Google Privacy Fiasco Lesson: There Is No Privacy
Google is in hot water for bypassing privacy controls on the Safari Web browser in iOS devices--and allegedly on Internet Explorer as well--to surreptitiously track users’ online activities. While Google deals with the backlash and regulatory scrutiny from the FTC, there is an important lesson to be learned: Privacy is dead.
I am not suggesting that it is OK for Google or any other company to intentionally circumvent privacy controls to access information the user has specified should not be shared. But, you should also be aware that you don’t actually have a “right” to privacy, and that even if you did that ship has probably sailed.
Your “Right” to Privacy
Here’s the thing: you don’t actually have a legal right to privacy. The 14th amendment to the U.S. Constitution is often cited thanks to a precedent set when Justice Louis Brandeis claimed that it protects the “right to be left alone.” However, it takes some acrobatics of reason to arrive at the conclusion that it inherently protects privacy.
The 1st, 4th, and 5thamendments are sometimes tossed out to support the perceived right of privacy as well. But, the reality is that the very best chance for privacy protection probably falls on the 10thamendment--which grants authority to the individual states for any powers not specifically delegated to the federal government. So, it is possible that your individual state could have measures in place to safeguard privacy.
There are also examples of privacy--or at least the protection of sensitive information—being legislated at a more granular level, depending on the industry. The Privacy Act of 1974 prevents the unauthorized disclosure of personal information held by the federal government. The Fair Credit Reporting Act protects information gathered by credit reporting agencies. The Children’s Online Privacy Protection Act grants parents authority over what information about their children (age 13 and under) can be collected by websites.
There are various regulatory and industry compliance mandates that require affected organizations to take adequate steps to protect sensitive data. Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standards (PCI-DSS) each have stipulations that obligate organizations to protect data, and they impose fines and penalties on those that fail to do so.
All of this suggests that privacy is an important issue, and that there is a societal expectation of privacy. Just remember that your privacy isn’t actually guaranteed.
The concept of privacy and the misguided belief that our privacy is protected or guaranteed cause people to get very defensive about having privacy violated, even though the reality is that the information that is revealed is relatively benign and useless.