Privacy, Regulation and the Net
A major face-off is brewing between American and European approaches to our so-called Information Society. European data-protection authorities are seeking to restrict the right of Google and other search engines to disseminate certain sensitive data on “private” citizens. Suzanne Daley writes in The New York Times (August 10, A1) of a middle-aged Spanish woman who “thought it unfair that a few computer key strokes could unearth an account of her arrest during her college days”. In such cases, Daley notes, the European Union is contemplating a “right to be forgotten” on the world wide web.
The battle shaping up is more than just a rehearsal of familiar conflicts between American market supremacy and European penchants for regulation. Everyone can sympathize with the all-but-universal human desire to withhold hurtful, embarrassing, outdated or out-of-context personal data from public access–particularly when the information is no legitimate business of anyone else. But what principle should decide what personal information should be so designated, and what government agency should be trusted to apply such judgments?
Competing with privacy concerns here are values underlying a vibrant public sphere–a citizenry empowered to pursue both individual well-being and the public good through discriminating information use. Both these pursuits may sometimes require aggressive uses of personal information that place pressure on someone’s privacy. In making and maintaining friendships, neighborly relations or business ties, we often feel we need to know more about people than they willingly disclose. Or in public affairs, imagine a case where community leaders arise to oppose construction of a mosque, on the stated grounds that such an addition would alter the neighborhood’s residential character. Shouldn’t there be means for checking the response of those same leaders when construction of a church or a synagogue was proposed?
Some privacy advocates have proposed applying the equivalent of an expiration date to personal data held in record-systems, as for grocery items. Thus embarrassing postings on social media sites, for example, would simply disappear after a fixed interval. But any attempt to apply such a principle would require resolution of many intractable questions. How widely should the principle apply? To all social media postings–even where harvested and recorded in other record-systems? To all criminal record information? Or only to records of “serious” crimes”? What about crimes against particularly vulnerable parties, like children? Should public records of tax payments (and delinquencies), marriages and divorces, and verdicts in civil suits also have fixed lives? Should such “sunset laws” apply to past sexual, financial or familial peccadilloes of public office-holders? To potential office-seekers? To current or aspiring members of the clergy, the judiciary or the teaching professions? For the best of reasons, many supporters of democratic institutions will not want to entrust powers of making such decisions to any government agency.
A quite different legal innovation would provide a better protection–shoring up privacy interests without fostering overbearing government power to decide what personal information should held private. We could create a property right over commercial exploitation of data on one’s self. With the establishment of such a right, sale or trade of personal information for commercial gain would be illegal without consent from the person concerned. Ordinary people would thus enjoy protection now accorded only to celebrities–freedom from unauthorized commercialization of their names.
Such a right would have to be carefully circumscribed. It should never be understood to block sale of personal data for journalistic purposes, for example, or for use in political campaigns or other public forums. Nor should it ever be possible to sign away one’s own data rights in perpetuity. But creating a property right over commercialization of everyone’s personal data would severely curtail widespread practices of harvesting and retailing personal information for profit–practices common in credit reporting, mass marketing and insurance industries. These profit-seeking activities have furnished data for many web-based privacy-eroding disclosures.
But neither a right like this nor any other single legal or policy measure can resolve all the intricate ethical and policy questions posed by the flow of personal data over the Web. Ultimately these dilemmas require agonizing decisions about what information people should be able to keep to themselves, under what circumstances–decisions that can only be public and political. Goverments cannot avoid taking a stand, for example, on when results of criminal and civil court proceedings should be posted electronically by the courts themselves. And governments must be prepared to propose binding, privacy-friendly decisions on how much personal data members of the public should be required to provide in dealing with both public and private institutions. These are not matters where the logic of the market can answer all the subtle questions that confront us.
James B. Rule of the Center for the Study of Law and Society at the University of California, Berkeley can be reached at: email@example.com