The idea of a right to privacy was first applied to the private sector in 19th Century America. Samuel Warren and Louis Brandeis, for example, discussed the right to be "let alone" in a Harvard Law Review article published in 1891.17 Seventy years later another distinguished jurist, William Prosser, concluded that no right to privacy existed under U.S. Constitutional law, but identified various tortious invasions of privacy.18 Finally, in Griswold v. Connecticut, the Supreme Court recognized a limited Constitutional right applicable to certain intimate decisions related to family or marital matters.19
Other definitions of privacy include the right to be left alone and to control information about oneself with respect to less intimate matters.20 Privacy expert Alan Westin defined information privacy as the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.21 On several occasions Congress has supplied statutory protection for records that does not fall within the sphere of protection recognized by the courts.22
Information privacy is not an unlimited or absolute right. Individuals cannot suppress public records, nor control information about themselves that, by law, is used for a permissible purpose (e.g., criminal defendants cannot prevent courts from examining their prior criminal record before imposing sentence, and sellers of realty cannot prevent a title search of their property). Although individuals may refuse to disclose certain facts about themselves, such disclosure is often either required by law (e.g., tax information) or required if the data subject hopes to participate in society in a meaningful way (e.g., disclosing financial information to obtain a mortgage or releasing medical information to obtain insurance coverage). As a practical matter, individuals cannot participate fully in society without revealing vast amounts of personal data.
Networked electronic environments like the GII complicate the task of establishing the appropriate scope of privacy rights. For example, anonymous telephone communication poses a limited risk to society. The harm caused by any particular call is limited to the participants in that telephone call. The GII, on the other hand, facilitates low cost, simultaneous dissemination of harmful or illegal material to a far broader audience, making anonymity potentially a much bigger problem.23 Nonetheless, there a many circumstances where individuals may legitimately seek to preserve their anonymity. And, of course, the same technologies for safeguarding anonymity in the digital environment empower individuals to control the dissemination of their personal information.
Although there is no universal agreement about what "privacy" is, it is of considerable and increasing concern to Americans.24 Thus, the critical question becomes: how do we balance the need to use information (by government, commerce, and individuals) with the natural desire of individuals to decide what information about themselves will be exposed to others? Having articulated principles for striking that balance, how do we implement them?
17. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1891).
18. See William Prosser, Privacy, 48 Calif. L. Rev. 383 (1960). Prosser's torts included: intrusion upon the individual's seclusion or solitude, or into his private affairs; public disclosure of embarrassing private facts about the individual; publicity that places the individual in a false light in the public eye; and appropriation, for another person's advantage, of the individual's name or likeness. Id.
19. See 381 U.S. 479 (1965).
20. See, e.g., Minister of Supplies and Services, Industry Canada, Privacy and the Canadian Information Highway, Cat. No. C2-229/1-1994 (1994).
21. Alan Westin, Privacy and Freedom 7 (1976). See also, Alan Westin, The Equifax Report on Consumers in the Information Age XVIII (1990).
22. See Right to Financial Privacy Act of 1978, Pub. L. No. 95-630, 92 Stat. 3697, 12 U.S.C. §§ 3401-22 (1994); Fair Credit Reporting Act, Pub. L. No. 91-508, 84 Stat. 1127 as amended by Omnibus Consolidated Appropriations Act for Fiscal Year 1997, Pub. L. No. 104-208, div. A, tit. II, § 2402(a)-(g), 110 Stat. 3009 -____, 15 U.S.C.A. § 1681-1681u (1986 & Supp. 1997).
23. For example, the Morris Worm (a harmful, replicating computer program inserted into the Internet in 1988), was designed not to be traceable to its source, and shut down thousands of computers in one day. See Katie Hafner & John Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier (1991).
24. See generally, Louis Harris And Associates, Inc., The 1996 Equifax/Harris Consumer Privacy Survey (hereinafter 1996 Equifax Survey) (1996). Sixty-five per cent of the participants consider consumer privacy protection "very important," up from 61% in 1995. Threats to personal privacy concerned 64% of the respondents in 1978, 79% in 1990 and 1993, 82% in 1995 and 87% in 1996. In 1990, 71% said they believed consumers had lost "all control" over how personal information about them is circulated and used by companies. By 1995 that number rose to 80%. Likewise, in 1990, 42% indicated that they have refused to give information to a business or company that they thought was either not needed or too personal. By 1995, that number rose to 59%. Of those surveyed in the 1995 poll, however, 17% agreed "strongly" and 40% agreed "somewhat" that businesses handling personal information were paying more attention to privacy issues. Both the 1995 and 1994 polls indicated that Americans remain more concerned about privacy intrusions by government than by businesses.