Page 28 - Privacy in a Cyber Age Policy and Practice
P. 28

A CYBER AGE PRIVACY DOCTRINE  13

           that once a person voluntarily discloses a fact to another party, that party
           is free to disclose the information to the government without the exchange
           constituting a Fourth Amendment search. (For more information about
           the third-party doctrine, see Chapter 2.)
             This approach is challenged by critics who note that in the cyber age
           much of our private lives are lived in a cyber world operated by third par-
           ties like Google and Facebook. Thus, Matthew Lawless writes:
             The third party doctrine gives effect to the criticism often aimed at the “rea-
             sonable expectation of privacy” principle, by holding that individuals can
             only reasonably expect privacy where the Court gives them that privacy.
             Because the third party doctrine fails to address true societal expectations
             of privacy (as evident by its failure to protect any information entered into
             a search engine), it reinforces the privacy norms of a politically and tem-
             porally insulated judiciary: once people know their searches are exposed,
             then—by the time these cases are contested—there will, in truth, be no
             expectation of privacy. 38

             However, even without drawing on whatever the societal expectation of
           privacy is, one notes that considerable harm will come to people and that
           core societal values will be violated if the third-party doctrine is given free
           rein. This observation is strengthened by the fact that various exceptions to
           the third-party doctrine are already in place, such as special rules for medi-
           cal and financial information. However, according to Greg Nojeim, these
           rules do not provide the same level of protection granted by the Fourth
           Amendment. He notes that “privacy statutes that protect some categories
           of sensitive personal information generally do not require warrants for law
           enforcement access.” 39
             The European Union’s DPD in effect takes the opposite view, namely,
           that any secondary use of personal information released by a person or
           collected about him requires the explicit a priori approval of the original
           individual “owner” of the information, and that this consent cannot be del-
                                    40
           egated to an agent or machine.  The details of the DPD are complex and
                   41
           changing.  For instance, it made exceptions to this rule for many areas,
           such as when the data is needed for the purposes of research, public health,
           or law enforcement, among others. In January 2012, the European Commis-
           sion passed draft legislation that would update the existing data protection
           law. This legislation includes an “opt-in” provision. “As a general rule, any
           processing of personal data will require providing clear and simple infor-
           mation to concerned individuals as well as obtaining specific and explicit
                                                           42
           consent by such individuals for the processing of their data.”  Data shows
           that information about a person is used many times each day by a large
           variety of users. Hence, if such a policy were systematically enforced, each
   23   24   25   26   27   28   29   30   31   32   33