Len Niehoff is Professor from Practice at the University of Michigan Law School, where he teaches courses in civil procedure, ethics, evidence, First Amendment, law & theology, and media law. He writes regularly in all of these fields. He is also Of Counsel to the Honigman law firm. The opinions expressed here are his own.

Wednesday, August 16, 2017

Privacy: We Are All Internationalists Now


A Review of Ronald Krotoszynski, Jr., Privacy Revisited (Oxford 2016)


I began thinking seriously about privacy issues in 1984—appropriately, I suppose, given that year’s Orwellian connotations.

At the time, discussions about privacy law and policy tended to be highly parochial, in two senses.

First, they tended to be strongly geographically localized—for example, comparing the statutory privacy law of New York with the common law privacy of Michigan.

Second, they tended to be conceptually localized—for example, analyzing privacy as a protection afforded by tort law or as a right of substantive due process or as insulation from unreasonable searches and seizures or as a legislative restriction on institutional data usage.     

A cliché declares that the Internet changed everything. I’m skeptical about that claim, but at a minimum it clearly changed the workability of these parochial frameworks.

As an initial matter, the Internet forced us to think about privacy not just locally but globally.

Over time, the Internet transformed the vast majority of enterprises into entities with an international presence. For example, most local publishers became international publishers by virtue of their web presence.

Consider: when I entered practice in 1984, a consumer could get my client’s newspaper, The Detroit News, in Michigan, northern Ohio, and Windsor, Canada, and that was about it. Now its content is available to anyone, anywhere in the world, who can access its website.

Corporations and other enterprises suddenly had to start thinking about the requirements of foreign legal regimes—at least to the extent that they had assets or personnel abroad.

If these developments escaped anyone’s notice, that was corrected in 2014 when the Court of Justice of the European Union ruled in the so called "Google Spain case" that a Spanish citizen had a privacy right (often misnamed a “right to be forgotten”) that was enforceable against U.S.-based Google. As a result, Google has had to devote substantial resources to processing de-indexing requests from individuals hungry for more obscurity than the Internet otherwise offers them.

But these developments did not just unsettle our geographic parochialism. They also challenged the prevailing approach of separating privacy into distinct doctrinal compartments.

The court in Google Spain proceeded as if it had developed an overarching and unified theory of privacy that could be applied generally to lots of different kinds of information—literally, the entire universe of information available on the Internet.

In that sense, the ruling raised—even if indirectly—a number of foundational questions for all of us: Is that court’s theory viable and intellectually coherent? When we talk about privacy, are we talking about one thing or many things? Are there other possible unified theories of what privacy is and what it protects? Does U.S. privacy law reflect such a theory? Or does U.S. privacy law simply lump together under one label a variety of concepts that are, on close inspection, largely unrelated?

As a result of all this change, there is an urgent need for resources to help us think about privacy in the transnational context—and not just about the competing legal regimes, but also about the cultural and social norms that drive them and the vision of privacy that they reflect.

A number of books have made important contributions on this front; in my view, one of the best is Ronald Krotoszynski’s Privacy Revisited: A Global Perspective on the Right to Be Left Alone (Oxford 2016). It is, in my view, essential reading for anyone interested in the privacy field today.

Prefaces are often optional reading, but the preface to this book provides critical context for the discussion that follows. In it, Krotoszynski identifies a number of themes that should inform any comparative inquiry into privacy law and policy. I will mention a few here, framed as questions:

* What are the respective roles of legislatures and the courts in creating and interpreting privacy law?

*   Is privacy a negative or positive right?

*   Is proportionality analysis—that is, balancing—useful to privacy law?

*   Is privacy about dignity, reputation, personal honor, or all of these, or something else altogether?

*   Is privacy simply a civility norm? If so, is it appropriate to enforce it through the law?

*    Privacy from whom? The government? Private actors? Both?

*  Is privacy in tension with free expression or does it facilitate that right—for example, by resisting the surveillance state?

Different legal regimes have answered these questions in different ways.

After an introductory chapter that stresses the protean nature of privacy law and policy, the book embarks on its comparative project. The ensuing chapters take a close look at privacy law in the United States, Canada, South Africa, the United Kingdom, and as interpreted by the European Court.

A short review cannot explore these nuanced and well-researched chapters in detail. But it may be worth highlighting some of the provocative differences between U.S. and European privacy law that Krotoszynski discusses.

Let’s start here: U.S. privacy law is an assemblage of distinct doctrines protecting various interests that are, perhaps, not obviously related.

These include autonomy interests (for example, protected by the substantive due process right to terminate a pregnancy), interests against government invasiveness (for example, protected by the fourth amendment right to be free from unreasonable searches and seizures), property interests (for example, protected by the claim of intrusion in tort law and by the law of trespass), interests related to the control over personal information (for example, protected by the public disclosure claim in tort law and by statutes like HIPAA and FERPA), and so on.

Given this wide range of purported privacy protections, one might assume that U.S. law would align fairly well with that of other regimes that have construed privacy rights expansively, like that being developed by the European Court. But that is not the case. To the contrary, as Krotoszynski observes, “In a very real sense, privacy in the EU and privacy in the United States have relatively little to do with each other.”

This is so in a variety of respects.

Because the Supreme Court of the United States has interpreted the First Amendment as providing such broad and resilient protection to free expression, that right trumps competing privacy interests much more often under U.S. law than European law.

Further, the U.S. has shown relatively little interest in some issues that have deeply concerned European authorities, such as data mining. This may be the result of distinctively American anxieties about government overreach into economically profitable activity.

The European Court has recognized a right to be “private in public.” This is a notion that a U.S. court would view as incoherent.  For example, Krotoszynski discusses the Egeland & Hanseid v. Norway case (where the court upheld a privacy claim by women who were convicted of three counts of murder and complained over having their picture taken outside the courthouse) and Sciaccia v. Italy (where the court upheld a privacy claim over the publication of a photo of an arrested defendant who had not consented to the picture). The results in these cases are all but unthinkable in an American court.

In Europe, both courts and legislatures have shown a willingness to enforce civility norms. America, in contrast, essentially has “no law of civility.”

And the European jurisprudence is largely driven by proportionality analysis: once the court finds that the right to privacy has been violated, then its role is to balance the degree of the infringement against the state’s justification for the regulation or action. For a variety of reasons, U.S. courts have generally been skeptical of ad hoc balancing tests, particularly where rights claims are involved.

It seems clear that everyone has more thinking to do.

Krotoszynski suggests in his conclusion that privacy and free speech interests are probably more reconcilable than our current jurisprudence recognizes.

But the E.U. approach is also far from perfect: there are good reasons to be concerned about applying balancing tests to matters of such import; such tests tend to yield uneven and unpredictable results, and we see this reflected in the apparent inconsistency of the E.U. decisions in this area.

This much is absolutely clear:

* Competing, and perhaps conflicting, privacy regimes will be bumping into each other with increasing frequency.

* We must talk with and learn from each other.

* We need the sort of excellent comparative work that Krotoszynski’s book embodies.  


* To borrow from the title of a book published twenty years ago about the emergence of multiculturalism: in the field of privacy, we must all be internationalists now.    

Tuesday, August 1, 2017

Privacy: Through the Rear Window



1954, a prophet foretold many of our current dilemmas in privacy law and policy. His name was Alfred Hitchcock. And the prophecy was his film, Rear Window.

In the movie, photographer L.B. “Jeff” Jefferies (played by James Stewart) finds himself with a broken leg and confined to a wheelchair. Stuck at home, but with plenty of telephoto lenses at his disposal, Jeff amuses himself by watching the world go by through the rear window of his apartment. His attention is increasingly drawn across the courtyard to the windows of his neighbors, whom he observes with deepening curiosity.

One night, Jeff hears a scream come from a nearby apartment occupied by a troubled couple, Lars Thorwald (played by Raymond Burr) and his wife. Later, he sees Thorwald take numerous nocturnal trips in and out of his building, always carrying a large sample case. The wife having vanished from sight, Jeff comes to believe that Thorwald murdered her, cut her into pieces, and is systematically disposing of the body.

Jeff involves his girlfriend Lisa, his visiting nurse Stella, and his policeman friend Lt. Doyle in his efforts to prove that Thorwald killed his wife. Thorwarld figures out what Jeff is up to and comes after him. Help arrives in the nick of time, saving Jeff from the murderous Thorwald, although not quickly enough to keep Jeff from falling out of the rear window and breaking his other leg.

Rear Window came out in 1954, decades before we started worrying about the high tech surveillance state, how the Internet monitors our behaviors, and the collection and dissemination of big data. But when I recently watched the film I was struck by how poetically it anticipates the dilemmas we now face.

On one hand, the film shows us the advantages of closely observed human activity. In one of the film’s subplots, Jeff watches over a young female neighbor who becomes increasingly desperate and potentially suicidal. And, of course, it is only through Jeff’s surveillance that the police are able to arrest Thorwald, a character played by Raymond Burr with such brilliant menace that he seems like the very embodiment of creepiness.

On the other hand, Jeff has some creepiness of his own.

Lt. Doyle cautions Jeff that there are parts of other people’s lives we’re not meant to see. He’s right, of course, but Jeff keeps watching anyway. The habit of surveillance is more easily got than got rid of.

Also, although some of Jeff’s snooping ends up serving a greater social good, along the way he takes in a lot of information that serves no higher end than his own idle curiosity. Like many systems of data capture, his telephoto lenses sweep with stunning overbreadth and without discretion.

Further, for all his looking out, Jeff does not want people looking in. At one point when Lt. Doyle is visiting Jeff he notices Lisa’s open suitcase with her lingerie visible. Jeff bristles at the intrusion.

And one of the most chilling moments in the film occurs when Thorwald, realizing that he’s been watched, peers across the courtyard and through the rear window into Jeff’s apartment. Jeff draws violently back into the shadows, the observer recoiling at the thought of being observed.

Of course, Jeff can look through all of these windows because his neighbors opened them to get some fresh air during an oppressively hot summer. And we might say that by doing so they assumed the risk that someone would get a glimpse into things they normally keep hidden from the world at large. It’s like a cinematographic representation of agreeing to a website’s privacy terms.

Indeed, it calls the same sorts of questions. Do these people realize how much of their privacy they’ve surrendered? Do they understand that someone is watching them through the enhanced capacities of a telephoto lens? Is the opening of the windows a reasoned calculation, or an act of blind trust, or a capitulation to the realities of comfort and convenience? It is, after all, easier to throw open the window and take your chances than it is to try to protect your privacy—so it was in 1954, so it is today.

There is surely a required reading list for those interested in privacy law and policy. In an upcoming blog post, I will review a book that I think belongs on that list: Privacy Revisited: A Global Perspective on the Right to Be Left Alone by Professor Ronald J. Krotoszynski, Jr., of the University of Alabama School of Law.

But perhaps there should be a required “watching list”—the pun is intended—as well. If so, then in my judgment Rear Window should be near the top. Cue it up and grab your popcorn—but only after you’ve drawn the shades.