Data Privacy Day 2012

Deserving of a fairly large yawn, the International Data Privacy Day came on a Saturday this year.  The US sponsors — who are basically large tech companies — can hardly be faulted for failing to elevate today to true holiday status.  In Europe, the festivities are equally lame.  Last year, it was not much different.

Why was January 28th even chosen to celebrate privacy?  Well, because it is generally recognized that the first stab at a statutory privacy scheme came into being on 28 January 1981 when the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was passed by the Council of Europe.  The purpose of this convention was to secure for residents respect for “rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him.”

It was actually in 1965 — 16 years earlier — when the US Supreme Court, in Griswold v. Connecticut, 381 U.S. 479 (1965), formally recognized that every US citizen enjoys a constitutional “zone of privacy” by way of the Bill of Rights. Indeed, probably the best known judicial wording on the subject was written in 1928 when Justice Brandeis wrote in a dissent:

The protection guaranteed by the Amendments is much broader in scope. The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings, and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone — the most comprehensive of rights, and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.

Olmstead v. Unites States, 277 U.S. 438 (1928) (Brandeis, J., dissenting)

Fast forward to January 23, 2012 and the case of United States v. Jones is decided by the Supreme Court.  It is the Court’s first look at how the Fourth Amendment applies to police use of GPS technology.  This fractured decision — only serving up a majority to agree with the view that the defendant’s Fourth Amendment rights were violated when a GPS device was attached to his jeep for 28 days — does provide an interesting glimpse into future rulings even though many relevant questions were left unanswered by the Court.

For example, Justice Sotomayor asks rhetorically:

it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.  This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks…Perhaps, as JUSTICE ALITO notes, some people may find the tradeoff of privacy for convenience worthwhile, or come to accept this diminution of privacy as inevitable, post, at 10, and perhaps not.

Justice Sotomayor may one day get the opportunity to expand on her dicta.  Although it is uncertain when that may happen, what is certain is that the privacy landscape will be quite different by the time Data Privacy Day 2013 rolls around.