The right to privacy dates back farther than 1890, when Supreme Court Justice Louis Brandeis penned The Right to Privacy: “In the very early times, the law gave remedy only for physical interference with life and property, for trespasses vi et armis” [by force and arms] (Brandeis, 1890). However, in today’s society, privacy has become more complex than simply “physical interference.” The birth of the World Wide Web has created a new landscape for which current legal standards are inadequate. “The law’s struggle to conceptualize privacy has often stunted its ability to adapt to rapid technological change. That has been especially true with the Internet’s rapid rise as courts grapple to define the contours of privacy in cyberspace” (Hartzog, 2013, pg. 51).

Privacy is both an important and controversial topic in our ever-evolving, technologically driven, digital world, and for public relations professionals, can have a profound impact on public relations practice. Thanks to the Internet and social media, personal privacy has been revolutionized, public figures and private figures are becoming increasingly difficult to discern, and until changes in the law occur, privacy violations in an Internet environment are hard to determine. “The proper legal response to the issue of social media and privacy has proven elusive because there is no fixed conceptualization of privacy” (Hartzog, 2013, pg. 51).

This paper examines privacy as it relates to the Internet, how it has changed the concept of personal privacy, and how the legal standards we use today are inadequate in our Internet and social media driven environment. It addresses the need for consistent, thorough digital privacy laws, and analyzes the impact of these laws on public relations practice in a digital world.

This paper explores the following research questions related to privacy and the Internet:

How has the concept of personal privacy changed since the birth of the World Wide Web thirty years ago? Are the legal standards we use to determine whether privacy violations have occurred adequate in an Internet environment? What changes should be made in the law to adequately determine whether privacy violations have occurred in an Internet environment?

Privacy and the Internet: Background & Applicable Cases

In general, the right to privacy is “most often protected by statutory law” (Sharp, 2013), with the Health Information Portability and Accountability Act (HIPAA) protecting an individual’s health information, and the Federal Trade Commission (FTC) “enforcing the right to privacy in various privacy policies and privacy statements” (Sharp, 2013). Similarly, the Privacy Act of 1974 “prevents unauthorized disclosure of personal information held by the federal government” (Sharp, 2013). However, the right to privacy itself is not blatantly stated in the Constitution, but is rather addressed in particular amendments. Beginning with the Bill of Rights, ratified in 1791, the Founding Fathers “drafted amendments that cover a very limited scope of protection of personal space” (Alben, 2015), and certainly could not imagine the advances in technology that would take place hundreds of years later.

Presently, the landscape has changed. With the creation of the Internet and social media, the concept of personal privacy is different than it was a century ago, or even forty years ago. The current privacy laws and privacy torts are unfortunately inadequate in addressing digital privacy.

The Internet Reinvents the Concept of Personal Privacy

First, the distinction between a “public figure” and “private figure” is becoming increasingly difficult to decipher, due to the Internet and social media platforms: “The Rosenbloom plurality opinion, by Justice Brennan, expressed: “Voluntarily or not, we are all ‘public’ men to some degree.” Justice Brennan’s words ring even more true in the digital age. What the Gertz framework may have once offered in clarity or ease of administration no longer makes up for what it sacrifices in terms of accuracy. In the age of “microcelebrity,” fame — along with its associated benefits and burdens — is distributed along a spectrum, not according to a dichotomy” (Lat & Shemtob, 2011, pg. 413). The Internet has turned what many would previous deem “private figures” into what could now be argued as public figures.

Similarly, some argue that publishing information online automatically waives a right to privacy. “Commentators frequently argue that people who expose their deep secrets online do not value their privacy. Courts find they have no expectation of privacy. The unprecedented sharing of private information on the Internet is leading some to herald the demise of privacy” (Hartzog, 2013, pg. 51). However, this should not be the case. Rather, laws will need to “catch up” to our technological advancements to protect digital privacy, even among self-disclosure scenarios.

Second, the “traditional remedy for harms resulting from the publication of private information is the tort of public disclosure of embarrassing private facts, also known as “the disclosure tort,” (Hartzog, 2013, pg. 52). The disclosure tort is flawed, leaving it difficult to determine when “expectations of privacy are reasonable and when First Amendment concerns take precedence, rendering it largely toothless to privacy harms occurring via social media” (Hartzog, 2013, pgs. 52-53). This tort expects judges to make subjective determinations regarding reasonable privacy expectations, and allows for a subjective interpretation of private versus public information. Similarly, this tort does not protect self-disclosed private information: “Online self-disclosure lies at the heart of the problem posed by social media. The rampant self-disclosure of personal information concomitant with an expectation of privacy is a problem because courts have struggled to determine whether and to what degree self-disclosed information is private” (Hartzog, 2013, pg. 54).

Third, personal privacy across the Internet may be subject to terms of use, which are likely to be different across different platforms. In United States v. Hart, “the government sought and obtained personal information from an email the defendant allegedly used to commit a crime. As part of the email registration process, the defendant consented to terms of service that required the user to acknowledge that his personal information might be disclosed to comply with legal process” (Hartzog, 2013, pg. 61). It is difficult to determine whether or not the user knowingly complied, or failed to read the terms of the user agreement for this particular email server.

Inadequate Legal Standards in a Digital Age

The current legal standards for addressing privacy violations are inadequate for a digital environment. The “right to privacy” in its legal understanding extends to personal effects and property. For example, Antoine Jones was convicted of drug trafficking and sentenced to life in prison after police attached a GPS tracking device to Jones’s car and monitored the vehicle’s movement for a month. Although the Supreme Court ultimately ruled that the GPS tracking devise constituted as a “search,” and would thus require a warrant, Jones v. United States (2012) reminded: The Fourth Amendment ensures that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated. The reasonable expectation of privacy formulation are tied to common-law trespass” (United States v. Jones, 2012). How, then, can privacy violations in an Internet-driven world be determined if the right to privacy is tied only to physical property?

As Brandeis penned in 1890: “It is our purpose to consider whether the existing law affords a principle which can properly be invoked to protect the privacy of the individual; and, if it does, what the nature and extent of such protection is,” (Brandeis, 1890). Now, more than a century later, technological advancements like the Internet and social media have made it necessary to once again revisit the nature and extent of individual privacy protection in a digital era. “The traditional privacy torts are not well-suited to protect users of social media. It is becoming increasingly clear that the privacy torts, particularly the disclosure tort, are ineffective in many scenarios involving social media” (Hartzog, 2013, pgs. 51-54).

Legal standards for determining privacy violations are unable to interpret digital privacy violations, because so few exist. “Privacy laws, such as the Electronic Communications Privacy Act, are considered woefully antiquated” (Weckerle, 2013, pg. 251). For example, email older than 180 days receives no privacy protection, and, “under current law, it is possible to access these materials without a judge’s permission and simply with an administrative subpoena,” which “many privacy experts find disturbing,” (Weckerle, 2013, pg. 251).

Legal Analysis

From the Internet challenging the way we define public versus private figures, and the outdated privacy laws that cover only personal property, to the inadequate privacy torts that fail to cover social media, the current laws are unfortunately not enough to protect digital privacy.

The Internet redefining public figure hood versus private figure hood makes it difficult to determine wrongdoing in defamation cases, as the criteria for meeting the requirements are different for different figures. This has a profound impact on digital personal privacy as the Internet has created a vast landscape for defamation, libel, and slander against not only individuals, but also organizations.

The legal standards that are used to determine personal privacy violations are outdated for the current technology today. As Lat and Shemtob explained: “Applying old rules to new media does not make sense as a policy matter. It would prevent society from reaping the full rewards of new communications technologies” (2011, pg. 417). Similarly, the courts that are tasked with applying old laws to new technology are expectantly struggling. “Courts and lawmakers have struggled to determine whether and to what degree personal information disclosed on social media is private under traditional tort remedies and online agreements” (Hartzog, 2013, pg. 50).

Redefining the law is necessary as society evolves and technology advances. As Brandeis stated over a century ago: “That individuals shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection. Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the new demands of society,” (Brandeis, 1890). Brandeis’s outdated Right to Privacy reminded that in an ever-evolving society, there are times when old laws must be reevaluated, and new laws must be created.

Consistent Digital Privacy Laws are Vital

Changes in the law, more specifically, new digital privacy laws are absolutely necessary moving forward in our technology-driven world. From protecting an individual’s right to privacy across all digital platforms from misusing consumer information, to protecting an individual’s right to privacy from government intrusion across digital platforms, our current privacy laws and torts have no bearing on this new “location” – or lack thereof. As some states are beginning to enact digital privacy laws, there fails to be a national movement to provide consistency across the United States.

In 2015, California passed a landmark “Electronic Communications Privacy Act” which prohibits “any state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications – including emails, texts, documents stored in the cloud – without a warrant” (Zetter, 2015). The American Civil Liberties Union named California’s Act the “most comprehensive in the country,” (Zetter, 2015). State Senator Mark Leno spoke of the importance of the law as it relates to the digital landscape that now exists: “For too long, California’s digital privacy laws have been stuck in the Dark Ages, leaving our personal emails, text messages, photos and smartphones increasingly vulnerable to warrantless searches” (Zetter, 2015). While this law is certainly a step in the right direction for digital privacy, it unfortunately fails to account for the disclosure of other information across social media platforms, like self-disclosed data.

Law professor and privacy law expert, Daniel J. Solove, confirmed that current privacy laws are not sufficient for digital privacy, which he called a “privacy self-management model,” where users are informed of their legal rights and consent to data collection without knowing what it really entails (Weckerle, 2013, pg. 252). Solove condemn the biggest weakness: “It is impossible at the time of data collection for a person to make a sensible judgment about the future privacy implications” (Weckerle, 2013, pg. 252). Furthermore, he argued it is unfair an assumption to conclude that all users read the lengthy terms of service or terms of use that are agreed upon, or that these particular terms are even enforced.

Digital privacy laws are vital, and must be consistent throughout the country, as the Internet knows no geographic boundaries. Digital privacy laws – constitutional amendments specifically geared towards digital privacy – must address the right to privacy as it relates to the Internet, social media, and other relevant digital platforms. The laws must weigh national security concerns with an individual’s right to privacy, and these laws must specifically address the online environment that the Internet and social media have created.Continued on Next Page »