Privacy Rights vs Architects of Our Own Doom
In recent months, I’ve noticed several comments in privacy literature that mention the importance of acknowledging the role individuals play in protecting their own privacy. In other words, those (like me) who have advocated strengthening privacy-protections in the digital age need to face the question of the balance between legal privacy protections on the one hand, and the responsibility of individuals to keep some measure of control over their personal information on the other. Of course, it’s harder to maintain as much control over personal information in the digital age than it is in the physical world. Nevertheless, most of us would acknowledge that individuals should take whatever reasonable measures they can to maintain the privacy/secrecy of things they do not want the world to see online. This balance between state imposed privacy protections and personal responsibility for private information raises a number interesting questions including:
1. How do we deal with the “inter generational issues” I mentioned in a previous post? In other words, if the younger generation really is less able to predict long term consequences of being lax with their private information, how paternalistic should the state be in protecting them from themselves?
2. Should we distinguish situations where people have disclosed private information to others in “real world” relationships from disclosures in online relationships? In other words, if we assume that the real world accommodates more gradations of relationships and it’s easier in physical space to decide who to trust and who not to trust, should we assume that the law should be less interventionist in the case of careless real world disclosures than in the case of online disclosures? An example of an online disclosure in this context would be a “friend” posting something about someone else on a Facebook page and the information ultimately being disclosed to “friends of friends”. Presumably in this scenario, it’s much easier for an individual to quickly, easily (and globally) lose all control of private information.
3. Should we treat public figures differently from private individuals in ascertaining whether someone has been so careless about their personal information as to merit limited or no legal intervention to protect their privacy? In other words, should public figures generally assume that they are under closer scrutiny than private individuals and thus be expected to take greater responsibility over their personal information than private individuals? This suggestion was made in the context of a public figure in the Mosley v News Group case (UK, 2008) that I blogged about over at The Faculty Lounge recently. In that judgment, Justice Eady does not suggest that there should be different rules for private and public figures, but does imply that a public figure who knows that he might be under some form of surveillance might be expected to take more care of his personal information (see discussion at paras 224-226 of the judgment).
I’m interested in others’ thoughts on these questions. Whenever I speak to others about privacy, someone usually comes up with the point about “personal responsibility”, and it’s often someone justifiably concerned about the First Amendment implications of state-imposed privacy protections. Thus, I’m sure that personal responsibility needs to be part of a the larger privacy equation. I’m just not 100% sure how it should play out in online communities in particular.