Privacy Rights – To Enumerate or Not to Enumerate, That is the Question

Submitted by Gene Howington, Guest Blogger

Reasonable people tend to agree there is both a right to privacy and that it is necessary.  But what exactly is the right to privacy? Justice Brandeis famously said in Olmstead v. U.S., 277 U.S. 438, 479 (1928), “The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the government, the right to be let alone-the most comprehensive of rights and the right most valued by civilized men. To protect, that right, every unjustifiable intrusion by the government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth.” Plainly put, at its heart a right to privacy is simply a right to be let alone.

However, do we need to specifically protect it or generally protect it? Is that right absolute? Laws, by definition and the nature of entering a social compact, are restrictions on absolute liberty found in the state of nature. One of the larger disagreements at the Constitutional Convention was about whether enumerated rights would serve to unjustly limit those rights versus a failure to enumerate rights would result in rights not being properly protected. This is a valid question surrounding this issue, especially since some would advocate enumerating the right to privacy by Constitutional amendment. There are advantages and disadvantages to both approaches. While specifically defining/enumerating a right creates a foundation for arguments surrounding said right, leaving a right’s definition nebulous allows jurisprudence greater leeway to evolve around fact specific instance and questions that in the long run can result in a more nuanced understanding and application of the right without the constraints a foundational definition might impose. In this light, consider the right to privacy.

There is no denying the intimate interrelation between technology and privacy. This relationship has been long recognized by jurists. As Justice Brandies along with his law partner Samuel Warren noted in an 1890 Harvard Law Review article discussing the technology/privacy nexus, “Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right ‘to be let alone.’ Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.'” [cites omitted] All questions of applied technology and law can be a double-edged sword; one side honed by often valid public policy concerns and legitimate purpose, the other honed by the caprice of unintended consequences.  If the proposed solution to bolstering the right to privacy lay in Constitutional amendment, the wording of such an amendment would need to be very carefully made. A recently proposed EU law on its face seems to be an attempt to bolster the right “to be let alone”. Dubbed the “right to be forgotten” on the Internet and set to go into effect in 2014, this law illustrates some of these unintended and potentially dangerous  consequences of either being too specific or in lacking enough specificity in defining rights.    Let’s examine the scope of the issue by first looking at the EU law and its potential consequences followed by examining the contrast provided by American jurisprudence surrounding the right to privacy.

The dangers presented by the proposed EU law stem largely from the definition of privacy being overly broad.  Jeffery Rosen’s excellent article,  “The Right to be Forgotten” by Jeffery Rosen, 64 Stan. L. Rev. Online 88 (2012), served as introduction to the proposed legislation. Rosen clearly points out the hazards presented.  “Although [. . . ] depicted [. . .] as a modest expansion of existing data privacy rights, in fact it represents the biggest threat to free speech on the Internet in the coming decade. The right to be forgotten could make Facebook and Google, for example, liable for up to two percent of their global income if they fail to remove photos that people post about themselves and later regret, even if the photos have been widely distributed already. Unless the right is defined more precisely when it is promulgated over the next year or so, it could precipitate a dramatic clash between European and American conceptions of the proper balance between privacy and free speech, leading to a far less open Internet.

In theory, the right to be forgotten addresses an urgent problem in the digital age: it is very hard to escape your past on the Internet now that every photo, status update, and tweet lives forever in the cloud. But Europeans and Americans have diametrically opposed approaches to the problem. In Europe, the intellectual roots of the right to be forgotten can be found in French law, which recognizesle droit à l’oubli—or the ‘right of oblivion’—a right that allows a convicted criminal who has served his time and been rehabilitated to object to the publication of the facts of his conviction and incarceration. In America, by contrast, publication of someone’s criminal history is protected by the First Amendment, leading Wikipedia to resist the efforts by two Germans convicted of murdering a famous actor to remove their criminal history from the actor’s Wikipedia page.

European regulators believe that all citizens face the difficulty of escaping their past now that the Internet records everything and forgets nothing—a difficulty that used to be limited to convicted criminals. When Commissioner Reding announced the new right to be forgotten on January 22, she noted the particular risk to teenagers who might reveal compromising information that they would later come to regret. She then articulated the core provision of the ‘right to be forgotten’: ‘If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.’

In endorsing the new right, Reding downplayed its effect on free speech. “It is clear that the right to be forgotten cannot amount to a right of the total erasure of history,” she said. And relying on Reding’s speeches, press accounts of the newly proposed right to be forgotten have been similarly reassuring about its effect on free speech. In a post at the, Why Journalists Shouldn’t Fear Europe’s ‘Right to be Forgotten, John Hendel writes that although the original proposals a year ago ‘would have potentially given people the ability to cull any digital reference—from the public record, journalism, or social networks—they deemed irrelevant and unflattering,’ Reding had proposed a narrower definition of data that people have the right to remove: namely ‘personal data [people] have given out themselves.”According to Hendel ‘[t]his provision is key. The overhaul insists that Internet users control the data they put online, not the references in media or anywhere else.'”  This is a fine distinction, but unfortunately not reflected by the final form of the legislation.

Rosen goes on to note “Hendel seems not to have parsed the regulations that were actually proposed three days later on January 25. They are not limited to personal data that people ‘have given out themselves’; instead, they create a new right to delete personal data, defined broadly as ‘any information relating to a data subject.’ For this reason, they arguably create a legally enforceable right to demand the deletion of any photos or data that I post myself, even after they’ve gone viral, not to mention unflattering photos that include me or information about me that others post, whether or not it is true.”

Citing a blog post made by Peter Fleischer, chief privacy counsel of Google, Rosen goes on to discuss the EU law in light of the three categories of take down notice Fleischer notes the legislation would effectively create.  The “right to be forgotten” as discussed in Europe and proposed at the end of January arguably covers all three of Fleischer’s categories.  He goes on to illustrate how each of these categories and applications pose progressively greater threats to free speech.

“The first category is the least controversial: ‘If I post something online, do I have the right to delete it again?’ This involves cases where I post a photo on Facebook and later think better of it and want to take it down. Since Facebook and other social networking sites already allow me to do this, creating a legally enforceable right here is mostly symbolic and entirely unobjectionable. As proposed, the European right to be forgotten would also usefully put pressure on Facebook to abide by its own stated privacy policies by allowing users to confirm that photos and other data have been deleted from its archives after they are removed from public display.

But the right to delete data becomes far more controversial when it involves Fleischer’s second category: ‘If I post something, and someone else copies it and re-posts it on their own site, do I have the right to delete it?’ Imagine a teenager regrets posting a picture of herself with a bottle of beer on her own site and after deleting it, later discovers that several of her friends have copied and reposted the picture on their own sites. If she asks them to take down the pictures, and her friends refuse or cannot be found, should Facebook be forced to delete the picture from her friends’ albums without the owners’ consent based solely on the teenager’s objection?

According to the proposed European Right to Forget, the default answer is almost certainly yes. [. . .] For a preview of just how chilling that effect might be, consider the fact that the right to be forgotten can be asserted not only against the publisher of content (such as Facebook or a newspaper) but against search engines like Google and Yahoo that link to the content. The Spanish Data Protection authority, for example, has sued Google to force it to delete links to embarrassing newspaper articles that are legal under Spanish law. And suits against third party intermediaries are also threatening freedom of speech in Argentina, as the case of Virginia Da Cunha shows. The Argentine pop star had posed for racy pictures when she was young, but recently sued Google and Yahoo to take them down, arguing that they violated the Argentine version of the ‘right to be forgotten.’ Google replied that it could not comply technologically with a broad legal injunction demanding the removal of the pictures, and Yahoo said that the only way to comply would be to block all sites referring to Da Cunha for its Yahoo search engines. Nevertheless, an Argentine judge sided with Da Cunha and after fining Google and Yahoo, ordered them to remove all sites containing sexual images that contained her name. The decision was overturned on appeal, on the grounds that Google and Yahoo could only be held liable if they knew content was defamatory and negligently failed to remove it. But there are at least one hundred and thirty similar cases pending in Argentine courts demanding removal of photos and user-generated content, mostly brought by entertainers and models. The plaintiffs include the Sports Illustrated swimsuit model Yesica Toscanini; when a user of Yahoo Argentina plugs her name into the Yahoo search engine, the result is a blank page.

Finally, there is Fleischer’s third category of takedown requests: ‘If someone else posts something about me, do I have a right to delete it?’ This, of course, raises the most serious concerns about free expression. The U.S. Supreme Court has held that states cannot pass laws restricting the media from disseminating truthful but embarrassing information—such as the name of a rape victim—as long as the information was legally acquired.

The proposed European regulation, however, treats takedown requests for truthful information posted by others identically to takedown requests for photos I’ve posted myself that have then been copied by others: both are included in the definition of personal data as “any information relating” to me, regardless of its source. [. . . ]

It’s possible, of course, that although the European regulation defines the right to be forgotten very broadly, it will be applied more narrowly. Europeans have a long tradition of declaring abstract privacy rights in theory that they fail to enforce in practice. And the regulation may be further refined over the next year or so, as the European Parliament and the Council of Ministers hammer out the details. But in announcing the regulation, Reding said she wanted it to be ambiguous so that it could accommodate new technologies in the future. ‘This regulation needs to stand for 30 years—it needs to be very clear but imprecise enough that changes in the markets or public opinion can be maneuvered in the regulation,’ she declared ominously. Once the regulation is promulgated, moreover, it will instantly become law throughout the European Union, and if the E.U. withdraws from the safe harbor agreement that is currently in place, the European framework could be imposed on U.S. companies doing business in Europe as well. It’s hard to imagine that the Internet that results will be as free and open as it is now.” [cites omitted]

Meanwhile, back in the United States, there is no right to privacy proper recognized in the Constitution, i.e. privacy is not an enumerated right.  For this reason, many Originalists argue that there is no right to privacy protected by the Constitution. However, that is not only a reflection of the precise concern some of the Framers had about creating enumerated rights, it is also not borne out by the document itself. There are other rights specifically protected that include privacy components.

The 1st Amendment’s Free Exercise and Establishment Clauses protect the private choice of religious practice.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

The 3rd Amendment protects the privacy of your home.

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.”

The 4th Amendment protects the privacy of your property (including your home) from unwarranted search and seizure.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

The 5th Amendment recognizes that your private thoughts cannot be compelled as evidence against you in criminal court.

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”

The 9th Amendment arguably recognizes a general right to privacy.

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.”

The 14th Amendment, Cl. 1, recognizes a liberty interest (the Liberty Clause) similar to the 9th Amendment and applies that interest to the states via the Equal Protection Clause.

1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.”

Some 10thers (i.e. people who don’t recognize/understand the precedent that has evolved around the 1oth Amendment and State’s Rights) would argue that the 10th Amendment creates a specific right to privacy because it’s not enumerated and “[t]he powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.” This is specious reasoning because there is a clearly a Federal interest in privacy created by the 1st, 3rd, 4th, 5th, 9th and 14th Amendments. Many if not most 1others have an expressed interest in circumventing Federal anti-discrimination laws which are largely based upon the 14th Amendment by improperly invoking the issue of State’s Rights. For the purposes of this discussion, the use of the 10th Amendment for invoking privacy is not only improper, but unnecessary. While there may be valid State’s Rights issues out there, privacy isn’t one of them. It’s a right the Founders clearly considered (and considered important) even if they were not specific in addressing it.

In addition, there is considerable precedent developed in the jurisprudence surrounding the right to privacy defining both the right and the valid Federal interest in it.  For the sake of brevity, general cites to all cases referred to in the following paragraph are provided at the end of the article.  Meyer v. Nebraska held that there is a privacy interest in allowing schools to teach foreign languages to children earlier than the 8th grade. The reasoning in Meyer was based largely upon a failure by the state to show a compelling interest, but it recognized a common law liberty interest in “acquiring useful knowledge” and equated that interest to free exercise interests which are protected by the 1st Amendment.  Meyer and the 14th Amendment were later the basis for the ruling in finding a privacy interest Pierce v Society of Sisters in making private and/or parochial schools available and overturning a state law that would have effectively banned them. Griswold v. Connecticut held there is a privacy interest in the possession, sale, and distribution of contraceptives to married couples based largely upon the 9th and 14th Amendments.  Based on the 1st and 4th Amendment, in Stanley v. Georgia, the Court unanimously held there is a privacy interest in possessing and viewing pornography even if that pornography was otherwise actionable against a manufacturer or distributor. Famously in Roe v. Wade, the Court expounded upon the 9th and 14th Amendment privacy rights found in Griswold to recognize women have a privacy right to have an abortion. Some courts have expanded the right to privacy and others have imposed limits.  Using the rationales of both Griswold and Stanley in addition to protections found in the Alaska State Constitution, the Supreme Court of Alaska in Ravin v. State found constitutional protection for the right of a citizen to possess and use small quantities of marijuana in his own home.  In contrast, the 14th Amendment reasoning for privacy was limited by SCOTUS in Kelly v. Johnson, where a local regulation defining proper grooming for police officers didn’t violate the officer’s 14th Amendment rights, but noted that a regulation defining proper grooming for the public probably would (baggy pants attackers take note!). Cruzan v. Missouri Dep’t. of Health found a protected privacy interest in the decision to withdraw from life prolonging medical treatments while recognizing the state had a valid interest in imposing certain conditions on the exercise of rights in such decisions.  SCOTUS also reaffirmed a broad interpretation of privacy based on the 14th Amendment’s Liberty and Due Process Clauses in Lawrence v. Texas where they found Texas guilty of unconstitutionally infringing upon the rights of two gay men to their private lives and determine the nature of their private sexual lives by prosecuting them for a state law prohibiting sodomy.

Although it may seem unwieldy to prefer a case by case analysis of a nebulously defined right, it is clear that doing so does indeed allow for a more nuanced understanding of a right and allows better for unidentified challenges of that right to arise and filter through the courts where a more specific definition might prematurely terminate causes of action that could have merit and benefit greater justice for all.  Consider this flexibility in light such events as the advent of HIPPA and the repeated issues that appear around the privacy and opt out policies of electronic social networks like Facebook, Google and Twitter. Clearly there is a right to privacy and that right needs to be protected as does free speech and freedom of the press.  However, it seems to be just as easy to create conditions ripe for infringing upon free speech, freedom of the press and create an environment of historical revisionism as the EU law might in pursuit of privacy. Just so, it easy to not go far enough as many in the U.S. think is their current situation concerning privacy.

Would a right to privacy be better served by Constitutional amendment?  Or by relying upon precedent and regulation as technology evolves? Should those protections be specific or as general as possible? Can you foresee other potentially negative consequences of specifically defining and protecting privacy? Of generally defining and protecting privacy? How should America better protect the privacy rights of citizens?

What do you think?

Source(s): “The Right to be Forgotten” by Jeffery Rosen, 64 Stan. L. Rev. Online 88 (2012)Commission Proposal for a Regulation of the European Parliament and of the Council, art. 4(2), COM (2012) 11 final (Jan. 25, 2012) (.pdf), U.S. Constitution, The Atlantic.comMeyer v. Nebraska, 262 U.S. 390 (1923), Pierce vSociety of Sisters, 268 U.S. 510 (1925)Olmstead v. U.S., 277 U.S. 438 (1928),  Griswold v. Connecticut, 381 U.S. 479 (1965)Stanley v. Georgia, 394 U.S. 557 (1969)Roe vWade, 410 U.S. 113 (1973)Ravin v. State, 537 P.2d 494 (Alaska 1975)Kelley v. Johnson, 425 U.S. 238 (1976)Cruzan v. Missouri Dep’t. of Health, 497 U.S. 261 (1990)Lawrence v. Texas, 539 U.S. 558 (2003), “The Right To Privacy” by Samuel Warren and Louis D. Brandeis, 4 Harvard L. Rev. 193 (1890) (reprinted by University of Louisville)

UPDATE: Shortly after I posted this story, MSNBC ran a related story about privacy and Facebook, Google and Twitter. Can legislation and precedent help address this issue or is amendment needed?  General protection for privacy or specific protections?

~Submitted by Gene Howington, Guest Blogger

131 thoughts on “Privacy Rights – To Enumerate or Not to Enumerate, That is the Question”

  1. Eighteen months after the fall of the last human city, the war against
    the Locust rages on. GPSP is a highly compatible Gameboy Advance emulator.
    Most of the GBA’s top titles will run perfectly here.
    Summary: A search for the fabled “Atlantis of the Sands” propels fortune hunter Nathan Drake on a trek into the heart of the
    Arabian Desert. Without a job on the force, Max has left the greater New York area, and he finds himself in Sao Paulo, Brazil, working in the burgeoning field of private security.

  2. “Some 10thers (i.e. people who don’t recognize/understand the precedent that has evolved around the 1oth Amendment and State’s Rights) would argue that the 10th Amendment creates a specific right to privacy because it’s not enumerated and “[t]he powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.” This is specious reasoning because there is a clearly a Federal interest in privacy created by the 1st, 3rd, 4th, 5th, 9th and 14th Amendments.”

    Actually, since rights confer power, and the right of self ownership is inalienable, the Ninth amendment protects the right of privacy analytically; i.e. that which cannot be alienated must be retained.

    The constitution does not confer upon us a right to privacy through penumbras or otherwise; we simply never conferred it in the first place.

  3. Very interesting subject , thanks for putting up. “The maxim of the British people is ‘Business as Usual.'” by Sir Winston Leonard Spenser Churchill.


    2013 Federal Budget Limits Body Scanners, But Expands Domestic Surveillance

    “According to White House budget documents and the Congressional Testimony of Secretary Napolitano, DHS will not purchase any new airport body scanners in 2013. However, the agency will expand a wide range of programs for monitoring and tracking individuals within the United States. This includes the development of biometric identification techniques for programs such as Secure Communities. DHS will also seek funding for “Einstein 3,” a network intrusion detection program that enables surveillance of private networks. EPIC has urged the DHS to comply with the requirements of the federal Privacy Act, and is currently pursuing several Freedom of Information Act lawsuits against the agency.”


    [Trovicor’s] toolbox allows more than the interception of phone calls, e-mails, text messages and Voice Over Internet Protocol calls such as those made using Skype. Some products can also secretly activate laptop webcams or microphones on mobile devices. They can change the contents of written communications in mid-transmission, use voice recognition to scan phone networks, and pinpoint people’s locations through their mobile phones. The monitoring systems can scan communications for key words or recognize voices and then feed the data and recordings to operators at government agencies.

    Dutch member of the EU parliament Marietje Schaake has called on the EU Commission to investigate Trovicor and other companies that have sold surveillance equipment to Bahrain, along with Tunisia, Egypt, Syria, and Iran. EFF echoes MEP Schaake’s call for an investigation, as transparency about who these companies are selling to and what the technology is being used for is the first step towards solving the problem.

    In addition, EFF has recommended the EU and US push companies to adopt “know your customer” standards that would prevent them from selling surveillance technology to governments known for violating human rights. The EU and US can easily induce companies to adopt such policy by tying it to government contracts. This could help prevent these types of sales from happening again, as many companies, including Area SpA and Trovicor, also sell equipment to the Western government for legitimate lawful purposes.

    As long as these companies believe that it is okay to sell this technology to dictators, democracy activists, human rights activists, bloggers, and journalists around the world will continue to suffer.

Comments are closed.