Privacy Online 2.0

Originally published on November 21, 2002

The author wishes to thank Ms. Rachel Zeehandelaar (University of Pennsylvania, B.A. expected 2005) for her valuable research assistance in preparation of this article.

An updated article for the Libel Defense Resource Center

Introduction

The "right to privacy" has been around since the early part of the last century. It

has evolved to apply - more or less - to a disparate array of social and economic issues, ranging from the desire to avoid publicity (Time v. Hill) to abortion (Roe v. Wade). The recent explosive growth of Internet use has created its own set of privacy concerns arising from this new medium. By mid-2001, the Federal government already had these major privacy laws on the books:

Fair Credit Reporting Act

Privacy Act

Family Educational Rights and Privacy Act

Right to Financial Privacy Act

Privacy Protection Act

Electronic Communications Privacy Act

Video Privacy Protection Act

Employee Polygraph Protection Act

Telephone Consumer Protection Act

Health Insurance Portability and Accountability Act

Driver's Privacy Protection Act

Identity Theft and Assumption Deterrence Act

Gramm-Leach-Bliley Act (Title V)

Children's Online Privacy Protection Act

This laundry list of legislation was in place before the terrorist attacks of September 11, 2001. Until then, debate had centered around what new measures could protect individuals' private information and communications while online. Now, public opinion regarding the primacy of privacy is dramatically different. The principal developments in the law of online privacy in the past twelve months have involved the government's response to the reality and ongoing threat of terrorism, and the American public's altered attitudes about the proper "balance" between privacy and self-preservation.

How Privacy and Cyberspace Mix

The law of online privacy has focused primarily on users' unhappy experiences with web pages, and how those pages collect and handle information about those who visit them. To understand how these disputes arise, it is important to understand that a web page can, in fact, learn quite a lot about those who click to them, browse through them and interact with them. This can occur even without the knowledge or consent of the visitor to the page. For an explanation of how this happens, and the technology behind it, visit the Consumer Project on Technology's privacy library online: http://www.cptech.org/privacy. There is also an informative collection of links and resources on this subject at the Electronic Privacy Information Center's site: http://www.epic.org/.

In response to users' distaste for such surreptitious intelligence-gathering, many web sites now post "Privacy Policies" that are usually accessible on the front page of the site. Creating a Privacy Policy is easy, and there are web resources to help: http://cs3-hq.oecd.org/scripts/pwv3/pwhome.htm takes you to the Organization for Economic Co-operation and Development's Privacy Policy Generator, and http://www.siia.net/govt/toolkit.asp has the Software & Information Industry Association's Privacy Toolkit.

Using Privacy Policies, honorable web pages disclose to their visitors when and how they collect private information, as well as what is done with the information thereafter. The concept is simple: say what you do, and do what you say. The execution of that concept, however, has been uneven. Most commonly, a web page asks for a user's name, address and e-mail information in exchange for providing something to the user. More than one naÔve user has signed up for a "free" goodie by providing his e-mail address to a web page, shortly to find his e-mailbox flooded with unsolicited offers, come-ons and outright cons commonly known as "spam". How? The web page has shared his e-mail address with a direct-email marketer. As a way of regaining users' trust, a number of pages go out of their way to promise their visitors that private information would never, ever be disclosed to anyone under any circumstances.

Cyber-Privacy in the Courts

Not all web pages proved worthy of such trust. Still others faced unanticipated difficulty in keeping their confidentiality promises. Today's debate about online privacy is framed by some of the most well-known betrayals.

One of the earliest such incidents involved GeoCities, a web site devoted to creating online "communities." In signing up for the privilege of participating, users were asked for a great deal of information about themselves with the express assurance that they would not be used beyond the GeoCities space. Sadly, it turned out that GeoCities actually did use the information, but in a well-publicized Consent Decree with the Federal Trade Commission they promised they would not do it again. In the Matter of GeoCities, Docket No. C-3849 (Feb. 12, 1999).

Others misbehaved as well. Liberty Financial operated the Young Investors...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT