Jacqueline Lipton is a professor at the University of Pittsburgh School of Law. She has written widely on cyberlaw topics, including the impact of digital technology on various aspects of intellectual property and commercial law.
Below, Jacqueline shares 5 key insights from her new book, Our Data Ourselves: A Personal Guide to Digital Privacy. Listen to the audio version—read by Jacqueline herself—in the Next Big Idea App.
1. You have no privacy—get over it.
This statement was coined by the CEO of Sun Microsystems, Scott McNealy in 1999. If we have no privacy—and I believe it gets more true as the years pass—is the solution to “get over” it or are there things we can do to protect our privacy and autonomy in a digital world? Can we be more vigilant about educating ourselves on who holds what information about us and monitoring what do with it?
Last century, privacy largely occupied a dusty old corner of American law. Not many law schools taught privacy as a separate subject and those that did focused on the Fourth Amendment and the due process requirements. Today, the U.S. takes a sectoral approach to privacy, protecting certain types of information more stringently than others. We have a detailed health information privacy regime under the Health Insurance Portability and Accountability Act (HIPAA) and several laws that protect the privacy of financial and educational data. But individuals do not fully understand the rights those laws provide, and the way that private entities seek our consent to give away private information consistently with those laws.
While a more comprehensive legal approach to digital privacy may be preferable to the system we have, a better understanding of existing laws is a good starting point for protecting individual privacy.
2. We have no expressly articulated constitutional right to privacy in the United States.
Many readers assume erroneously that our Constitution protects our privacy. We have some implied protections under the First and Fourth Amendments (the rights to free speech and due process) but these only protect us against intrusive government action and not against the myriad data gathering activities of private entities.
“Those countries typically have dedicated government offices whose charge is to protect privacy and investigate privacy threats and harms.”
Many other countries, notably European countries, enshrine privacy as a constitutional right that must be balanced against other rights, like free speech, national security, governmental action, etc. Those countries typically have dedicated government offices whose charge is to protect privacy and investigate privacy threats and harms. In the United States, our closest analog is the Federal Trade Commission (FTC). However, its power to investigate privacy issues is incidental to its other powers to investigate harmful trade practices. The FTC has investigated many digital privacy incursions in recent years, but its powers are more limited than the powers of Data Protection Offices in other countries.
3. If you’re not paying for the product, you are the product.
When companies offer free products and services, they are not actually free. You pay with your personal data. When you download an app for free, the app’s creator is likely monitoring how you use the app, who you connect with, and also may be selling your data to others interested in selling you their products and services, or even to data aggregators who compile large scale individual profiles that they sell to anyone who wants to dig into your life.
It is very difficult for the government to regulate these practices effectively, both at the federal and state level, although there have been some attempts in recent years. There is also little political will to regulate these activities when the corporations who profit off your data have more lobbying power than privacy interest groups like the Electronic Privacy Information Center (EPIC) and the Electronic Frontier Foundation (EFF).
4. Lack of privacy may be a good thing for society.
This concept has been raised in books and movies, such as David Brin’s The Transparent Society and Dave Eggers’ The Circle. The argument is that if everyone knows everything about everyone else, then we can combat societal ills like racism, sex and gender discrimination, etc. With perfect information we can become a more perfect society.
“Crimes like fraud and ID theft increase when more information is available.”
I’ve never personally subscribed to that theory because an increasing abundance of information is available about us all the time, and that information tends to be used to manipulate groups with common beliefs and perpetuate more discrimination. Crimes like fraud and ID theft increase when more information is available. These challenges may have more to do with information imbalances than with the idea of sharing information generally, but it is difficult to imagine a world where imbalances won’t inevitably occur. In a country as polarized as the United States, sharing all of our personal information would probably do a lot more harm than good.
5. Big brother is watching.
This is the paradigm privacy quote of the 20th century, coined in George Orwell’s 1984. In Orwell’s dystopian future, the government was doing the watching, but in our society, private entities collect more data than the government. For example, for many years, media outlets reported that Facebook’s facial recognition technology—which significantly impacted privacy—dwarfed that of the FBI. Late in 2021, Facebook (now Meta) decided to switch off its facial recognition settings due to concerns about privacy protection.
Facebook has had an ongoing battle over how it uses members’ personal information, and we periodically see it revisiting its various privacy settings and practices. But Facebook is only one of myriad companies that develop large databases of personal information about users that it can use internally or sell. Widely available digital technology can be used to harvest, aggregate and transact personal data, which causes us to fight privacy battles on several fronts. Many legal restrictions on unauthorized data use apply only to the government rather than the private sector.
In the United States today, it’s imperative that we understand what privacy rights we have and which we don’t. Given the lack of a clear and comprehensive legal framework to protect individual privacy, a lot of the impetus to protect our data falls squarely on our own shoulders.
To listen to the audio version read by author Jacqueline Lipton, download the Next Big Idea App today: