In an interesting and thoughtful post, Eugene Volokh (law, UCLA) takes issue with California’s Megan’s Law, Cal. Penal Code § 290.46(j), which places personal data about sex offenders on the Internet yet restricts the uses of this data. The law allows people to use the information “only to protect a person at risk.” It prohibits the use of the information for, among other things, purposes related to insurance, loans, credit, employment, benefits, and housing.
So California law suppresses presumptively true statements of fact about criminals based on a public record, unless one’s purpose is “only to protect a person at risk.” If one learns that a neighbor or a coworker has committed a heinous crime, and wants to tell people — not specifically to protect a person at risk, but (for instance) to urge people not to give a fellowship to someone with such bad morals, or to urge businesses not to associate with such an evil person — one risks damages liability or an injunction.
Seems like a pretty clear First Amendment violation, especially given Florida Star v. B.J.F. If it’s unconstitutional to bar speakers from revealing the names of rape victims when those names were accidentally released by government officials into the public record, I’d think that it would be unconstitutional to bar speakers from revealing the names of rapists when those names were deliberately placed by government officials into the public record. But it seems that California weighs the privacy of public-record information about sex criminals more heavily than its law-abiding citizens’ constitutionally protected free speech.
I disagree with Volokh on both legal and policy grounds. Regarding the law, Florida Starrestricts liability for disclosing information after the government has made it public. However, in Los Angeles Police Department v. United Reporting Publishing Co., 528 U.S. 32 (1999), the Supreme Court concluded that the government may selectively grant access to public record information. A California law required those seeking access to records of arrestee information to promise that the data should not be used for commercial solicitation purposes. The Supreme Court concluded that the law was not “prohibiting a speaker from conveying information that the speaker already possesses” but was merely “a governmental denial of access to information in its possession” under which it had no duty to disclose.
The Court has thus created a distinction between pre-access conditions on obtaining information and post-access restrictions on the use or disclosure of the information. A law cannot establish a post-access restriction on the use of information that is publicly available. Once the information is made available to the public, Florida Star prohibits a state from restricting use.
But pre-access, the government can establish conditions upon which access is granted. In a way, this sets up a contract-like situation. The government supplies people with information if they agree to use it only in certain ways. This is similar to when the government offers other benefits and specifies how they should be used. There are some limits — the unconstitutional conditions doctrine — but these limits have generally not been very restrictive.
Regarding policy, I believe that information use restrictions are a terrific way to balance the government’s making information publicly available and protecting privacy. Otherwise, the government is caught in a difficult zero-sum trade-off between public access to information and privacy. To protect privacy, governments would have to restrict the disclosure of the information entirely, but this would make less data available to the public. With use restrictions, such as those in the California Megan’s Law, the government can make the information available to protect people but can limit uses that do not further this purpose. This can prevent undue discrimination against those sex offenders who have been released from prison and who are trying to rehabilitate themselves.
Originally posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.