Privacy Bulletin: Issue No. 62
Proposed New U.S. Consumer Privacy Framework
On February 23, the White House released a white paper setting forth a proposed new consumer privacy framework. The framework consists of a set of Consumer Privacy Bill of Rights which would work together with business codes of conduct (to be voluntarily implemented by businesses). The Federal Trade Commission and state attorneys general would provide enforcement of the consumer privacy framework. The White House declared that the Consumer Privacy Bill of Rights would provide a baseline of clear protections for consumers and greater certainty for companies. The Consumer Privacy Bill of Rights principles outlined by the White House to protect U.S. consumers include the following:
-Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
-Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
-Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
-Security: Consumers have a right to secure and responsible handling of personal data.
-Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
-Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
-Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
Although release of the whitepaper is a noteworthy step towards developing a comprehensive consumer privacy framework in the U.S., it is important to point out that the proposed Consumer Privacy Bill of Rights are not final, and that the white paper asserts that the White House would work with Congress to enact such rights through legislation.
Google Privacy Suit
Two lawsuits have been filed against Google in U.S. federal courts in New York and California. The suits allege that Google’s storage and aggregation of user data under its new privacy policy violate the Electronic Communications Privacy Act, Computer Fraud Abuse Act and Federal Wiretap Act as well as state laws.
Plaintiffs in the lawsuits are aiming for approval of class-action status to represent individuals in possession of Google accounts or who used the Android operating system on their mobile phones some time between August 2004 through February 2012. According to the California suit, Google combined user data from a variety of Google products and services without acquiring users’ consent or allowing users the option to opt out. The courts’ treatment of these suits could prove significant as the courts and Government continue efforts to develop an acceptable consumer privacy framework.
Supreme Court Rules in U.S. v. Jones Privacy Case
On January 23, 2012, the U.S. Supreme Court ruled that the Government’s use of a GPS tracking device without a warrant constituted a Fourth Amendment violation. The Court supported its decision on the grounds that placing a GPS tracking device on an individual’s vehicle is a “physical intrusion” into constitutionally protected property (in this case, Jones’s car). In concurring opinions, Justices Alito and Sotomayor asserted, in determining whether there is a constitutional violation, the Court should place greater emphasis on to what extent an individual’s expectation of privacy is reasonable, noting that given today’s advanced technology, surveillance and data collection do not always require a physical intrusion. Justice Sotomayor asserted that she “would ask whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.” (Sotomayor Concurring, 4) Justice Alito asserted that he “would analyze the question presented in this case by asking whether Jones’s reasonable expectations of privacy were violated by the long-term monitoring of the movements of the vehicle Jones drove.” Alito goes on to note that “The Fourth Amendment prohibits ‘unreasonable searches and seizures,’ and [in the Jones case at hand] the Court makes very little effort to explain how the attachment or use of the GPS device fits within these terms.” (Alito Concurring, 2)
As evidenced by concurring opinions by Justices Sotomayor and Alito, the Court’s reliance on what seems to be an antiquated physical intrusion rationale leaves unanswered the question of to what extent technologies that allow for surveillance and collection of information without any physical intrusion in the traditional sense are acceptable under the Fourth Amendment. With that in mind, we can anticipate the Court will be compelled to hear future cases that provide businesses and the Government with clearer answers to these questions. See further analysis of this case in context in Ted Claypoole and Richard Balough’s article Privacy Considerations Limit Geolocation Technologies, originally published in Business Law Today. The article is linked here: http://apps.americanbar.org/buslaw/blt/content/2012/03/article-02-claypoole-balough.shtml
For more information, please contact one of the following attorneys or any member of the Privacy and Data Protection Team.
Ted Claypoole: (704) 331-4910
Jonathan Gross: (704) 350-6370
Labels: Google, New U.S. Consumer Privacy Framework, U.S. v. Jones Privacy