Surfing the Net Safely and Smoothly: A New Standard for Protecting Personal Information from Harmful and Discriminatory Waves (pdf)

Article PDF cannot be displayed. You can download it here:

https://openscholarship.wustl.edu/cgi/viewcontent.cgi?article=1416&context=law_lawreview

Surfing the Net Safely and Smoothly: A New Standard for Protecting Personal Information from Harmful and Discriminatory Waves

Washington University Law Review Volume 79 Issue 3 January 2001 Surfing the Net Safely and Smoothly: A New Standard for Protecting Personal Information from Harmful and Discriminatory Waves Tammy Renée Daub Washington University School of Law Follow this and additional works at: https://openscholarship.wustl.edu/law_lawreview Part of the Consumer Protection Law Commons, and the Internet Law Commons Recommended Citation Tammy Renée Daub, Surfing the Net Safely and Smoothly: A New Standard for Protecting Personal Information from Harmful and Discriminatory Waves, 79 WASH. U. L. Q. 913 (2001). Available at: https://openscholarship.wustl.edu/law_lawreview/vol79/iss3/5 This Note is brought to you for free and open access by the Law School at Washington University Open Scholarship. It has been accepted for inclusion in Washington University Law Review by an authorized administrator of Washington University Open Scholarship. For more information, please contact . SURFING THE NET SAFELY AND SMOOTHLY: A NEW STANDARD FOR PROTECTING PERSONAL INFORMATION FROM HARMFUL AND DISCRIMINATORY WAVES INTRODUCTION Imagine yourself having been in the following situations: in high school, you surfed the Web to gather research for a psychology class on depression and suicide; last year, you looked into Web sites that provide information about a genetic disease that runs in your family; six months ago, you bought inflammatory CDs on Amazon.com for a friend or listened to this music on RealNetworks; a week ago, you looked at law firm Web sites to research attorneys who can help clean up the traffic violations on your driving record; yesterday, you researched student loan information online. In each of these scenarios, you took the chanc e that the personal information you disclosed online (including your surfing habits and any information you provided while visiting the Web site) might be used in a harmful or discriminatory way. 1 For example, an advertising agency, health care provider, future employer, credit agency, or insurance company might be interested in obtaining this information. 2 Given the lack of protection of privacy rights in the online environment, these parties could obtain this information themselves or a Web site operator could sell it to them. Although the United States Constitution does not expressly mention privacy, Justice Douglas recognized a right to privacy under the “penumbra theory” articulated in the famous Supreme Court case Griswold v. Connecticut.3 Under this theory, the Supreme Court has recognized rights that can be found in the shadows or emanations of the Bill of Rights.4 1. See Kalinda Basho, The Licensing of Our Personal Information: Is It a Solution to Internet Privacy?, 88 CAL . L. REV. 1507, 1517 (2000) (describing privacy expert Jeffrey Reiman’s recognition that threats to our privacy pose a danger to our ability to engage freely in activities on the Internet). 2. See id. at 1516. 3. 381 U.S. 479, 484 (1965) (“[S]pecific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance. Various guarantees create zones of privacy.”) (citation omitted). See also Roe v. Wade, 410 U.S. 113, 152 (1973). 4. Griswold, 381 U.S. at 484. In addition, the Fourth Amendment provides that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” U.S. CONST. amend. IV. In order to raise a Fourth Amendment challenge to a government search or seizure, a defendant must establish a legitimate expectation of privacy upon which the government infringed. See Katz v. United States, 389 U.S. 347, 353 (1967). The legitimate expectation of privacy test entails a two-prong inquiry: (1) whether the defendant had an actual (subjective) expectation of privacy; and (2) whether society is prepared to recognize that 913 Washington University Open Scholarship p913 Daub.doc 914 WASHINGTON UNIVERSITY LAW QUARTERLY 2/28/2002 5:09 PM [VOL. 79:913 Despite the legal recognition that an individual’s interest in maintaining privacy deserves constitutional protection, consumer concerns about a lack of privacy in the online environment were evident in a 1998 Harris poll on consumer privacy. The poll found the following: “Nearly nine in ten Americans (88%) say they are ‘concerned about general threats to their privacy.’ Eight in ten (82%) feel they have ‘lost all control over how companies collect and use their personal information.” Three-fourths (78%) say they have not given information to a company online because of their concern with a lack of privacy compared with 42% in 1990; and two in five (43%) said they had ‘exercised an opportunity to opt-out.’5 This Note evaluates the problem underlying these scenarios and statistics. Part I first examines the history of the collection and use of personal information in the traditional sense, and second in the transactional sense. Part II considers how the online industry, Congress, the Federal Trade Commission (FTC), and other academics and theorists are approaching the problem of online privacy of personal data. Part III develops background on the discriminatory and harmful effects of online profiling of personal information and analyzes the various approaches attempting to address the problem of online privacy. In Part IV, I conclude that although the regulatory approach is currently the best way to address the abuse of personal expectation as reasonable. Smith v. Maryland, 442 U.S. 735, 740 (1979). The Supreme Court has also held that a person does not have a legitimate expectation of privacy in information that he or she voluntarily provides to a third party. See, e.g., Smith , 442 U.S. 735 (1979) (holding that defendant lacked a legitimate expectation of privacy in phone numbers dialed from his phone because he voluntarily provided the numbers to the telephone company); United States v. Miller, 425 U.S. 435, 445 (1976) (holding that the defendant did not have a legitimate expectation of privacy in bank records since he exposed information in records to bank employees). Courts have applied this assumption of risk rationale to deny an expectation of privacy in electronic information voluntarily given online. See United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997) (holding that a user did not have a legitimate expectation of privacy in an email transmission). However, “traditional Fourth Amendment jurisprudence is ill-suited to answer” whether or not a user retains a legitimate expectation of privacy in his or her clickstream data. Gavin Skok, Establishing a Legitimate Expectation of Privacy in Clickstream Data , 6 M ICH . T ELECOMM. & T ECH . L. REV. 61, 62 (2000) (arguing that the assumption of risk principles to online expectation of privacy is flawed because it does not take into account the extent of intrusion that occurs when clickstream data is c (...truncated)