NEW DIMENSIONS IN PRIVACY LAW

Vol. 17 No.5 (May, 2007) pp.399-403

NEW DIMENSIONS IN PRIVACY LAW: INTERNATIONAL AND COMPARATIVE PERSPECTIVES, by Andrew T. Kenyon and Megan Richardson (eds). Cambridge: Cambridge University Press, 2006. 306pp. Hardback. $110.00/£60.00. ISBN: 9780521860741. eBook format. $88.00. ISBN: 9780511254871.

Reviewed by Lawrence E. Rothstein, Department of Political Science, University of Rhode Island. Email: LER [at] URI.EDU.

In the first chapter of NEW DIMENSIONS IN PRIVACY LAW, editors Andrew T. Kenyon and Megan Richardson introduce the subject matter of each of the following contributions. The central theme of the essays is the legal relationship between communication and privacy. In a somewhat piecemeal and at times repetitive manner, this collection of essays contrasts two perspectives on the notion of informational privacy. The “interest” perspective sees privacy as one interest among many, including free expression, free exchange and commercial exploitation of information, security and even curiosity. These interests must be balanced in the light of overall social utility. The “rights” perspective gives privacy a preferred, though certainly not absolute, position at least against those interests that are not characterized as rights. Thus privacy as a right may more easily trump commercial exploitation, curiosity and some aspects of security. A right of privacy still must be balanced against other rights such as free speech and press.

The contributing authors generally attribute the rights perspective to the comprehensive privacy legislation and jurisprudence of continental European countries, such as France and Germany, and the data protection directives and European Convention on Human Rights of the EU. They contrast this with the lack of a right to privacy recognized by British statutory or case law. Former British colonies such as the US, Australia and New Zealand have accepted a very limited right to privacy on specific topics while primarily balancing privacy as one interest against security, commercial and political interests in fragmented legislation and tort law rulings. Seven of the ten essays in the book discuss the 2004 British House of Lords decision in NAOMI CAMPBELL v. MGN, LTD., shoehorning Ms. Campbell’s suit challenging the tabloid exposé of her involvement with Narcotics Anonymous into a breach of confidentiality rationale even though no confidential relationship existed between her and those who took the pictures or wrote and published the story. Dicta in the case reference Article 8 of the European Convention on Human Rights (ECHR) and the British Human Rights Act of 1988, which address a right to respect for family life, home and correspondence, but the holding of the case falls far short of establishing such a right.

Three of the essays compare the CAMPBELL decision with the 2005 decision of the European Court of Human Rights in VON HANNOVER v. GERMANY, which upheld a broad right to privacy in all non-official activities of someone who is the subject of public [*400] interest and curiosity. In this case the European Court held that Princess Caroline of Monaco was deprived of her right of protection of private life when a magazine, without her permission, took and printed pictures of her shopping, riding a horse and doing other routine activities in public spaces. Gavin Phillipson, in Chapter 8, provides the most detailed comparison of these decisions.

In Chapter 2, Eric Barendt, Professor of Media Law at University College London, begins with a brief discussion of the two cases mentioned in the preceding paragraph where arguably privacy is opposed to free speech. He cautions that freedom of the press, particularly when exercised by a corporate entity, is not congruent with free speech exercised by a real person. He wishes to break away from the commonplace that privacy and freedom of expression are usually at odds. He argues that often privacy supports free speech because a concern for the integrity and development of the human identity and personality underlay both of these rights. He notes that the confidentiality and privacy of a conversation is often what makes full and free expression in that conversation possible. As examples he cites the European Court of Human Rights’ consideration of prisoner correspondence under the privacy article of the ECHR (Article 8) as well as the freedom of expression article (Article 10), journalists’ claim of privilege to maintain confidentiality and privacy of sources as a protection of the sources’ freedom of expression as well as freedom of the press, the ability to block caller ID as protecting both the privacy and freedom of expression of the callers, and the restrictions on spam and telemarketing protecting both the privacy of the targeted recipients and their ability to use the telephone system and the internet freely to receive and communicate desired information. Barendt asks courts and decision makers to recognize that the protection of one entity’s freedom of expression, when that violates another’s privacy, may also impact that other’s freedom of expression.

Brian Murchison, of Washington and Lee Law School, attributes the weakness of the American tort action for public disclosure of private facts to the lack of a strong theoretical analysis of privacy. He argues that courts simply take the media’s interest and the public’s curiosity about certain matters as establishing the public nature of the facts disclosed. The classic case was SHULMAN v. GROUP W PRODUCTIONS, where a rescue team responded to an accident with a microphone-wired nurse and a camera crew. Recordings were made of the expressions of pain, disorientation, condition and treatment of the mother and son trapped in the car and broadcast as part of a news special on emergency medicine. The California Supreme Court agreed with the defendant producers of the show that the footage was relevant to a matter of public concern, “the rescue and medical treatment of accident victims,” and that the airing of the footage was not the public disclosure of private facts.

Murchison’s position is that American courts, particularly the Supreme Court, have failed to articulate the importance of privacy as a major protection of [*401] human dignity. He argues that Supreme Court libel decisions, such as NEW YORK TIMES v. SULLIVAN, have usurped the human dignity analysis and focused it on the dignity of political participation furthered by free political expression rather than the dignity of personal development through private relationships. As does Barendt, Murchison notes that concentration on protection of public speech and the media’s disclosure of private facts can burden private speech. He sees some hope in dicta contained in the opinions of Justices Stevens, Breyer and O’Connor in BARTNICKI v. VOPPER (2001). These opinions, while upholding the disclosure of private conversations of union officials recorded in apparent violation of the Electronic Communications Privacy Act, also noted the importance of private speech.

In “The Internet and Private Life in Europe: Risks and Aspirations,” Yves Poullet and J. Marc Dinant of the University of Namur analyze features of the Internet that led to updating the 1995 EU Data Protection Directive in 2002. First they note the massive creation of data by users themselves due to the interactive nature of the Internet. Each time a user accesses a site or chooses not to access previously visited sites useful data are created. The queries and contributions a user makes when accessing a website create data that may identify the user or at least tell important details about that user’s life. Second, the recent and continuing increases of data flow rates and processing power have radically increased the amount of information, the types of information and the ability to locate, sort and use the information on the Internet. Video, voice and music are readily available. Third, the ease and speed of uploading and downloading and the multiple points of access, with little control on who does what about whom, raises major privacy concerns. Fourth, the global dimension of the web, with many transborder uploads and downloads, creates anxiety over legal control of information. Finally, the opacity of many Internet functions, such as the placement of cookies, unique terminal identifiers, invisible hyperlinks, search engine operation, internet access providers and browser functions, raises serious questions about security of data.

Because of these developments, the 2002 Directive broadened the definition of identifying information to information such as terminal identifiers, cookies and browser and search profiles. Of particular concern was data traffic information which could allow for tracing to data sources. The Directive required destruction of such data once they were no longer needed for message transmission. It also strengthened the consent requirement for collection and processing of traffic and location data. The authors suggest, however, that consent is not always adequate for collection of data that can be attributed directly or indirectly to particular individuals. Weak standards and processes for informing data subjects regarding the nature and extent of their consent and withholding of services if no consent is given mean that the individual is often at the mercy of the data collector. The authors recommend strong controls on what legitimate purposes of data collection are and [*402] stronger processes for assuring that data collected for a particular purpose are only used for that purpose. They advocate directing choices of technology at privileging data protection and the privacy of data subjects.

Australian law professor Graham Greenleaf criticizes the Asia-Pacific Economic Cooperation group (APEC) for proposing a very weak Privacy Framework that seemed to ignore the strides taken by the EU, as well as the privacy protection legislation already in force in some of the 21 countries that make up APEC. Ostensibly based on the 1980 OECD Privacy Guidelines, already dated and not particularly strong at the outset, the APEC Framework weakens or leaves out some of the OECD privacy principles and further weakens the implementation and enforcement of privacy rights. Overall, the APEC Framework strives to “ensure” the free transborder flow of information, while merely “encouraging” privacy protection limited to preventing serious harm caused by the misuse of personal information.

David Lindsay and Sam Ricketson, also Australian law professors, note that digital rights management (DRM) techniques used primarily to implement copyright protection in the digital world may raise serious privacy concerns for users of the copyrighted material. For example, users wishing to download copyrighted music selections are required to identify themselves, may create a profile indicating types of music in which they are interested and give payment information. In addition, they are subject to cookies and leave identifying traces in their interactive traffic with the music purveyor. Each of their accesses to or uses of the copyrighted material may be monitored or reported back to the issuing entity. Self-enforcement mechanisms, such as single machine accessibility or time or number of use restrictions, added to copyrighted digital material, may affect a user’s choices on how to use the material. Broadcast flag technology may restrict, as well as record, the copying and sharing of digital material. Again, the EU has been the leader in approaching these concerns. In a document affirming the application of the 2002 Data Protection Directive to DRM (2005), the EU Working Party on Data Protection emphasized maintaining anonymous access to network services and limited linking of individuals to documents accessed, except with consent or where necessary to perform the service requested. The Working Party also stressed the importance of informing users of the purposes of data collection and the recipients, prior to collecting the data.

Raymond Wacks of the University of Hong Kong attempts to explain why there is not an English common law privacy tort. He propounds seven reasons. The first follows from his analysis of the CAMPBELL case and the preference of the British courts for extending an already established equitable remedy for breach of confidence. The second reason is the prospect of the British Human Rights Act of 1998, echoing Article 8 of the ECHR’s protection of family, home and correspondence, being interpreted as establishing a statutory right to privacy. [*403] The third reason is the primacy of free speech, in particular public speech, in the decisions of British courts. Fourth, the EU Directive inspired Data Protection Act of 1998 has been increasingly used by the courts to provide some privacy protection. Fifth, the British Press Complaints Commission has promulgated a code of conduct with regard to privacy, and the courts have used this code under the direction of the Human Rights Act to balance privacy and freedom of speech and press. Sixth is the general response of the British courts that the concept of privacy is not philosophically coherent and is often confused with autonomy and bodily integrity.

Finally, the British courts and particularly the House of Lords have a preference for legislation rather than jurisprudence to establish new causes of action. Wacks seconds this preference and suggests specific, limited and clearly drafted legislation to establish a cause of action for unwanted publicity. Similarly, Kenneth Keith of New Zealand favors a legislative, rather than a common law or constitutional, solution to the creation of a privacy cause of action.

In the final chapter, Australians Megan Richardson and Lesley Hitchens compare older cases dealing with publication of private facts about celebrities with more recent ones. They find that despite more discussion of privacy as a right pertaining to personality in later cases, the holdings of both earlier and later cases most often turn on a property notion that private facts relating to celebrities are part of the celebrities’ stock and trade and should not be controlled by others without permission or an overriding public interest.

There is much unnecessary repetition in the analyses of the CAMPBELL case. The interest versus rights approach to privacy, while explicit in several of the essays and implicit in all of them, is not well developed theoretically. Overall, however, the essays provide a number of insightful ideas and analyses, as well as valuable references and citations, even for those steeped in the privacy literature.

REFERENCE:

Article 29 Working Party, Working Document on Data Protection Issues Related to Intellectual Property Rights, WP 104, 18 January 2005.

CASE REFERENCES:

BARTNICKI v. VOPPER, 532 U.S. 514 (2001).

NAOMI CAMPBELL v. MGN, LTD., 2 AC 457 (2004).

NEW YORK TIMES v. SULLIVAN, 376 U.S. 254 (1964).

SHULMAN v. GROUP W PRODUCTIONS, 955 P. 2d 469 (Cal. 1998).

VON HANNOVER v. GERMANY, 40 EHRR 1 (2005).

*************************************************