Shostack + Friends Blog Archive


Privacy Rights & Privacy Law

First, the European Court of Human Rights has ruled that the UK’s “DNA database ‘breach of rights’:”

The judges ruled the retention of the men’s DNA “failed to strike a fair balance between the competing public and private interests,” and that the UK government “had overstepped any acceptable margin of appreciation in this regard”.

The court also ruled “the retention in question constituted a disproportionate interference with the applicants’ right to respect for private life and could not be regarded as necessary in a democratic society”.

The Police are aghast that they will not be able to do whatever it takes to solve crimes. Similar past rulings have involved forced confessions, indefinite detention, and a presumption that the accused are guilty until proven innocent. They have put forth figures about how many criminals have been caught. The BBC also reports:

The court says the figures appear “impressive” – but on closer analysis it acknowledges, as the Nuffield Council on Bioethics and GeneWatch UK also have, that they are unconvincing.

The Supreme Court of Newfoundland has ruled that airport searches may not be used for blanket law enforcement purposes:

a reasonable expectation of privacy with respect to the contents of his luggage, save and except for searches by [airport] personnel for items that could be used to jeopardize the security of an aerodrome or aircraft. The drugs and money found in his baggage, which are the subject of this proceeding, are not such items and thus Brian Crisby had a reasonable expectation of privacy.”

This is in stark contrast to the US, where John Perry Barlow was arrested when they found small amounts of drugs in his checked luggage. His appeal was denied, although pages related to that seem to have hit the memory hole.

What’s relevant about this is the difference between Canada and the EU and the US. Privacy law in the US is in disarray. At a Constitutional level, the 4th amendment protections have been utterly eviscerated. At a broader level, privacy laws seem to emerge after bad cases.

The result is expensive investment in poor protection. We can and should do better. It would be possible to put in place a data protection or privacy law which protects privacy and respects the rights of free speech. The key is to recognize the role of the government in enabling correlation and linkage. Privacy law should kick in (hard) when the government is involved, either as the gatherer or guarantor of information. That is, if I have to give my legally documented name or my SSN, I should get strong protection. If I can sign up as Mickey Mouse, then privacy law shouldn’t apply.

However we do it, we need a sane privacy law for the US.

2 comments on "Privacy Rights & Privacy Law"

  • Dissent says:

    I’m not sure I follow you, Adam. Are you suggesting that there be a more stringent privacy law for the federal government than for businesses that require your SSN or real name?

  • Adam says:

    When I say “Privacy law should kick in (hard) when the government is involved, either as the gatherer or guarantor of information,” what I mean is that privacy law should apply to the government when they gather information (construed broadly). Also, when a private entity gathers data and then checks it against data which the government is involved in (Drivers license, passport, library card, SSN), then the act of checking it against government data should bring in privacy law.
    Don’t want privacy law? Don’t validate the data with government documents.

Comments are closed.