The Legal Right to Privacy: Origins and International Regulation

By Brooke Spens

Abstract

The concept of privacy is supported by no formal definition despite its popular usage in legal frameworks and the international codification of the “right to privacy”. A multi-faceted approach to the condition of privacy has been detailed by previous work in the lab. The objective of the following writing is to offer insight into the revelation of privacy in a legal context and its international application. This text recounts the development of “the right to privacy” beginning with the U.S. Constitution and the subsequent work of Warren and Brandeis, before the adaptation of privacy as a right in international regulation like the Universal Declaration of Human Rights (UDHR) and the emergence of data protections and privacy regulation in the digital era such as the General Data Protection Regulation (GDPR).

The Legal Right to Privacy

The existence of privacy in written law dates to interpretations of the United States (U.S.) Constitution and a late ninetieth century article by Samuel Warren and Louis Brandeis titled “The Right to Privacy”.[1] Scholars assert that the right to privacy originated in the common law system rather than continental law which is customary of fundamental rights. Paraphrased from “How the Right to Privacy Became a Human Right,” an established guarantee of the right to privacy was recognized as an international human right prior to its presence in a nation’s constitution.[2] Warren and Brandeis chose to substantiate their idea that privacy warranted legal protection and the “right to be let alone” with common law instead of isolating from it.[3] The effect of Warren and Brandeis’s work is substantial with early implementations of “The Right to Privacy” shaping judgements made by U.S. state courts before spreading to federal courts and beyond. The impact of “The Right to Privacy” expands beyond the courtroom, with a documented 3,678 academic citations in 2012, the second most-cited law review article of all time – a number that has likely grown.[4]Academic applications and court decisions further signify the widespread influence of the article on society’s perception of the right to privacy.

The U.S. Constitution does not explicitly delineate a right to privacy; however, the First, Third, Fourth, Fifth, and Fourteenth Amendments have contributed to the development of the right to privacy in the legal environment.[5] The First Amendment protects the right to an individual’s thoughts and beliefs and the Third indicates privacy of the home through restricting the quartering of soldiers in homes.[6] The Fourth Amendment text states “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...” without probable cause.[7] The Fifth Amendment regards the right against self-incrimination. The Fourteenth Amendment applied the Bill of Rights, or the first ten amendments in the U.S. Constitution, to African Americans who were formerly enslaved.[8] The amendment included the due process clause which declares that no person can be deprived of life, liberty, or property, without due process of law.[9] The particulars of constitutional provisions relevance to privacy have been adjusted through time with the ruling of cases such as Griswold v. United States, a case regarding the right to marital privacy that protected an individual's right to be free from legal interference.[10] The overturning of cases like Olmstead v. United States, a case regarding the legality of evidence obtained through phone taps, continued to expand the right to privacy in written law. Brandeis issued a dissenting opinion on the case stating:

“The protection guaranteed by the [4th and 5th] Amendments is much broader in scope. The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness…To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth”.[11]

In 1967, the precedent established by the majority against whom Brandeis dissented was overruled by Katz v. United States.[12] The case expanded the scope of the rights under the Fourth Amendment arguing that a citizen has a “reasonable expectation of privacy” that extends to areas outside of tangible intrusions.[13] This expansion of privacy rights combined with technological innovations opened a Pandora’s box that continues to be addressed today.

International Privacy Oversight

 The idea of privacy in a legal context differs between countries. Nations individually establish personalized guidelines to privacy and data protections, but it is common for states with partnerships such as the European Union (EU) to establish regulations such as the General Data Protection Regulation (GDPR) adhered to by all member states. While American ideology shaped much of the initial dialogue around the right to privacy, the formation of privacy and data protection as legal regulation has been led by the EU establishing data protections the likes of the GDPR. The GDPR was put into effect in May of 2018 and regulates the collection and processing of user data or "information concerning an identified or identifiable natural person.”[14] The 88-page document denotes requirements for organizations around the world with ties to the EU related to the types of data collected, the purpose of the data (“purpose limitations”), people’s privacy rights (consent, access, rectification, etc.), and penalties for failure to comply.[15] Despite the GDPR formally being confined to the EU, the scope of the regulation is much broader. Due to the Brussels Effect, or the ability of the EU to regulate the global marketplace given their level of influence, GDPR has become the standard for data protection – effectively globalizing privacy protections.[16] The GDPR provides valuable oversight for a market where utilizing personal data in business models has become highly incentivized. The incentivization of this market is supported by reports from The New York Times stating the digital advertisement industry is worth an estimated 350 billion dollars.[17]

GDPR is one of the latest iterations of privacy legislation; however, it was preceded and exists alongside several human rights initiatives and legal regulatory frameworks recognized by private companies and governments. Facebook and Google have publicly committed to the principles of the Global Network Initiative (GNI) based on human rights standards despite their participation in an industry fueled by the extraction and application of user’s personal data.[18] At the international level, provisions on privacy were drafted in through the Universal Declaration of Human Rights (UDHR) beginning as early as 1946.[19] Article 12 of the UDHR depicts the protection of the human right to privacy as “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”[20]Language similar to that of the U.S. Constitution.[21] Article 12 of the UDHR marked the start of the international codification of the right to privacy that has been foundational to privacy rights in the digital era. The International Covenant on Civil and Political Rights (ICCPR) echoes the wording of the UDHR when defining the right to privacy in Article 17. Through characterization of human rights in the UDHR and ICCPR legislation, the threat to freedom of thought, opinion, religion, and expression posed by the advanced exploitation of online data can be recognized.[22] One recent example of legislation involving the digital space includes the Office of the United Nations High Commissioner for Human Rights (OHCHR) issuing a report titled “The right to privacy in the digital age”.[23] This report assesses the right to privacy in the digital space and urges governments to implement measures based on the international human rights framework to remedy the privacy infringements originating from the development the digital age and resulting technologies such as big data and surveillance tools.[24]

The UDHR, ICCPR, OHCHR, and GDPR all concern the right to privacy and data protections on an international scale; nevertheless, individual countries have formed significant regulatory measures. According to the United Nations (UN), 137 of 194 countries have passed data protection legislation.[25] The U.S. has broadened its data privacy laws across both state-specific and industry-specific regulations since the early understandings of privacy. One example is California’s Online Privacy Protection Act of 2003 (CalOPPA). This act was the first state law requiring the disclosure of a privacy policy on websites and online services that collect the Personally Identifiable Information (PII) of California residents.[26] Industry-specific laws enforced in the U.S. include the Heath Insurance Portability and Accountability Act (HIPAA) which established the national standard for protecting patient’s information from disclosure without patient consent.[27] Since the inception of privacy in U.S. written law, it has expanded to protect vital areas of individual’s personal lives such as financial and health data and continues to be revised in order to meet the challenges prompted by emerging technologies and resulting data collection. Outside of the U.S., countries have implemented and redrafted progressive privacy laws in recent years. Argentina, Bahrain, Japan, Kenya, and Brazil among others have adopted data protection laws that apply to the collection of information on the citizens of their respective countries.[28] Australia’s Privacy Act first established in 1988 has been reformed to include principles such as rules around the purpose of consumer data collected and the expansion of user rights.[29] Australia is leading by example in the privacy sphere by recognizing the threats to privacy posed by the exploitation of data online among other risks and responding accordingly through an ongoing process. This work follows the idea of privacy originating abnormally in the common law system and its adoption by international human rights law before solidifying itself as fundamental to human rights. Dozens of countries have taken steps towards ensuring the protection of citizen’s privacy both through individual legislation and legal partnerships previously detailed; however, states must continue working to remedy privacy missteps of the past while enacting the privacy protections of the future.

 

 

 

Anu, Bradford. “Globalizing European Digital Rights through Regulatory Power.” In Digital Empires: The Global Battle to Regulate Technology, by Bradford Anu, 324-. Oxford Academic, 2023. https://doi-org.ezproxy.lib.vt.edu/10.1093/oso/9780197649268.003.0010.

Chen, Brian X. “The Battle for Digital Privacy Is Reshaping the Internet - The New York Times,” September 16, 2021. https://www.nytimes.com/2021/09/16/technology/digital-privacy.html.

Czubik, Agnieszka. “‘The Right to Privacy’ by S. Warren and L. Brandeis – The Story of a Scientific Article in the United States.” Ad Americam 17 (2016): 211–19. https://doi.org/10.12797/adamericam.17.2016.17.16.

Diggelmann, Oliver, and Maria Nicole Cleis. “How the Right to Privacy Became a Human Right.” Human Rights Law Review, July 7, 2014. https://doi.org/10.1093/hrlr/nguo4.

Head, Tom. “Where Did the Right to Privacy Come From?,” October 28, 2019. https://www.thoughtco.com/right-to-privacy-history-721174.

Marmor, Andrei. “What Is the Right to Privacy?” Philosophy & Public Affairs 43, no. 1 (2015): 3–26. https://doi.org/10.1111/papa.12040.

“Regulation (EU) 2016/679 (General Data Protection Regulation).” Official Journal of the European Union, 2016. https://gdpr.eu/tag/gdpr/.

“Surveillance Giants: How the Business Model of Google and Facebook Threatens Human Rights,” November 21, 2019. https://www.amnesty.org/en/documents/pol30/1404/2019/en/.

The Constitution of the United States (1787). https://constitutioncenter.org/media/files/constitution.pdf.

United Nations – International Covenant on Civil and Political Rights (1966). https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights.

Warren, Samuel, and Louis Brandeis. “The Right to Privacy,” 1890. https://civilistica.emnuvens.com.br/redc.

 

 


[1]    Warren, Samuel, and Louis Brandeis. “The Right to Privacy,” 1890. https://civilistica.emnuvens.com.br/redc.

[2] Oliver Diggelmann and Maria Nicole Cleis, “How the Right to Privacy Became a Human Right,” Human Rights Law Review, July 7, 2014, https://doi.org/10.1093/hrlr/nguo4.

[3] Agnieszka Czubik, “‘The Right to Privacy’ by S. Warren and L. Brandeis – The Story of a Scientific Article in the United States,” Ad Americam

[4]  Czubik

[5] Tom Head, “Where Did the Right to Privacy Come From?,” October 28, 2019, https://www.thoughtco.com/right-to-privacy-history-721174.

[6] The Constitution of the United States.“The Constitution of the United States” (1787), https://constitutioncenter.org/media/files/constitution.pdf. The Constitution of the United States.

[7] The Constitution of the United States.

[8] The Constitution of the United States..

[9] The Constitution of the United States.

[10] Andrei Marmor, “What Is the Right to Privacy?,” Philosophy & Public Affairs 43, no. 1 (2015): 3–26, https://doi.org/10.1111/papa.12040. Marmor.

[11] Czubik.

[12] “Where Did the Right to Privacy Come From?” .Head.  

[13]  Head.

[14]  “Regulation (EU) 2016/679 (General Data Protection Regulation).” Official Journal of the European Union, 2016. https://gdpr.eu/tag/gdpr/.

[15]  “Regulation (EU) 2016/679 (General Data Protection Regulation).” Official Journal of the European Union, 2016. https://gdpr.eu/tag/gdpr/.

[16] Bradford Anu, “Globalizing European Digital Rights through Regulatory Power,” in Digital Empires: The Global Battle to Regulate Technology Bradford Anu, “Globalizing European Digital Rights through Regulatory Power,” in Digital Empires: The Global Battle to Regulate Technology, by Bradford Anu (Oxford Academic, 2023), 324-, https://doi-org.ezproxy.lib.vt.edu/10.1093/oso/9780197649268.003.0010.  

[17]  Brian X. Chen, “The Battle for Digital Privacy Is Reshaping the Internet - The New York Times,” September 16, 2021, https://www.nytimes.com/2021/09/16/technology/digital-privacy.html.  

[18]  “Surveillance Giants: How the Business Model of Google and Facebook Threatens Human Rights,” November 21, 2019. https://www.amnesty.org/en/documents/pol30/1404/2019/en/.

[19] (Diggelmann 2014)

[20] (Diggelmann 2014)

[21] (Diggelmann 2014)  

[22]  “Surveillance Giants: How the Business Model of Google and Facebook Threatens Human Rights,” November 21, 2019. https://www.amnesty.org/en/documents/pol30/1404/2019/en/.

[23] The Right to Privacy in the Digital Age – Report of the United Nations High Commissioner for Human Rights (2018).

[24] (The Right to Privacy in the Digital Age – Report of the United Nations High Commissioner for Human Rights (2018). https://documents.un.org/doc/undoc/gen/g18/239/58/pdf/g1823958.pdf?token=EKk9zsNzl3PNvfiNyM&fe=true.

[25] “Data Protection and Privacy Legislation Worldwide – United Nations Trade and Development,” December 14, 2021. https://unctad.org/page/data-protection-and-privacy-legislation-worldwide.

[26] “International & U.S. Data Privacy Laws And Regulations You Need To Know,” August 9, 2022. https://cdp.com/basics/international-u-s-data-privacy-laws-and-regulations-you-need-to-know/.

[27] (No author 2022)

[28] (No author 2022)

[29] “Data Protection and Privacy Laws,” 2019. https://id4d.worldbank.org/guide/data-protection-and-privacy-laws.

@BitsBytesRights