By Colleen Johnson, Senior Cyber Legal Analyst, Sera-Brynn
Thoughts on the American perspective on privacy, its revolutionary origins, and that Gosh Darn Privacy Regulation, GDPR.
Supreme Court Justice Louis Brandeis is often credited with articulating the American perspective on the right to privacy. It was 1890. He called it “the right to be let alone.”
Fast track 218 years to the Friday before Memorial Day weekend 2018. That was the day the Internet rained down notices asking users to accept new privacy and cookie policies. All day long.
The cause was the new European privacy law, GDPR, which granted new rights to people in the European Union. Apparently, the Internet didn’t care that I was at Sera-Brynn HQ in Suffolk, Virginia and not Suffolk county of coastal England. I clicked anyway.
GDPR (which is really called the General Data Protection Regulation) gives “natural persons” (living people, not businesses) the right to control their personal data (which is a big, long list of data points) no matter where that data resides. This puts many U.S.-based companies in a tricky position. The law technically applies to them if they market goods or services to people in the EU, even if they don’t have any physical or human resources in the Union. Asking for website visitors’ consent is one of several ways to minimize risk under GDPR. As a result, the online world clicked many, many little boxes agreeing to updated terms that we did not read to continue to do the important stuff we do on the Internet.
In general, the concepts of GDPR make sense. Companies that gather up personal information on living, working, shopping people should have responsibilities to handle that data fairly — whether that data was received via an unsolicited business email, an online order, or more “invisibly” scooped up through cookies, web beacons, and other tracking devices.
But since when has a non-treaty law from outside our country actually caused such impact on American sales and marketing people? I don’t know. However, I do know that the right to privacy is an American story, with deep roots in history. And U.S. rules on digital privacy will naturally emerge in a way that follows the trajectory of American law, history, and culture.
On a recent drive to Washington DC, I listened to a series of excellent lectures by Professor Jeffrey Rosen, of The George Washington University Law School. During the height of the news coverage on Facebook’s testimony before Congress, my local library had stuck a big, plastic case of audio CDs on a shelf. It was called “Privacy, Property, and Free Speech: Law and the Constitution,” by the publisher Great Courses. It caught my eye (thank you librarians!). Traffic was ugly both ways, but I had these 24 lectures to keep my mind off it:
I learned from Professor Rosen that the American right to privacy goes back to the American colonists’ deep discontent over being forced to quarter British soldiers in their homes. King George III’s quartering acts ultimately led the colonists to rebel against England, declare and win independence, and write the Third Amendment to the Constitution, which prohibits the quartering of soldiers in our homes.
At the time, the expectation of privacy surrounding homes included private papers. Why papers? Because the thinkers of the day believed that written papers and journals were an extension of thought, which deserved protection. The right to freely write and express thoughts on paper was a democratic ideal.
Think about this: the U.S. Constitution was the original privacy-by-design product.
The First Amendment protects the privacy of thoughts, beliefs, and speech.
The Third Amendment protects the privacy of the home (no quartering soldiers).
The Fourth Amendment protects against unreasonable searches.
The Fifth Amendment protects the privacy of personal information so that it can’t be used for self-incrimination.
The Ninth Amendment protects additional fundamental rights outside those listed in the other amendments. It has been used to protect the right to privacy within marriage, as well as the right to choose or deny medical treatment.
Digital records, emails, website analytics, AI, big data … often these contain personal information which the Constitution was arguably designed to protect. The foundations for building a holistic American digital privacy scheme are there. They were baked in the cake (or pie) all along.
Happy Fourth of July.