forgotten,” as some in Europe favor. Here in the U.S., we see a similar effort underway with the so-called “Internet Eraser Button” idea, which has even been floated in federal legislation. How could a journalist even conduct their business in such a world? By their very nature, good reporters are nosy and, to some extent, disregard the privacy of the people and institutions they report on.
This is why privacy regulation must not be reduced to amorphous claims of “dignity” rights, where an assertion by a small handful that they “feel harmed” comes to replace a strict showing of actual harm to persons or property. To go down that path would have grave consequences for the future of freedom of speech, transparency, openness, and accountability.
Of course, there are many different types of privacy concerns, each of which demands its own analysis and legal consideration. While I think most privacy concerns should be left to the realm of personal responsibility, user empowerment, and industry self-regulation, other privacy issues are more serious and should be elevated to the level of “rights.” When we speak of government search and seizure or surveillance concerns, “rights” talk certainly makes more sense. Likewise, identity theft is more than just a violation of privacy, it’s a violation of personal property rights.
With such notable exceptions, however, I prefer we speak of privacy in terms of ethics and norms. Legalistic, rights-based conceptions of privacy invite excessive government interventions with myriad unintended consequences.