Privacy compliance and free market, protection and free flow of communications

02 Feb Privacy compliance and free market, protection and free flow of communications

Speech by Marco Provvidera at the European Privacy Association Presentation – Brussels – january, 27 – 2009


Ladies and Gentlemen,

We are honored to have you here. As an attorney trained and practicing in both a common-law-based – the US – and a civil-law-based – Italy – legal systems, I will dare to utter only a few words, as an attempt to make the point that a fundamental “re-convergence” between the EU and the US concepts of privacy is both desirable and necessary for the very purpose of enhancing the global protection of this fundamental right.

While I won’t go into either “legalese” or technicalities of the privacy law, it is fascinating, though, to observe how the issues raised by privacy are of the utmost interest for whomsoever considering that the main conundrum of the rule of law in a democratic system may be summed up by the necessity to balance the fundamental rights, specially in the somehow troubling arena of the private/public interplay – only put mind on what is probably the most fundamental dilemma of the contemporary political, legal, and academic discourse, i.e. national/international security v. civil liberties.

By the same token, all the privacy “versus(es)” – privacy v. intellectual property, privacy v. national security, privacy v. media exposure, etc. – may be encompassed, in reality, in a single crucial “versus”: Privacy v. Disclosure. Disclosure viewed in a far-reaching scope, i.e. the right to inform and to be informed in an open society.

We are not in the position to forget that, for decades, libertarians’ and civil rights advocacy groups’ struggle mainly focused on indeed gaining access to the largest possible deal of information, purportedly not sufficiently disclosed by the government. Among the historical outcomes of such struggle, the US Freedom of Information Act should be highly praised, as well as the traditional notion, at times seemingly troubling to European ears, of free access to “public records”.

As you all certainly know, the first legislative body which enacted a privacy law was the New York Senate, April 6, 1906. That piece of legislation, after passing both state and federal constitutional muster (US Sup. Court Rhodes, 1910), and a string of amendments, is still today embodied in the NY Civil Rights Law, Sections 50-51. This historical legislative step was taken in response to the Courts’ rejection (as “non-findable at common law nor in equity”) of the principles tentatively set forth by Sam Warren and Louis Brandeis (both these jurists were so gifted legal talents that their subsequent career paths took them to be appointed, at different times, Chief Justices of the US Supreme Court) in the famous Harvard Law Review 1890 article “The Right to Privacy”, which, for the sake of truth, had all but drawn from the legal scholar Cooley’s previous (1888) doctrinal construction of the right to privacy as the “right to be left alone”. Cooley’s construct viewed the violation of such individual right as a tort (his work was, in fact, a “Treatise on Torts”), that is, a non-contractual wrong, actionable for relief in a court of law. The New York Senate legislative enactment, however, while affirming the right to privacy as enforceable at common law, effectively added the statutory protection to those already available remedies.

Over the subsequent decades, the Supreme Court jurisprudence construed a distinction between the “private” right to privacy, under the outlined traditional common law doctrine, and a right to privacy of “constitutional” nature, to be found, according to the powerful, unforgettable language of Roberts v. US Jaycees (1984), in the “penumbra of the First Amendment”, and not only as embodied in the general protection afforded to individuals, their life, liberty and property, by the Fourth Amendment (as sculpted in Katz v. US [1967], however reiterating the right to privacy foundation at common law, and, thus, subject to State courts’ jurisdiction and governed by State law). Who may escape considering the fascinating implications of such landing of the Supreme Court, which, weighing the historical itinerary of the right to privacy, embedded it as “penumbratile”, that is, inserted in the scope of the Free Speech Clause?

Such historical background may help to explain the “federalist” reasons why Congress has been consistently opting for a cautionary and “sectorial” approach when legislating on privacy, notwithstanding that the above outlined jurisprudential foundation of the right to privacy in the Constitution itself had, at some point, opened the door to federal legislation and enforcement.

In fact, dating back to the Privacy Act of 1974, a string of federal privacy laws sprang out, governing health and financial data security, children protection, etc., and, as of today, we see an imposing body of various federal regulations, FTC decisions, State laws/regulations, State Attorney Generals’ consent decrees, industry self-regulating standards, governing areas like data breach notification, authentication, Social Security numbers, information security policies.

Another fundamental reason of the legislative and regulatory proliferation was that, while it is still a sacred principle that “the right of the individual to be left alone must be balanced with the right of the others to communicate” (US Supreme Court, Rowan, 1970), there is no possible doubt that the Internet and the electronic communication age have so deeply and thoroughly changed the landscape that the current threats to the “right to be left alone” are currently far more pervasive, intrusive, plainly dangerous. Billions of individual data are flowing around, and security of these data is far away from being granted, as per all the available reports on data breaches, security-related lapses and vulnerabilities, and the seemingly unstoppable evil of the identity theft.

Thus, in light of the current trend of US privacy law, i.e., to effectively seek a balanced mix between public enforcement of, under federal or state statutory/regulatory provisions, and private cause of action for (as to include a much larger number of violations than those redressable by a traditional tort action), the right to privacy, may be viewed as somehow “converging” with, instead of diverging from, the EU historical construct and implementation of the right to privacy as basically a right to protection of individual data.

Should this view be correct, it might be even conceivable and desirable a re-consideration of the EU Commission perhaps obsolete stance, which labels the US jurisdiction as “not affording an adequate level of protection” of privacy.

Indeed, a further step ahead towards such a “re-convergence” of the US and EU approaches to privacy protection – crucial, as above observed, for the effectiveness of a sound, global enhancement and implementation of such protection – may be prompted by an attempt to apply a cost-benefit analysis on which side, in the marketplace interplay, should bear which costs and enjoying which benefits.

While, in fact, there is scant doubt that the mentioned invasiveness of the contemporary information society definitely constitutes a massive threat to what William Faulkner defined “the private space”, and Reed Karaim, more romantically, “the right to have secrets”, as well as, indeed, to much more tangible interests, it is also undeniable that the information economy is all but based on the free flow of data, ideas, business, information, and that the protection of privacy, in this view – which, ideally, embraces a more “contractual” approach to the whole issue – should become economically viable, as to determine a competitive plus for market players, an asset and not a burden. In some instances, the old “right to be left alone” may be resumed to be spelled out as the right to be left alone even, at times, by an overreaching regulator!

As such “balancing” criterion may end up proving to be the only productive one, we are here today to express one of the basic tenets of the prospective EPA mission: an approach which champions at the same time compliance and free market, protection and free flow of communications, while well aware that, as the French philosopher Jean Boudrillard once wrote: “A world with no privacy will become a world where stereotype reigns, since when all things are in common, everything turns to be common”.

Marco R. Provvidera, Esq.

IIP International Studies Director – Attorney in New York City and Rome

Member of the American Bar Association, Section of International Law, Committee on Information Services, Technology and Data Protection