The landmark ruling in the Dobbs vs. Jackson Women’s Health Organization overturned Roe vs. Wade and returned the regulation of abortion to the individual states. Unless you have been living under a rock (lucky you), you have likely heard about how the ruling ties to women’s health. Legal experts are now questioning how the Dobbs ruling will impact the future of privacy in the U.S. and the protection of people’s privacy rights as inferred by the U.S. Constitution.
First, consider the fact that personal privacy issues like abortion are directly related to data privacy. Until the recent ruling in Dobbs vs. Jackson, abortion was considered protected under the Due Process Clause of the Constitution’s Fourteenth Amendment. This clause was interpreted by lawmakers to provide a fundamental “right to privacy” (see Roe vs. Wade), thereby protecting a pregnant woman’s right to an abortion.
Now that the landmark ruling has been overturned, many questions arise about privacy rights under Dobbs. What privacy, if any, is protected under the Constitution? Do we as individuals have a fundamental right to privacy?
First, What is Data Privacy?
Data privacy, by definition, is the branch of data management that deals with handling personal data in compliance with data protection laws, regulations and general privacy best practices. Data privacy is centered around how data should be collected, stored, managed and shared with any third parties. It also has implications for compliance with applicable privacy laws – such as the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR).
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person (such as health records, social security numbers, address, gender, race, etc.), also constitute personal data. We as humans have a basic right to privacy that we govern ourselves – our individual ability to determine for ourselves when, how and for what purpose our personal information is handled by others.
Have you ever posted a selfie on Instagram? Tweeted about a recent trip? Shared your kid’s first day of school picture? Filled out a form online? Each post, picture shared, word tweeted, comment made or form fill was a conscious decision you made as an individual concerning your private data. Once your picture, comment, etc., is posted, it is no longer yours. When posting, sharing or commenting, you are agreeing to the platform or social media site’s privacy policy. You have essentially transferred ownership of the data from yourself to the platform where it is shared.
Data Privacy and the U.S. Constitution
Protecting privacy is key to ensuring our human dignity, safety and self-determination. It allows us as individuals to freely develop our own personality. The United States currently has a mix of laws concerning privacy protection that are known by their acronyms, including:
- HIPAA (Health Insurance Portability and Accountability Act)
- FCRA (Fair Credit Reporting Act)
- FERPA (Family Educational Rights and Privacy Act)
- GLBA (Gramm-Leach-Bliley Act)
- ECPA (Electronic Communications Privacy Act)
- COPPA (Children’s Online Privacy Protection Rule)
- VPPA (Virtual Power Purchase Agreement)
However, the data collected by the vast majority of products people use every day is not regulated.
In the U.S., federally, we are governed by the Constitution. However, the only explicit mention of “privacy” is found in the Bill of Rights rather than the Constitution. In the Fourth Amendment, the framers of the document penned that the Constitution “protects the right of privacy against unreasonable searches and seizures by the government.” If we consider privacy as it pertains to the Constitution, the government cannot search or seize under unreasonable circumstances. But, it can access your social security number, do a facial recognition scan, or even take a picture of your license plate at a toll booth – all of which you, as an individual, have no control over.
Even though the word “privacy” is only written in one of the amendments, the Bill of Rights reflects the concern of James Madison and other framers for protecting specific aspects of privacy, such as:
- Privacy of beliefs (First Amendment)
- Privacy of the home against demands that it be used to house soldiers (Third Amendment)
- Privacy of the person and possessions against unreasonable searches (Fourth Amendment)
- Privilege against self-incrimination (Fifth Amendment), which provides protection for the privacy of personal information
In addition, the Ninth Amendment states that the “enumeration of certain rights” in the Bill of Rights “shall not be construed to deny or disparage other rights retained by the people.” The meaning of the Ninth Amendment is elusive, but some, including Supreme Court Justices, have interpreted the Ninth Amendment as justification for broadly reading the Bill of Rights to protect privacy in ways not specifically provided in the first eight amendments.
Broad interpretation, however, is very difficult to govern in a country of 335 million people. As we have seen in the recent Supreme Court overturn of Roe V Wade, lawmakers on both sides of the aisle are at odds with what the true interpretation of privacy is and where it is protected.
We are at a pivotal moment as it pertains to the future of privacy in the U.S. It would serve lawmakers to look at the broader issue of privacy and develop federal legislation that further protects Americans’ right to privacy.
State Privacy Laws
There are currently five states – California, Colorado, Connecticut, Utah and Virginia – that have enacted comprehensive consumer data privacy laws. The laws have several provisions in common, such as the right to access and delete personal information and to opt out of the sale of personal information, among others. Additional laws have been enacted in various states around the country related to the online safety of children (California) and e-reader privacy (Arizona, California, Delaware and Missouri).
The overturn of Roe V Wade has caused a cascade of states’ trigger laws to become active. Trigger laws are often unenforceable but may achieve enforceability if a key change in circumstances occurs. Many states have trigger laws that have been waiting for a Supreme Court ruling like the one we just witnessed in the Dobbs case.
By overturning Roe V Wade, these trigger laws have been set into motion, further debilitating a woman’s right to her own privacy as it pertains to her health. Women can no longer choose what to do with their bodies with regard to reproductive health; the state will choose for them.
Data Privacy in Other Countries
The United States Congress has been unable to pass a comprehensive federal law that regulates privacy in the U.S. Meanwhile, countries such as the United Kingdom and the European Union have defined privacy through the General Data Protection Regulation (GDPR) to include the following individual rights to privacy:
- The right to be informed – How companies collect and use an individual’s personal data
- The right of access – To know exactly what information companies have collected, how they are storing and processing the data and how they are using it
- The right to rectification (correction) – To have incomplete data completed and incorrect data corrected
- The right to erasure – To have data permanently deleted
- The right to restrict processing – If individuals cannot require the data to be erased, then they can restrict the processing of that data
- The right to data portability – To obtain and reuse personal data for their own purposes across multiple, different services
- The right to object to the processing of their personal data
- The right to not be subject to automated decision-making – To demand human intervention
The future of privacy in the U.S. could be assured if Congress would pass a comprehensive law like GDPR. In this case, matters such as reproductive freedom and data privacy would be regulated, ensuring privacy for all parties involved and steep fines for those who do not comply.
Business Responsibility Regarding Privacy
Businesses can not operate without processing personal data in some way. However, in order to stay compliant, companies now have to manage personal data in a transparent and compliant manner, be accountable for personal data they process, and adhere to privacy principles. Otherwise, they risk huge regulatory fines, loss of customers’ trust, investor disapproval and data breaches.
Privacy laws like GDPR have pushed privacy-advanced companies to digital transformation, giving them a competitive advantage. In this age of data economy, true company value lies in the collected personal data. This means data is an asset worthy of protecting and keeping. Business leaders often forget that the personal data of individuals processed by the companies is only borrowed.
Privacy laws enable individuals to exercise their rights, including the right to be forgotten. In certain circumstances, individuals can take back ownership of their data. In order for companies to keep the data and maintain trust, they will have to demonstrate transparency by openly communicating how they process and manage personal data.
What's in Store for the Future of Privacy in the U.S.?
The bottom line is that as individuals, we can take control of our data privacy starting now. Here are a few things to consider when sharing your data. Know the what, how, who, why, when and where of your data:
- WHAT: Think about what you are sharing online and elsewhere and why/if it needs to be shared.
- HOW: How are you sharing your data? Through social media platforms, dating apps, other applications?
- WHO: Know who is looking at your data. Do they have a privacy policy on their website? Do they mention how they are processing your information? If not, run in the opposite direction.
- WHY: Read the privacy policy on the website. Understand why they need to collect your data to begin with.
- WHEN: Know when your data is being collected as well as how long it will be retained and when it will be destroyed. Again, read the privacy policy. If these things are not addressed, send an email to the company asking for more information. Or, move on to the next website.
- WHERE: Know where your data is being stored (again, read the policy). Is it stored on a server? In the cloud (most things are now)? Be informed.
Be a part of protecting the future of privacy in the U.S. The only person who can really protect your information is you. Be wise in what you post, why you post it (is it necessary), and how you share your data.
