Digital Privacy

Digital Privacy Laws of Various Countries

Spanish courts in 2014 ruled on a civil question regarding the right to privacy. In that case, the complainant requested that Google Spain be required to remove some unflattering information about him that had become totally irrelevant as the embarrassing matter had been completely resolved. The court ruled that because Spain was a member of the European Union, and because Google Spain operated search engines in Spain, Directive 95/46/EC [PDF] passed by the European Parliament applied to the case and provided the complainant with the protections that the directive contained. Accordingly, Google Spain was ordered to remove or otherwise alter the information in order to update their page information about the complainant, even though Google Spain's servers were not physically located in Europe. The court found that the law allowed the complainant to assert his legal right to compel Google to remove information about the complainant that was "inadequate, irrelevant or no longer relevant, or excessive in relation to those purposes and in the light of the time that has elapsed." This general concept has come to be known as the "right to be forgotten" [PDF].

The court further elaborated, however, that the protections of the directive in this respect were not absolute and are subject balancing against other individuals' rights. For example, when information is provided "solely for journalistic purposes" [internal quotations omitted], an individual may not be able to compel the data provider to remove the information.

Other countries provide their citizens with similar rights.

The United Kingdom, for example, has passed the Data Protection Act 1998. This law provides individuals with the right, upon the request of that individual, to be notified when a data provider processes that individual's personal information. Furthermore, individuals are afforded the right to compel data providers not to process their personal information if the processing of their information "caus[es] or is likely to cause substantial damage or substantial distress to him or to another" and if "that damage or distress is or would be unwarranted."

Russia has a data protection law very similar to the United Kingdom's law, entitled the Russian Federal Law on Personal Data [PDF]. Under this law, individuals are "entitled to demand that the operator should keep his personal data current, block or destroy them if the personal data are incomplete, outdated, unlawfully obtained or not necessary for the stated purpose of processing also to take measures provided for by the law in order to protect his rights."

Both the United Kingdom law and the Russian law also contain provisions allowing individuals to demand that their information not be used by data providers for the purposes of direct marketing.

Countries also provide and enforce privacy laws and doctrines in criminal contexts. Canada's constitution, for example, contains a provision declaring that Canadian citizens have "the right to be secure against unreasonable search or seizure." Canadian courts have found [JURIST report] that this provision bars Canadian police from being able to order telecommunication companies to hand over their consumers' communication data and information.

Other countries have handled privacy in the criminal setting differently. The United Kingdom recently passed the Investigatory Powers Act 2016 [PDF], a controversial surveillance law [JURIST report] which allows police to access certain communication data without any kind of approval, among other things. A fairly recent amendment [page in Thai] to a law in Thailand, the Computer Crime Act of 2007 [PDF], also allows Thailand law enforcement officials to access online data without any sort of judicial approval. There is further concern [JURIST report] that the law will even lead to the censorship and punishment of individuals who post information that is unfavorable to the government of Thailand.

The aforementioned laws and doctrines, different in their consequences but similar in their objectives, offer a narrow glimpse into the continued development of this area of law in countries around the world.

Introduction

Over the past several decades, advances in technology have impacted various aspects of society, ranging from economic growth to heath care and the arts. These developments are significant when viewed on a global scale, but the growing role of technology in society is, perhaps, more noticeable in individuals' personal lives and day-to-day interactions. While the percentage of people with internet access and smartphone use is higher in developed countries, computer and cell phone ownership is prevalent across the world. In 2017, a majority of Americans own a smartphone, have broadband internet access, and use social media. Additionally, other personal devices, like tablet computers, have increased in popularity. The proliferation of technology in daily life is, however, not unique to American culture; other countries around the world, faced with the pervasive influence of technology, are experiencing the same social and legal impacts.

Widespread, continuous access to the internet allows users to share information at any hour of the day, from almost any location. This data takes many forms: text messaging and third-party messaging apps, social media posts and photos (with Facebook use most prevalent at 79%), searches (with more than half of Google inquiries sent from mobile phones), and personal information, like account numbers, social security numbers, and passwords. To make this mass data transmission affordable, many providers now store user data on remote "cloud" servers-a practice that produces doubts about data security in light of recent high-profile breaches.

In addition to security concerns, serious legal questions have emerged regarding who may view the data on personal devices (or data that has been stored elsewhere). In 2016, industry leaders Apple and Amazon refused to assist government authorities in accessing data associated with their products' users, even in criminal cases. While the Supreme Court has laid base rules to govern cell phone searches incident to arrests, the issues of how much personal data the government is entitled to when investigating individuals, and what procedures they must follow to obtain the information, are still unfolding.

Case Law on the Right to Privacy

The discussion around the right to privacy in an increasingly digital world has, predictably, evolved tenuously. Changes in technology have no doubt affected how courts interpret what should be or should not be protected under the Fourth Amendment. Most cases involving privacy are discussed through the search and seizure protection under the Fourth Amendment which is a protection against government infringement on privacy through unreasonable and unlawful searches.

One of the key cases in this discussion, Katz v. United States, involved a Fourth Amendment challenge to the government's listening to and recording of communications at a public phone booth. The court concluded that the government's actions constituted a search under the Fourth Amendment.More recent cases follow along the premise set in Katz v. United States, even where they deal with the Fourth Amendment in relation to other laws. United States v. Carpenter involved the government's use of information from wireless carriers to determine where defendants were at the time of a robbery. The action was found not to be a search under the Fourth Amendment. The court's analysis focused on the idea of a twofold privacy expectation, first subjective expectation and then objective expectation that is to be reasonably expected by society. Furthermore, the court drew a distinction between the government accessing personal communications and the government accessing the information used to transport communications. The reasoning was virtually that Fourth Amendment protection applies to the content of the communications themselves, but does not apply to the routing information of calls.

Given technological advancements, cases dealing with privacy, the Fourth Amendment, and how the two concepts apply to information contained on modern technology devices have arisen. United States v. Warshak [Pdf] is one such case where the government compelled a company to turn over emails without first getting a warrant. The government argued that it relied on the Stored Communications Act, which allowed it to compel the disclosure of certain electronic information without a warrant. In its analysis, the court concluded that the subjective expectation was that the emails were private and the objective expectation of privacy was reasonable due to the nature and content of communications and transactions done over email. In the end, the government was still able to admit the evidence acquired through accessing the emails because they reasonably relied on the Stored Communications Act. Furthermore, a number of cases have extended this privacy rationale to the issue of access to data on smartphones. Riley v. California & United States v. Wurie is a good example of the intricacies involved in such cases. Riley v. California & United States v. Wurie [pdf] involves questions of governmental access to a smartphone's internal data and the use of a phone to trace and gain access to a residence and whether this was protected by the Fourth Amendment. The Court, concerned with privacy interests given the sensitive nature and vast array of information that may be stored on a phone, concluded that the government's action was precluded by the Fourth Amendment.

The controversy over privacy, as it relates to smartphones, continues; most notably, Apple refused to help the government access information on an iPhone when it was asked to help bypass encryption software to allow the government access to content belonging to an individual involved in the San Bernardino, California shooting that resulted in fourteen deaths. Apple's argument was that complying with the request would weaken the protections that were built into the phone to protect user privacy. Eventually, the Department of Justice ("DOJ") ruled">dropped the case [JURIST report] to compel Apple to comply with its request to unlock the phone when the DOJ was able to access the information itself.

Social and Legal Implications

The balance between digital privacy and justice is unclear and difficult to determine. Technological advances ease many tasks, but create various risks to the user's privacy rights whether by the government or by criminal hackers. Technology companies, such as Apple, create high quality encryption algorithms to combat the threat of hacking, but this may be at the cost of law enforcement's ability to build cases against suspected criminals. In February 2016, Apple requested that Congress create a panel of experts with the specific task of discussing issues of security versus privacy. Apple's concern was not solely economic, but, rather, was also constitutional. Citing Fourth Amendment concerns, Apple Inc. strongly opposed creating a "back door" which would allow law enforcement to gain access to any iPhone under suspicion of having information useful to an official investigation. The motive, however, was not just based in social justice, but also arose out of fear that iPhone users would be subject to extreme vulnerabilities if the "key" to the proverbial "back door" were to fall into the hands of a criminal.

Technology companies are not the only entities concerned with the implications of the Fourth Amendment in digital privacy. US courts have faced issues regarding the Fourth Amendment and warrantless search and seizures of cellphones and other technological devices. Thus far, the US Supreme Court has ruled that police, typically, are unable to search a cellphone's digital information without a warrant. Usually, police are permitted to search an individual upon arrest in order to protect law enforcement and the public; this also aids in preventing suspects from destroying evidence. Searching through digital information, nevertheless, is qualitatively different than simply confiscating the device to prevent the suspect from destroying valuable evidence. In an Arkansas criminal case, prosecutors sought information stored on a murder suspect's Amazon Echo; Amazon refused to release the data so the prosecutors obtained a warrant.
Electronic device users in these situations can rest assured that the warrant requirement remains a safeguard against unwelcome searches and seizures by law enforcement, per the Supreme Court's ruling.

Although law enforcement is required to obtain a warrant before searching the digital information contained in electronic devices such as a cellphone or a voice-controlled personal assistant, the question remains: what does this mean for metadata collection? The National Security Agency ("NSA") engages in a metadata collection program. This program requires telecommunication companies to keep record of all communications. The government alleges that the content of these communications is not read by anyone, but the identities of the individuals communicating, as well as the date, time, duration, and location are recorded. Web searches and internet browsing history contain information that most individuals would consider to be private, regardless of whether the websites are accessed via computer, cellphone, or tablet. Professor emerita Marjorie Cohn contends that, if the courts remain consistent in analyzing digital privacy, the metadata collection by the NSA creates the same concerns as the inspection of the information contained on cellphones.

The balance between digital privacy and the obtainment of digital information by law enforcement agents appears to be a far from settled area of the law. Although courts require a warrant before law enforcement is able to gain access to technological devices, the encryption and coding of information may create obstacles for technology companies and issues for the legal system. The primary concern for law enforcement is the prevention of terrorism and securing convictions based on the digital evidence maintained by criminals. Companies such as Google have refused to comply with warrants in unlocking suspected criminal's phones, inhibiting the ability of investigators to properly inspect criminal activity. Crucial evidence contained in the realm of digital privacy pertaining to terroristic and criminal activities will continue to raise constitutional concerns and ethical disputes for technological companies, end users, and the government.


Support JURIST

We rely on our readers to keep JURIST running

 Donate now!

© Copyright JURIST Legal News and Research Services, Inc., 2013.