Page 38 - Privacy in a Cyber Age Policy and Practice
P. 38

MORE COHERENT, LESS SUBJECTIVE, AND OPERATIONAL  23

           when “the controller of the file is pursuing a legitimate interest, on con-
                                                           27
           dition that the interest of the data subject does not prevail.”  According
           to Joris van Hoboken, “The exceptions have to become the rule, which
           means that the meaning of the fundamental right, even if one would want
                                                            28
           to more categorically protect certain core interests, is eroded.”  Moreover,
           the European approach survives only because it is infrequently enforced.
           And privacy statements provided by businesses and other agents that rely
           on the collection of consumer data are frequently extensive and draw on
           legal terminology, making them incomprehensible to most users. Consent
           means little if those who give it cannot possibly understand what they are
                  29
           allowing.  In short, the European approach seems not to provide a sound
           foundation for dealing with secondary usages. In other words, it is hardly
           a sound approach.
             If the third party doctrine is truly followed, it leaves little privacy; if the
                                                                   30
           European approach is truly followed, it undermines the common good.  It
           seems clear that a different doctrine dealing with cybernation is needed—
           one that is neither as permissive as the third-party doctrine or as strict as
           the European approach. This monumental task, for which I can provide at
           best a first approximation, is what this chapter sets out to chart in the fol-
           lowing pages.
             Moreover, even initial collection, including limited spot collection,
           calls for a new doctrine. Since Katz v. United States (1967), the courts have
           relied on both individual and societal expectations of privacy to determine
           which types of primary collection are constitutional. For reasons spelled
                                          31
           out in my original paper on this topic,  the expectation of privacy is an
           indefensible basis for such judgments. Briefly, the expectation-of-privacy
           test is tautological: If a judge rules that a person’s expressed claim to an
           expectation of privacy meshes with the judge’s ideas about what a “reason-
           able” individual might expect, then the expectation of privacy exists. If the
           judge rules otherwise, the person should not have “reasonably” expected to
                     32
           have privacy.  Thus, whether or not Mr. Katz, a gambler, expected or did
           not expect to have privacy when he placed bets in a public phone booth is
           immaterial; he had a reasonable expectation of privacy if a court divined
           that he had a reason to have it, and he had no such expectation if a court
           ruled otherwise.
             The societal expectation of privacy is also subjective. The test presumes
           that the courts can evaluate such expectations, yet judges have no way of
           knowing what a “reasonable” person would actually expect—and reason-
           able people differ greatly in their expectations. (For more about the tautol-
           ogy of the “reasonableness” concept, see Chapter 3.)
             The need for a new privacy doctrine stands out in particular when
           one reviews the major court cases that currently provide the basis for
   33   34   35   36   37   38   39   40   41   42   43