The IT Law Wiki
Register
Advertisement
There is growing concern that computers now constitute, or will soon constitute, a dangerous threat to individual privacy.[1]

Definitions[]

United Kingdom[]

Information privacy (also called informational privacy or data privacy) is

the ability of a person to control, edit, manage and delete information about themselves and to decide how and to what extent such information is communicated to others. Intrusion can come in the form of collection of excessive personal information, disclosure of personal information without consent and misuse of such information. It can include the collection of information through the surveillance or monitoring of how people act in public or private spaces and through the monitoring of communications whether by post, phone or online. It extends to monitoring the records of senders and recipients as well as the content of messages.[2]

United States[]

Information privacy (also called informational privacy or data privacy) is

those aspects of privacy law that involves the right of individuals to determine when, how and to what extent they choose to share personal information about themselves with others.[3]
the interest individuals have in controlling or at least significantly influencing the handling of data about themselves.[4]
used to refer to standards for the collection, maintenance, use, and disclosure of personally identifiable information. A central component of 'information privacy' is the ability of an individual to control the use of information about him or herself.[5]

Overview[]

Information privacy is not an unlimited or absolute right. Individuals cannot suppress public records, nor control information about themselves that, by law, is used for a permissible purpose (e.g., criminal defendants cannot prevent courts from examining their prior criminal record before imposing sentence, and sellers of realty cannot prevent a title search of their property). Although individuals may refuse to disclose certain facts about themselves, such disclosure is often either required by law (e.g., tax information) or required if the data subject hopes to participate in society in a meaningful way (e.g., disclosing financial information to obtain a mortgage or releasing medical information to obtain insurance coverage). As a practical matter, individuals cannot participate fully in society without revealing vast amounts of personal data.

Although there is no universal agreement about what "privacy" is, it is of considerable and increasing concern to individuals. Threats to the privacy of personal information arise primarily as a result of the widespread increase in the availability and use of computers and computer networks, the corresponding increase in the disclosure of personal information by Internet users to websites, the routine collection of personal information about online users by websites, and the utilization of personal information online for direct marketing and advertising purposes.

Protection of information privacy is widely seen as serving at least five interests that are critical to a democracy:

  1. An interest in ensuring society (both public and private sectors) makes decisions about individuals in a way that comports with notions of due process and fairness. Accuracy of CHRI and use of that information which includes providing notice to the individual and giving the individual an opportunity to respond, is consistent with notions about fairness. The absence of these protections may produce erroneous or unjustified decisions about employment, credit, health care, housing, or other valued benefits or statuses.
  2. An interest in protecting individual dignity. When individuals endure stigma, embarrassment, and humiliation arising from the uncontrolled use and disclosure of information about them, they lose the sense of dignity and integrity essential for effective participation in a free and democratic society.
  3. An interest in protecting individual autonomy. When individuals lack control over personal information about themselves, they lose a sense of control over their lives. The ability of individuals to control personal information about themselves promotes personal autonomy and liberty.
  4. An interest in promoting a sense of trust in, and a check upon the behavior of, institutions. When individuals lose the ability to selectively disclose their sensitive personal information, they lose trust in the public and private institutions that collect, hold, use, and disclose this personal information.
  5. An interest in promoting the viability of relationships critical to the effective functioning of a democratic society. Numerous relationships, such as the doctor-patient relationship, the lawyer-client relationship, or even the news media and confidential source relationship, depend upon promises of confidentiality in order to promote the candid sharing of personal information and trust within the relationship.

Thus, the critical question becomes: how do we balance the need to use information (by government, commerce, and individuals) with the natural desire of individuals to decide what information about themselves will be exposed to others? Having articulated principles for striking that balance, how do we implement them?

United States[]

In the United States there is no comprehensive legal protection for personal information. The U.S. Constitution protects the privacy of personal information in a limited number of ways, and extends only to the protection of the individual against government intrusions. However, many of the threats to the privacy of personal information occur in the private sector. Any limitations placed on the data processing activities of the private sector will be found not in the Constitution but in federal or state law.

Information privacy is frequently distinguished from other clusters of personal interests that are nourished by the privacy doctrine, including surveillance privacy and behavioral privacy.

Federal laws[]

There is no comprehensive federal privacy statute that protects personal information held by both the public sector and the private sector. The Privacy Act of 1974 protects the privacy of personal information collected by the federal government.

The private sector's collection and disclosure of personal information has been addressed by Congress on a sector-by-sector basis and/or that focus on particular types of information. These federal laws include the:

Other federal laws that impact privacy relate to criminal or national security issues, including the:

References[]

  1. Horst Feistel, "Cryptography and Computer Privacy," Scientific American (May 1973).
  2. Conducting Privacy Impact Assessments Code of Practice, at 5.
  3. Alan Westin, Privacy and Freedom 7 (1976). See also Alan Westin, The Equifax Report on Consumers in the Information Age XVIII (1990).
  4. Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
  5. Report of the National Task Force on Privacy, Technology, and Criminal Justice Information, at 10.

Sources[]

External resource[]

See also[]

Advertisement