By Daniel J. Solove
This post is co-authored by Professor Neil Richards
The recent case of Google v. Vidal-Hall in the UK has generated quite a buzz, with Omer Tene calling it the “European privacy judicial decision of a decade.”
The case illustrates several fascinating aspects of the developing global law of privacy, with big implications for online marketing, Big Data, and the Internet of Things.
At first blush, it is easy to see the case as one more divergence between how privacy is protected in the EU and US, with a European Court once again showing how much eager it is to protect privacy than an American one. But the biggest takeaway from the case is not one of divergence; it is one of convergence!
by Daniel J. Solove
At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies.
by Daniel J. Solove
In a recent AP story, actress Jennifer Lawrence had some rather extensive and passionate quotes about her loss of privacy. Not too long ago, Lawrence’s nude photos were stolen and leaked on the Internet by a hacker who hacked into her iCloud account. In her comments for the AP story, she lamented how much paparazzi were harassing her: “I knew the paparazzi were going to be a reality in my life. . . . But I didn’t know that I would feel anxiety every time I open my front door, or that being chased by 10 men you don’t know, or being surrounded, feels invasive and makes me feel scared and gets my adrenaline going every day.”
Earlier this summer, I blogged about the Washingtonienne case. Recently law professor Andrew McClurg wrote a piece for the Washington Post about the case. He writes:
Cutler’s blog, written under the pseudonym Washingtonienne, was a daily diary of her sex life while working as a staffer for Sen. Mike DeWine (R-Ohio). It recounted, entertainingly and in considerable — sometimes embarrassing — detail, her ongoing relationships with six men, including [the] plaintiff. . . .
Although McClurg notes that the plaintiff “suffered a genuine wrong,” he also states that the law “appears to be against him” because he “does not allege that any of the statements about him are untrue.” McClurg notes that the plaintiff is suing under the public disclosure of private facts tort, which “provides a remedy when one publicizes private, embarrassing, non-newsworthy facts about a person in a manner that reasonable people would find highly offensive.” McClurg notes that “while Cutler’s actions may meet this standard, courts have long been hostile to such lawsuits because of a fear of inhibiting free speech.” McClurg continues:
In 1989 the court tossed out a lawsuit against a newspaper for publishing a rape victim’s name in violation of Florida law. While it stopped short of ruling that a state may never punish true speech, the test it adopted for when that can be done without violating the First Amendment is so stringent Justice Byron White lamented in dissent that the court had “obliterate[d]” the public disclosure tort.
Not so. Time after time the Supreme Court has explicitly carved out space for the public disclosure tort to exist. In the series of cases involving the First Amendment and privacy restrictions on true speech, the Court has always confined the First Amendment to speech about matters “of public significance.” The Court did this in Smith v. Daily Mail Pub. Co., 443 U.S. 97, 103 (1979) as well as its most recent case on the issue, Bartnicki v. Vopper, 532 U.S. 514 (2001), where the Court held that “privacy concerns give way when balanced against the interest in publishing matters of public importance.” Id. at 534.