From time to time, we will post on this blog about developments in other areas of the law that may relate to privacy and data governance in a general way.
One such interesting development is the January 23, 2012 decision of the U.S. Supreme Court in United States v. Jones. The decision was widely reported. If you missed it, the gist is that (in the United States) the police may not attach a GPS device to a car for the purposes of tracking the movements of the driver over a lengthy period without a warrant. (As an aside, for an interesting article on the use of such devices for private/commercial purposes see Erik Eckholm’s article in The New York Times (January 29, 2012). The Information and Privacy Commissioner of Ontario’s views on related state-surveillance issues is found on her “Real Privacy” website.)
In the U.S., the Fourth Amendment to the U.S. Constitution protects the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The majority of the U.S. Supreme Court focused on whether attaching the GPS device was a trespass to the property of the owner of the vehicle and not on a “reasonable expectation of privacy” analysis. However, in concurring opinions, Justices Alito and Sotomayor observed that the Fourth Amendment also protects a subjective expectation of privacy that society recognizes as reasonable even absent a formal trespass to property. Justice Sotomayor also questioned whether a reasonable expectation of privacy depends upon a finding that the information or data is “secret”. She observed (at pp. 5 to 6):
More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. [...] This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as Justice Alito notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “diminution of privacy” as “inevitable,” [...] and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
Lodged in Justice Sotomayor’s observation is a fundamental question: Should we conceive of privacy expectations as invoking fundamental and unalterable rights, or are expectations fluid – destined to change as technology changes and perceptions of technology change? Or, is the issue more nuanced and situational, as Justice Sotomayor hints. Professor Barry Friedman of the New York University School of Law has an insightful op-ed piece in the New York Times (January 29, 2012) on this issue and the paradoxes of United States v. Jones .