From Regulation Watch Feed: Bridging the transatlantic divide in privacy
A clash of privacy cultures
If there is one lesson to be learned from the recent NSA surveillance scandal, it is that no government can guarantee the rights of its citizens beyond national borders – and that the internet, for better or worse, knows no borders. Nothing illustrates this better than the contentious debate on privacy in Germany and in the United States. In the United States, the right to privacy is primarily understood as a right to physical privacy, thus the protection from unwarranted government searches and seizures. In Germany, on the other hand, it is also understood as a right to spiritual privacy, thus the right of citizens to develop into autonomous moral agents. More fundamentally, American and German attitudes towards privacy reflect different underlying constitutional assumptions: privacy as an aspect of liberty or as an aspect of dignity. (Whitman, 2004: 1161; Post, 2001) As data flows defy jurisdictional boundaries, however, policymakers across the Atlantic are faced with a conundrum: how can German and American privacy cultures be reconciled?
Freedom is the most valued social good in the American constitution, while the German constitution is grounded on the idea of human dignity. Nevertheless these two potentially conflicting notions of freedom and dignity can be reconciled in the name of freedom of choice. Both the United States and German constitutions are intent on protecting citizens from undue government intrusion into their personal sphere, albeit for different historical and cultural reasons. Furthering the freedom of personal choice in order to enhance privacy could thus fulfill both the conditions of freedom as in the American, and human dignity as in the German, tradition – and avert the clash of American and German privacy cultures.
Privacy in the US legal tradition: the right to physical privacy
The majority of Supreme Court cases concerned with informational privacy are implicated in Fourth Amendment case law regulating the government’s ability to conduct searches and seizures. As James Q. Whitman points out, “at its conceptual core, the American right to privacy still takes much the form that it took in the eighteenth century: It is the right to freedom from intrusions by the state, especially in one’s own home.” (Whitman, 2004: 1161) The most famous case in this context is Katz v United States, assessing the constitutionality of federal authorities attaching an electronic listening device to a telephone booth used by Charles Katz, who was suspected of violating gambling laws. (Supreme Court, 1967) The Court decided that Katz’ Fourth Amendment rights had been violated, stipulating that “‘[t]he Fourth Amendment protects people not places’, and therefore applies to whatever one ‘seeks to preserve as private, even in an area accessible to the public’.” (Supreme Court, 1967: 351) More importantly, Justice Harlan’s famous concurrence in Katz provided guidelines for determining what constituted a privacy violation in the context of Fourth Amendment searches. According to the Katz test,
“Courts must determine: (1) whether the government conduct in question violates an individual’s subjective expectation of privacy; and (2) whether that expectation of privacy is one that society recognizes as reasonable.” (Pell 2012: 247)
The Katz test thus involves both a subjective and an objective assessment of privacy violations.1
The main problem with Fourth Amendment privacy cases, however, is that they usually need to involve some sort of unwarranted physical trespass. This was recently confirmed in 2012 in the context of United States v Jones, in which the United States government was challenged for having attached a GPS device to Jones’ car for a period of 28 days. In the context of Jones, Justice Scalia formulated a new set of requirements for what constitutes a Fourth Amendment search, namely whether “(1) a ‘trespass’ occurs; (2) the trespass is to a target enumerated in the Fourth Amendment (‘persons, houses, papers, or effects’); and (3) it occurs with the intent ‘to find something or to obtain information’.”(Pell, 2004: 247) However, the technological means of our time enable privacy violations without physically intruding into somebody’s home. This is what makes another landmark ruling by the United States Supreme Court all the more important, and in the context of the NSA surveillance scandal, disquieting.
The case in question is United States v Miller and concerns the right of the government to gain access to cancelled checks. In the context of Miller, the Supreme Court held that a person could not have any reasonable expectation in privacy for data stored by third parties. However, the Miller decision stems from 1976, when third parties still only had access to comparatively negligible amounts of personal data. In 2013, people ‘voluntarily’ entrust third parties with vast amounts of private information. Consequently, researchers Cate and Cate conclude that “the scope of the Miller decision has been greatly expanded and the balance between the government’s power to obtain personal data and the privacy rights of individuals substantially altered.” (Cate & Cate, 2012: 264) However, in the context of Jones, the Supreme Court also signaled a willingness to revisit the Miller decision. As Justice Sotomayor pointed out:
[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks … I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection. (Supreme Court, 2012: 5)
Since most public and private transactions nowadays necessitate the ‘voluntary’ disclosure of a vast amount of private information to third parties, a revision of the Miller decision certainly seems warranted. If the private sector not only had the right but also the obligation to withhold information from the public sector, government access to sensitive information could be legally constricted and also challenged.
Privacy in the German legal tradition: the right to spiritual privacy
The German legal and constitutional setup fundamentally differs from the American one. Germany has a value-ordered constitution that permeates and defines all aspects of the legislative branch. Unlike the American constitution, which Edward J. Eberle describes as “value-neutral,”(Eberle 2008: 3) the German Grundgesetz (GG; i.e., the German constitution) assumes a moral authority in the state. This moral authority is founded on the Kantian ideals of freedom as freedom through law (instead of freedom as freedom from government, like in the United States constitution) and the inviolability of human dignity. Human dignity, as stated in Article 1(1) GG,2 is the most fundamental principle underlying the German legal system and is central to both public and private law. Article 2 GG,3 namely the right to development of personality (Persönlichkeitsrecht), further classifies the nature of human dignity and constitutes the foundation of the right to privacy in German law.
The right to privacy in turn derives its primary justification from another Kantian ideal, namely the ideal of human autonomy. Accordingly, “man is his own independent agent, and is to exercise his will, idealistically, in accord with moral maxims so as to realize moral freedom.”(Eberle, 2008: 18-19) In order to act as an autonomous moral agent, however, man needs to be free. This freedom is constituted by an outer and inner freedom, outer freedom “capturing those human activities that are performed externally, in the world” and inner freedom focusing on the “erection of a personal sphere that delimits an essential core of privacy and repose within which a person can think, believe and deliberate so as to fundamentally determine who one is and how one should relate to the world, if at all.”(Eberle, 2008: 24) Privacy understood in this sense is thus a fundamental condition of human dignity and freedom, a correlation that was confirmed when personality rights were severely restricted by the extensive surveillance exercised by both the Nazi and the GDR regime – and this was well before the ‘information age’. Consequently, Germans place great emphasis on the protection of their right to privacy by the constitution.
The importance of maintaining ‘inner freedom’ to achieve the right to development of personality was demonstrated by the well-known Mikrozensus case from 1969 which assessed the constitutionality of a federal questionnaire designed to give a representative insight into the German population. Such survey would have to draw on an extensive collection of personal information which could potentially interfere with personality rights. Consequently, the Bundesverfassungsgericht (BVerfG; i.e., the German Constitutional Court) conducted an inquiry into the matter and went to develop the concept of a so-called Inner Sphere in the process. The BVerfG thus proclaimed: “Such a [pervasive] penetration in the personal area through a comprehensive inspection of the personal relationships of a citizen is also denied the state because individuals must have an Inner Space [Innenraum] in which to develop freely and self-responsibly their personalities, an Inner Space which they themselves possess and in which they can retreat, banning all entrance to the outer world, in which one can enjoy tranquility and a right to solitude.” (Mikrozensus 27 BVerfG at 6 as cited in Eberle, 1997: 994) The development of a right to an Inner Space was a reaction of the BVerfG to modern times in which the implications of computing already challenged the integrity of human dignity and autonomy. At the same time, the BVerfG sought a proportional response to the case in question. If the statistical inquiry was not overly intrusive and employed sufficient means of anonymisation, then the societal benefit derived from conducting the survey may outweigh individual privacy concerns.4
The right to an Inner Sphere developed in the Mikrozensus case from 1969 was further advanced in the context of the Volkszählungsurteil (i.e. census act decision) fourteen years later. The Federal Census Act of 1983 commissioned the regular collection and analysis of social and demographic data in the Federal Republic. The Act was met with such public outrage that it prompted the BVerfG to suspend the Act until its constitutionality had officially been proven. As Eberle points out, “the case is thus an example of the rare instance where individuals may directly pursue claims to the Constitutional Court without having to exhaust legal remedies because of an immediate threat to a fundamental right.” (Eberle, 1997: 1000) It also illustrates the suspicion with which any government collection of personal data is met by the German population. The American aversion to big government is thus matched by the German aversion to big data.
In the context of the Volkszählungsurteil the BVerfG developed the fundamental right to informational self-determination as a way of acknowledging (Census Act case 65: 42 as cited in Eberle, 1997: 1002.)
the authority of the individual to decide fundamentally for herself, when and within what limits personal data may be disclosed… [T]his decisional authority requires a special measure of protection under present and future conditions of automatic data processing. [For example,] the technological capability of storing [highly] personalized information concerning specific people is practically unlimited and retrievable in seconds… without concern for distance… [T]his information, when connected to other data sources,… can produce a complete or partial personality profile, over which the affected individual has no control, and the truth of which he cannot confirm… The possibilities of acquiring information and exerting influence have increased to a degree previously unknown.
This assessment by the BVerfG already reveals a tendency to grant individuals greater choice with regards to the processing of personal data. Contrast this approach with the Supreme Court’s Miller decision, according to which individuals effectively lose their right to informational self-determination once they disclose data to third parties – despite the fact that such disclosure may be unavoidable in the ‘information age’. Enhancing the right of individuals to choose what may happen to their personal data would equally advance the right of informational self-determination according to the German tradition and the desire for individual liberty in the American tradition – as well as a mutual desire on both parts to limit unwarranted government intrusion into people’s personal lives.
Towards bridging the transatlantic divide
But how can freedom of choice be enhanced in the area of information privacy? First and foremost, governments need to give their citizens a greater say in how far civil liberties should be constrained in the name of security. When the American Congress questioned President Obama about the alleged NSA surveillance programme, Obama replied: “You know, when I came into this office, I made two commitments […]: number one, to keep the American people safe; and number two, to uphold the Constitution. And that includes what I consider to be a constitutional right to privacy and an observance of civil liberties.” (Wall Street Journal, 2013) The order in which the President lists these rights is telling. The concern for safety comes before the concern for privacy. In the German context, however, the concern for privacy is a concern for safety. This was demonstrated once again as thousands of German citizens took to the streets to protest against US surveillance. (Breuer & Reißmann, 2013)
And even the American public is gradually becoming leery of the tradeoff between security and civil liberties. A recent poll conducted by Quinnipac University asked respondents to decide whether government anti-terrorism policies had “gone too far in restricting the average person’s civil liberties” or whether they had “not gone far enough to adequately protect the country.” In January 2010, the majority of respondents found that government anti-terrorism policies had not gone far enough. In July 2013, the balance between security and privacy seems to be shifting towards the latter. (Silver, 2013) Americans are gradually realising that the government can enter their homes not only through the front door but also through their computers. Germans, on the other hand, are becoming aware that they can hardly protect their right to privacy without American support, at least as long as their data and personal information remain stored on servers in the United States.
As American and German policymakers seem to have forgotten the fundamental values that underlie their respective constitutional systems, the public should be allowed to remind them. By advancing citizens’ freedom of choice with regards to the handling of their personal data, the goals of dignity and liberty can both be achieved. But government officials and lawmakers need to bridge the transatlantic divide. Ultimately, the internet will require an international privacy regime beyond the United States and Germany. If the “two Western cultures of privacy” (Whitman, 2004: 1151-1221) would like to influence this process, they would be well advised to begin by seeking common ground among themselves.
1. The assessment of what constitutes a ‘reasonable’ privacy violation in the eyes of society can remain problematic, of course.
2. Article 1(1) German Basic Law: “The dignity of man shall be inviolable. To respect and protect it shall be the duty of all state authority.”
3. Article 2 German Basic Law: “[E]veryone shall have the right to the free development of his personality.”
4. The efficacy of anonymization has meanwhile been called into question. See Doctorow, C. (2013)
Breuer, T., & Reißmann, O. (2013). Spiegel Online. 10.000 Menschen protestieren gegen NSA-Überwachung. Retrieved July 28, 2013, from http://www.spiegel.de/politik/deutschland/10-000-menschen-protestieren-gegen-nsa-ueberwachung-a-913513.html
Cate, F.H., & Cate, B.E. (2012). The Supreme Court and Information Privacy. International Data Privacy Law, 2(4).
Doctorow, C. Data Protection in the EU: The Certainty of Uncertainty. Guardian. Retrieved July 30, 2013 from http://www.theguardian.com/technology/blog/2013/jun/05/data-protection-eu-anonymous
Eberle, E.J. (2008). The German Idea of Freedom. Oregon Review of International Law, 10.
Eberle, E.J. (1997). Human Dignity, Privacy, and Personality in German and American Constitutional Law. Utah Law Review, 4.
Pell, S.K. (2012). Systematic Government Access to Private-Sector Data in the United States. International Data Privacy Law, 2(4).
Post, R.C. (2001). Three Concepts of Privacy. Georgetown Law Journal, 89.
Silver, N. (2013). Public Opinion Shifts on Security-Liberty Balance. Retrieved July 13, 2013, from http://mobile.nytimes.com/blogs/fivethirtyeight/2013/07/10/public-opinion-shifts-on-security-liberty-balance/
Supreme Court. (1967). Katz v. United States, 389 U.S. Retrieved August 20, 2013 from http://supreme.justia.com/cases/federal/us/389/347/case.html
Supreme Court. (2012). United States v Jones, 565 U.S. Justice Sotomayor, concurring. Retrieved August 20, 2013 from http://www.supremecourt.gov/opinions/11pdf/10-1259.pdf
Wall Street Journal (2013). Washington Wire. Transcript: Obama’s Remarks on NSA Controversy. Retrieved July 28, 2013, from http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
Whitman, J.Q. (2004). The Two Western Cultures of Privacy: Dignity versus Liberty. Yale Law Journal, 113.