by Jacqueline Lipton, author of Our Data, Ourselves: A Personal Guide to Digital Privacy
It may surprise many Americans to know that there is no expressly articulated right to privacy in the federal Constitution. In fact, as several Supreme Court justices implied recently in Dobbs v Jackson, a number of rights many of us assume we have may be on shaky ground as they are implied from combinations of other constitutional provisions such as the rights to free speech, due process, and equal treatment. To the extent that the Supreme Court takes a more literal or originalist interpretation of the constitution going forward, significant freedoms based on notions of privacy, personhood and autonomy may be under threat.
My book, Our Data, Ourselves: A Personal Guide to Digital Privacy, was written before the decision in Dobbs and focuses more generally on privacy in the digital world. However, one of the main reasons I wrote the book was to explain why we often do not have the rights we assume we do, and how we can become more aware of the information that others know about us in the digital age. I also offer practical tips for what individuals can do to better protect their personal data and digital privacy.
Privacy has been a thornier issue in the United States than in many other countries because our Constitution expressly protects free speech but doesn’t protect privacy, and the two values are often in tension. A law that restricts what information you can disseminate about someone else might be challenged under the First Amendment. Other countries, like Canada, New Zealand and the European Union member countries, enshrine both privacy and free speech in their bills of rights. To the extent the United States doesn’t hold up privacy as a constitutional value —except as implied in other sections of the Constitution— our lawmakers are at a disadvantage when they want to protect privacy. The legislative approach to privacy in the United States has been piecemeal and has only arisen in limited circumstances with respect to certain classes of sensitive data like health information, educational records, and financial information.
Many of us assume we must have a basic right to privacy (we don’t) that is protected by the constitution (it isn’t) and/or by other laws (sometimes). We are often surprised when we are confronted by targeted advertising—our digital devices seeming to know exactly what we’ve purchased, where we’ve been, or what goods or services we might like to purchase. Lots of people do not see any particular harm in these digital suggestions, which can actually be quite useful from the point of view of consumers who are bombarded with high volumes of information all the time. When Amazon makes a suggestion for the next book I might want to read based on my past browsing habits, or Netflix recommend the next movie or TV series, that can be helpful and save time.
But there are pros and cons to this convenience. While consumer suggestions and reminders can be helpful, the same aggregations of personal data can be used to cause harmful discrimination in education, employment, housing and law enforcement.
When surveyed about the importance of privacy in the abstract, most of us rate privacy highly. Yet, when confronted by discounts for goods or services —say, by joining loyalty programs— many of us will give away large volumes of personal information in return for a $5 discount on our next meal. And this data can be aggregated with other data about us from other sources, and then find its way into the hands of data brokers who will sell detailed dossiers to anyone prepared to pay for them. In other words, privacy has become a commodity. Most of us are not aware of how much personal information about us is available for purchase, let alone what role we may have played in enabling the collection of that data by clicking on “I agree” before reading a privacy policy or by failing to take simple precautions to protect sensitive data—like robust passwords changed regularly for online accounts.
The government has very little obligation to protect our private information, as a constitutional or policy matter. Recent high-profile investigations into the role of social media platforms like Facebook and Twitter evidence how little the government can—or at least is prepared to—do to curtail practices of corporate giants that trade in our private information. And the harms that can be caused by manipulation of personal data across social platforms are legion: Twitter and Facebook can and have been used to organize disruptions of our basic political processes.
Privacy rights are implicated in these activities because, in order to target political messages to sympathetic audiences, organizations need to know who will be sympathetic to them. That knowledge can only be obtained by having a window into individuals’ private lives, including their political and personal preferences. Most people don’t realize that the same sets of data that allow companies to target helpful advertisements to us can easily be used to subvert the political process.
In a world where Target’s marketing department knows you purchased a home pregnancy test before your parents or your partner do, the costs of not being able to have some measure of control over how that information is disseminated are higher than ever. While privacy is not, and may never be, a clearly protected right in the United States, the least we can do is educate ourselves about the risks of failing to understand who can access our data and for what purposes. And we can take certain steps to protect our personal data, in a society that doesn’t guarantee us this security.