Privacy Rights in the United States

Privacy Rights in California

By Bob Egelko, who is legal affairs reporter for the San Francisco Chronicle.

The California Supreme court had used privacy rights to redefine the boundaries between the individual and the state. In White v. Davis (13 Cal. 3d 757 (1975)), for instance, the justices ruled unanimously that undercover police surveillance of college classrooms and student organizations violated privacy as well as free speech. They held that a serious breach of privacy could be justified only by a compelling government interest and the absence of less-intrusive alternatives.

In 1994, however, a more conservative court majority stepped away from that standard in a ruling that upheld drug testing of college athletes at championship contests and postseason bowl games. Chief Justice Malcolm Lucas wrote that once a plaintiff shows a reasonable expectation of privacy and a serious infringement, those interests must be weighed against any “legitimate and important competing interests” on the other side, which need not be the least-intrusive means available (Hill v. Nat’l Collegiate Athletic Ass’n, 7 Cal. 4th 1 (1994)). The court didn’t specify how the balance would be measured, and the task might be even more difficult today. As government and corporate data-miners become bolder using new technologies, citizens’ former expectations of privacy may seem a lot less reasonable. (See Vo v. City of Garden Grove (115 Cal. App. 4th 425 (2004)), upholding mandatory installation of video-surveillance cameras at Internet cafes.)

The three-part “Hill test” posed by Chief Justice Lucas proved to be a watershed in state privacy law. “That was when we lost our privacy rights,” says Cliff Palefsky, a partner with the plaintiffs employment firm of McGuinn, Hillsman & Palefsky in San Francisco. “Employees almost never win balancing tests.”

Particularly since Hill v. NCAA, California’s privacy rights have been limited in the workplace. As Palefsky notes, courts have allowed employers to restrict employee speech as long as the employers don’t discriminate on the basis of political opinion; to enforce dress codes as long as they treat both genders equally; to forbid dating between managers and subordinates (Barbee v. Household Auto. Fin. Corp., 113 Cal. App. 4th 525 (2003)); and to use surveillance cameras as long as they stay out of restrooms and dressing rooms. Private messages on workplace computers also are subject to surveillance and discipline. “It is the private employer’s resources being used,” explains Derek Shaffer, executive director of the Stanford Constitutional Law Center. As a result, he says, employers can act to protect themselves from liability for an employee’s harassing emails.

The privacy law doesn’t offer much shelter for personal computer users, either. Although federal law protects the contents of emails, nearly anyone who browses the Web inadvertently collects “cookies”–tiny text files containing identifying information–that allow websites to track and profile visitors, and then target them for advertising. And last November, Facebook, a social-networking site, tested the boundaries of permissibility with a feature called SocialAds, providing advertisers with access to 50 million Facebook user profiles. Advertisers designed customized ads for individual users, and their online friends, on the company’s website. But public pressure forced the company to let its users opt out of the SocialAds system.

Privacy advocates have urged the Federal Trade Commission to establish a “do not track” list for personal computer users, similar to the telemarketing “do not call” list. But to date, courts haven’t joined in the controversy. It’s hard to imagine a California court finding a “reasonable expectation of privacy” in the same material that some users of social-networking sites submit voluntarily for distribution.

Nevertheless, the court in 1994’s Hill v. NCAA did apply the right to privacy against a private entity. In view of the ballot arguments a generation earlier against business data-collecting, the ruling shouldn’t have been surprising. But it marked a departure from federal constitutional law, which protects only against incursions by the government.

The Lucas Court cautioned in Hill that it might be harder to prove a privacy case against a private intruder, because the plaintiff might have the option of doing business elsewhere or staying at home. Still, the Hill ruling opened the door for challenges to drug testing by private employers, and to search policies that would be immune in federal court and the courts of most other states. A later case involving municipal employees established standards for drug testing in public workplaces as well: Screening can be required for job applicants but not for current employees, except for those in safety-sensitive positions or after accidents (Loder v. City of Glendale, 14 Cal. 4th 846 (1997)).

Though physical surveillance seems an obvious arena for privacy protection, there is still no right to keep one’s public actions confidential when they come within range of a city’s video monitor or a store’s closed-circuit camera. But political gatherings are different; undercover officers’ infiltration of nonviolent rallies or meetings would seem to violate the court’s anti-spying standard in White v. Davis. That’s the way former Attorney General Bill Lockyer interpreted the law in a manual distributed to local police agencies in 2003 after revelations that officers in several California cities–aided in some instances by a new antiterrorism center in Lockyer’s office–had monitored political protests. The manual advised police that they need reasonable suspicion of lawbreaking before they conduct political surveillance or keep files on individuals. But an ACLU survey in 2005 found that few police or sheriff’s departments in California were aware of the manual or its policies.

According to Stanford’s Shaffer, state privacy protections are even weaker in criminal cases. One reason is a 1982 ballot initiative that allowed prosecutors to introduce evidence from searches that meet federal probable-cause standards, even if they violate the state constitution. Another is the tendency of the courts to defer to the needs of law enforcement, reflected in rulings that uphold the expansion of state and federal DNA databases. A third factor is the increased scope of activity for federal agents, who are immune from state laws when they gather evidence and who have been freed from previous restrictions on political monitoring by Justice Department policies adopted after the terrorist attacks of 2001.

State and local police who cooperate with federal agents in joint terrorism task forces, however, are bound by the restrictions of California law. ACLU attorney Mark Schlosberg says his organization tries to monitor their compliance. Although state privacy laws have no authority over the Bush administration’s clandestine electronic surveillance of communications between Americans and suspected foreign terrorists, such activity is theoretically subject to the warrant requirements of the Fourth Amendment and the Foreign Intelligence Surveillance Act. The ACLUs of California sued AT&T and Verizon under state law for disclosure of phone records to the National Security Agency without written consent or legal process. Though some of the court challenges have been thwarted due to secrecy, the consolidated cases against AT&T and Verizon continue to move through the Northern District (In Re National Security Agency Telecommunications Records Litigation, 444 F. Supp. 2d 1332 (J.P.M.L. 2006)).

Still, privacy rights remain politically popular in California and have made some headway in the Legislature. According to attorney Nicole Ozer, ACLU technology and civil liberties policy director, recent successes include the nation’s first law requiring notification of consumers whose financial or medical information has been exposed by security breaches; a ban on publicly disclosing an individual’s Social Security number and on requiring transmission of a Social Security number over the Internet without encryption or a secure connection; a requirement that commercial websites of companies that do business in California post prominent privacy policies; and a prohibition against requiring, forcing, or compelling any individual to have an identification device, including a radio frequency identification (RFID) tag, implanted on his or her body. Another law, passed in 2000, created the nation’s first state Office of Privacy Protection, designed to help consumers cope with identity theft and other privacy problems.

Ozer says that in legislative debates–and often in the text of proposed privacy bills–lawmakers invoke California’s constitutional right to privacy. In recent years, she says, “there may not have been as much action in the courts in support of privacy, but its legacy lives on in the Legislature.”

Of course, the reach of the state legislation has limits. In 2005, for instance, a federal appeals court largely overturned a law that required banks to give customers notice and a chance to object before sharing their financial information with affiliated companies. And Gov. Arnold Schwarzenegger vetoed a bill to restrict RFID use on state-issued identity cards and another that would have made retailers tighten security for credit card data.

As Chief Justice George put it in a 2008 interview, “A lot of things that represent progress also represent threats to privacy.” Yet, as George’s majority opinion in May 2008 shows, the state’s constitutional right of privacy still has substance–and some substantial allies. The same court that read the constitutional guarantee of private autonomy to include the right to marry a partner of either gender will also interpret the new initiatives, if they pass, and decide whether the invalidation of same-sex unions applies to thousands of weddings performed between June and this November. And the court is considering a suit by football fans who have challenged pat-down searches outside stadiums (Sheehan v. San Francisco 49ers, 153 Cal. App. 4th 396 (2007), hearing granted Oct. 10, 2007 (No. S155742)). That case could set new ground rules for some types of privacy claims by consumers against private businesses.

So, after dozens of years on the books, what does California’s right to privacy amount to? Certainly not what the authors promised in their ballot arguments: a “legal and enforceable right of privacy for every Californian” that would provide “effective restraints on the information activities of government and business” and yield “only when there is compelling public need.”

If that was ever a realistic expectation, it probably is no longer. The control citizens might once have exercised over their communications and interactions with others has been weakened, if not destroyed, by technological advances and obsessions with security both public and private. Attending a meeting, sending an email, making an overseas phone call, contacting a coworker, even just walking down the street–any of these activities may come to the attention of someone in authority, and there’s little a court or a ballot measure can do about it. Even rights that exist on paper, like freedom from political surveillance, may not amount to much in practice.

Nevertheless, the constitutional right to privacy seems to be evolving–however fitfully, subject to court interpretations and voter backlash. It is becoming a more subtle instrument, a sort of personal cloak for concerns closer to home. Like who we live with, or whether we have children, or how we define our family.

Article I, section I is no armored fortress to keep Californians’ privacy intact. But it seems to have furnished a curtain we can draw around some parts of our lives.

Privacy Rights of Students

Methods for protecting intellectual property and privacy rights and the E-Commerce Law

Methods for protecting intellectual property and privacy rights and the Legal Aspects of E-Commerce

Privacy Rights (Civil Rights Law)

This section introduces, discusses and describes the basics of privacy rights. Then, cross references and a brief overview about Civil Rights Lawin relation to privacy rights is provided. Note that a list of bibliography resources and other aids appears at the end of this entry.

Privacy Rights