User:OmarSubhai/Privacy law

Osorio.pdf

Classification of privacy laws
Privacy laws can be broadly classified into:


 * Privacy
 * Trespassing
 * Negligence
 * Fiduciary

The categorization of different laws involving individual rights of privacy assesses how different laws protect individuals from being having their rights of privacy violated or abused by certain groups or persons. These classifications provide a framework for understanding the legal principles and obligations that check privacy protection and enforcement efforts and for policymakers, legal practitioners, and individuals to better understand the complexity of the responsibilities involved in order to ensure the protection of privacy rights.

Brief overview of the 4 classifications of each category to understand the ways in which privacy rights are protected and regulated:

Privacy Laws focus on protecting individuals’ rights to control their personal information and prevent unauthorized intrusion into their private lives. They encompass strict regulations governing data protection, confidentiality, surveillance, and the use of personal information by both government and corporate entities. These laws may apply to the government and/or private companies, and may cover general privacy issues, or may regulate specific types of information, including, for example: health privacy, telecommunications privacy, education privacy, and financial privacy.

Trespassing Laws focus on breaches of privacy rights related to physical intrusion onto an individual's property or personal domain without consent. This involves illegal activities such as: entering an individual’s residence without consent, conducting surveillance using physical methods (e.g., deploying hidden cameras), or any unauthorized entry onto the individual’s property.

Negligence laws generally address situations where individuals or entities fail to exercise appropriate caution in protecting the privacy rights of others, often holding them accountable through severe penalties like heavy fines. This aims to ensure compliance and deter future violations, involving incidents such as any mishandling of sensitive data, poor security measures leading to data breaches, or any non-compliance with privacy policies and regulations.

Fiduciary laws regulate the relationships characterized by trust and confidence, where the fiduciary accepts and complies with the legal responsibility for duties of care, loyalty, good faith, confidentiality, and more when entrusted in serving the best interests of a beneficiary. In terms of privacy, fiduciary obligations may extend to professionals like lawyers, doctors, financial advisors, and others responsible for handling confidential information, as a result of a duty of confidentiality to their clients or patients.

Federal Data Protection Laws

 * Children's Online Privacy Protection Act: provides data protection requirements for children's information collected by online operators.
 * Communications Act of 1934: includes data protection provisions for common carriers, cable operators, and satellite carriers.
 * Computer Fraud and Abuse Act: prohibits the unauthorized access of protected computers.
 * Consumer Financial Protection Act: regulates unfair, deceptive, or abusive acts in connection with consumer financial products or services.
 * Electronic Communications Privacy Act: prohibits the unauthorized access or interception of electronic communications in storage or transit.
 * Fair Credit Reporting Act: covers the collection and use of data contained in consumer reports.


 * Federal Securities Laws: may require data security controls and data breach reporting responsibilities.
 * Federal Trade Commission (FTC) Act: prohibits unfair or deceptive acts or practices.
 * Gramm-Leach-Bliley Act: regulates financial institutions' use of nonpublic personal information.
 * Health Insurance Portability and Accountability Act: regulates health care providers' collection and disclosure of protected health information.
 * Video Privacy Protection Act: provides privacy protections related to video rental and streaming.

Mexico (adding a citation to the information already written in this section; any bold text will be added)
On 5 July 2010, Mexico enacted a new privacy package, the Federal Law on Protection of Personal Data Held by Individuals, ''focused on treatment of personal data by private entities. The key elements included were:''


 * Requirement of all private entities who gather personal data to publish their privacy policy in accordance to the law.
 * Set fines for up to $16,000,000 MXN in case of violation of the law. (Can't find citation for this?)
 * Set prison penalties to serious violations. (Haven't found a specific citation for this)

United States (adding more information about California's privacy laws)
(this paragraph and bullet points are already present in the article and detail "privacy" as 4 separate torts which we will work on expanding):

''Their project was never entirely successful, and the renowned tort expert and Dean of the College of Law at University of California, Berkeley, William Lloyd Prosser argued in 1960 that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone." (citation) The four torts were:''


 * Appropriating the plaintiff's identity for the defendant's benefit: Appropriation of one's likeness is considered the oldest of the main American privacy torts. It involves the right to control where one's appearance and other aspects of their "likeness," such as their voice and name, appear in areas like advertising and other media. As noted by the California Jury, successful cases built on the appropriation of a person's likeness must typically involve them being harmed in some way by this usage, which was non-consensual and contributed to some benefit, often financial, to the person or company using their image.
 * A rising case for the appropriation tort in the United States appeared in the early 1900s due to companies using individuals' identities and appearances without their consent on packaging and advertisements. A particularly influential case was Roberson v. Rochester Folding Box Co., in which young woman Abigail Roberson had her image placed on a flour advertisement causing embarrassment and emotional distress. Her case against the company was rejected, leading to widespread public disapproval and the creation of New York Civil Rights Law § 50 that forbid the appropriation of individuals' images in advertisements without their consent, with an emphasis on the emotional impacts of such exploitation.
 * The tort was also influenced by the later case of Loftus v. Greenwich Lithographing Co., where Glady Loftus sought financial compensation for the usage of her image in a film advertisement distributed around New York City; this reflected a shift in the claims of appropriation cases from emotional damage to a lack of payment for the plaintiff's image being appropriated.
 * Defenses against an accusation of appropriation include the newsworthiness of the image; consent, in which the person is argued to have opted for the usage of their likeness; and their celebrity status, as this indicates they have already publicized themselves without facing emotional damage.

Placing the Plaintiff in a False Light in the Public Eye
A legal term known as “false light” refers to the deliberate or negligent dissemination of false information about another person, material that is inaccurate and presented in a way that could offend even the most sane person. This tort is a component of privacy law, which attempts to protect people’s public personas from being distorted in a way that would cause them to feel uncomfortable or embarrassed in public.

Defamation aims primarily to repair harm to one’s reputation from false remarks; in contrast, the goal of this legal provision is to safeguard people’s emotional and personal integrity. In order to effectively file a false light lawsuit, the plaintiff needs to prove a number of important components. First, it must be demonstrated that the defendant knew the data was false or that they behaved negligently in the first place by neglecting to verify the material before disclosing it to the public.

Second, the erroneous data ought to have been disclosed to the public. This indicates that it was expressed in a way that a reasonable person would find extremely insulting to more than one individual other than the plaintiff. This knowledge can be shared through a number of channels, including word-of-mouth in the community, media broadcasts, and online publications.

Thirdly, a reasonable person must be led to believe that the plaintiff is highly offensively untrue based on the nature of the information and the circumstances surrounding its presentation. This feature emphasizes the potential emotional and psychological effects of a false portrayal, as opposed to just the information’s factual accuracy.

False light and defamation are sometimes used interchangeably, although they are not the same. While false light focuses on the offensive aspect of the representation and the personal humiliation or anguish it creates, regardless of the facts or falsity of the underlying facts, defamation entails harming someone’s reputation through false assertions portrayed as fact. False light addresses a wider spectrum of emotional and dignity-related harms than other torts, although both torts address harm from false assertions.

Publicly Disclosing Private Facts About the Plaintiff
Public Disclosure of Private Facts or Publicity Given to Private Life is a tort under privacy law that protects individuals from the unauthorized dissemination of private information that is not of public concern. This tort aims to safeguard an individual's right to privacy and prevent unwarranted intrusion into their personal lives.

To establish a claim for public disclosure of private facts, the following elements generally need to be proven:


 * Publication of Private Facts: The defendant must have publicized private information about the plaintiff. This publication can be through various means such as media outlets, social media, or any other public platform.
 * Information Must Be Private: The disclosed information must be of a private nature and not generally known to the public. This can include personal details about one's health, finances, relationships, or any other intimate aspects of their life.
 * Information Must Be Offensive to a Reasonable Person: The disclosed information must be offensive or embarrassing to a reasonable person. The court will assess whether a reasonable person would find the publication highly offensive and objectionable.
 * No Legitimate Public Concern: The disclosed information should not be of legitimate public concern. If the information is newsworthy or serves a public interest, it may be protected under the First Amendment, and the plaintiff may not have a valid claim.

Unreasonably Intruding Upon the Seclusion or Solitude of the Plaintiff
To be able to intrude on someone's seclusion, the person must have a "legitimate expectation of privacy" in the physical place or personal affairs intruded upon.

To be successful, a plaintiff "must show the defendant penetrated some zone of physical or sensory privacy" or "obtained unwanted access to data" in which the plaintiff had "an objectively reasonable expectation of seclusion or solitude in the place, conversation or data source."

For example, a delicatessen employee told co-workers that she had a staph infection in a private manner. The co-workers then informed their manager, who directly contacted the employee's doctor to determine if she actually had a staph infection, because employees in Arkansas with a communicable disease are forbidden from working in the food preparation industry due to transmittable health concerns.

The employee with the staph infection sued her employer, the deli, for intruding on her private affairs, as the information she had previously shared had gotten leaked. The court held that the deli manager had not intruded upon the worker's private affairs because the worker had made her staph infection public by telling her two co-workers about it, no longer making it intrusion.

The court said:

"When Fletcher learned that she had a staph infection, she informed two coworkers of her condition. Fletcher's revelation of private information to coworkers eliminated Fletcher's expectation of privacy by making what was formerly private a topic of office conversation."

Offensiveness
In determining whether an intrusion is objectively "highly offensive," a court is supposed to examine "all the circumstances of an intrusion, including the motives or justification of the intruder."

It is up to the courts to decide whether someone that is considered "offensive" is acceptable based on the intentions when it comes to searching for that specific news.

Websites' Data Collection
A website may commit a "highly offensive" act by collecting information from website visitors using "duplicitous tactics." A website that violates its own privacy policy does not automatically commit a highly offensive act according to the jury. But the Third Circuit Court of Appeals has held that Viacom's data collection on the Nickelodeon website was highly offensive because the privacy policy may have deceptively caused parents to allow their young children to use Nick.com, thinking it was not collecting their personal information.

The Press
The First Amendment "does not immunize the press from torts or crimes committed in an effort to gather news." They are still held liable for the news they gather and how they gather it. But the press is given more latitude to intrude on seclusion to gather important information, so many actions that would be considered "highly offensive" if performed by a private citizen may not be considered offensive if performed by a journalist in the "pursuit of a socially or politically important story."

(under the paragraph discussing COPPA)

In California, the California Consumer Privacy Act of 2018 provides specific regulations for companies collecting consumer data in California organized as particular rights; these include the right to have knowledge about how companies intend to use consumer data, as well as the right to opt-out of its collection and potentially delete this data. The Act recently expanded existing consumer rights in the state in 2023, providing citizens the right to reduce the collection of data and correct false information.