Class aptent taciti sociosqu ad litora

Privacy Is a Human Right

  • October 12, 2015
  • Clayton Rice, Q.C.

When American and Canadian lawyers talk about privacy, they often cast the conversation in terms of a reasonable expectation of privacy. We go there because constitutional jurisprudence drives the conversation in that direction by the application of the reasonable expectation test in Fourth Amendment doctrine and under s. 8 of the Canadian Charter of Rights. But I ask a broader question: Is privacy a human right?

Early concepts of privacy date back to antiquity. In a paper titled Preserving Privacy in the Information Society (1998) for the International Forum on Information and Documentation, Marc Rotenberg observed, at p. 1, that philosophers and ethicists have described privacy as an indispensable characteristic of personal freedom associated with autonomy, dignity, spirituality, trust, and liberty. References to the value of private life may be found in the Bible and the history of Periclean Athens as well as other cultures.

In A Question of Trust: Report of the Investigatory Powers Review (2015), David Anderson QC began a review of British terrorism legislation with these comments about the evolution of privacy, at pp. 25-26: “It has been claimed that privacy is a ‘modern‘ concept, a ‘luxury of civilization‘, unknown (and unsought) in ‘primitive or barbarous‘ societies. But ideas of privacy, including the relative freedom of the home from intrusion, are set out in the Code of Hammurabi of Ancient Babylonia, the laws of Ancient Greece and Rome and of Ancient China. References are found to privacy in a range of religious texts, including the Bible, the Koran, and Jewish law. Anthropoligists have suggested that the need for privacy, while sensitive to cultural factors, is not limited to certain cultures. Rather, most societies regard some areas of human activity as being private, even if there are differences concerning what or how much is private; and humans need privacy to develop into adults, court, mate and rear offspring.”

According to James Michael in Privacy and Human Rights, UNESCO (1994), at p. 15, the law of privacy in England can be traced back to 1361 when the Justices of the Peace Act provided for the arrest of peeping toms and eavesdroppers. And in Entick v Carrington (1765), 19 St Tr 1029 Lord Camden wrote this in striking down an executive warrant authorizing the King’s messengers to break into the home of writer John Entick “with force of arms” and seize papers: “We can safely say there is no law in this country to justify the defendants in what they have done; if there was, it would destroy all the comforts of society, for papers are often the dearest property any man can have.” Not to be outdone by Lord Camden, here is the famous part of William Pitt’s speech to the House of Commons on the Excise Bill in 1763: “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail, its roof may shake, the wind may blow through it, the storm may enter, the rain may enter – but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement.”

The classic legal definition of privacy emerged in 1890 in a law review article titled The Right to Privacy, 4 Harv LR 1 (1890) where Professors Samuel D. Warren and Louis D. Brandeis wrote, at pp. 3 and 5: “The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others. Under our system of government, he can never be compelled to express them (except when upon the witness stand); and even if he has chosen to give them expression, he generally retains the power to fix the limits of the publicity which shall be given them. The existence of this right does not depend upon the particular method of expression adopted. It is immaterial whether it be by word or by signs, in painting, by sculpture, or in music…[T]he protection afforded to thoughts, sentiments, and emotions, expressed through the medium of writing or of the arts, so far as it consists in preventing publication, is merely an instance of the enforcement of the more general right of the individual to be let alone.”

The right to privacy, conceptualized as “the right to be let alone”, would later find expression in the first wiretap case to reach the Supreme Court of the United States in Olmstead v US, 277 US 438 (1928) by which time Professor Brandeis had been appointed to the court. In one of the most famous dissents in American constitutional history, Justice Brandeis elaborated on the right to privacy this way, at p. 478: “The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings, and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone – the most comprehensive of rights, and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.”

Fourth Amendment doctrine, however, would continue to be restricted by the concept of trespass for almost another forty years by virtue of the construction given to the opening language of the text: “The right of the people to be secure in their persons, houses, papers, and effects…”. That changed in Katz v US, 389 US 347 (1967), another electronic surveillance case, where Justice Potter Stewart concluded, at pp. 351 and 353, that the trespass doctrine is no longer controlling because, “…the Fourth Amendment protects people, not places.” Most recently, in US v Jones, 565 US __(2012) it was emphasized by Justice Samuel Alito in a concurring majority opinion, slip op., at p. 6, that the court had held in US v Karo, 468 US 705 (1984), at p. 713, that an actual trespass is neither necessary nor sufficient to establish a constitutional violation. On that question, I think Justice Sonya Sotomayer got it right in her dissent in Jones, slip op., at p. 2, that the reasonable expectation of privacy test in Katz augmented “but did not displace or diminish” the common law trespass test. Nevertheless, and most importantly for the purpose of my discussion here, it is significant that Justice Stewart in Katz, at p. 350, specifically rejected the notion that the Fourth Amendment cannot be translated into a general constitutional “right to privacy”.

In Canada, the trespass doctrine never acquired legs due to the more general language of s. 8 of the Charter of Rights: “Everyone has the right to be secure against unreasonable search or seizure.” In the landmark case of Hunter v Southam, [1984] 2 SCR 145 Justice Brian Dickson, writing for a unanimous court, said this about the different paths of Canadian and American history, at p. 6 (QL): “The American courts have had the advantage of a number of specific prerequisites articulated in the Fourth Amendment to the United States Constitution, as well as a history of colonial opposition to certain Crown investigatory practices from which to draw out the nature of the interests protected by that Amendment and the kinds of conduct it proscribes. There is none of this in s. 8. There is no specificity in the section beyond the bare guarantee of freedom from ‘unreasonable’ search and seizure; nor is there any particular historical, political or philosophic context capable of providing an obvious gloss on the meaning of the guarantee.” In adopting the reasonable expectation test, Justice Dickson went on to state, at p. 8 (QL):

“…[I]n Katz…Stewart J…declared at p. 351 that ‘the Fourth Amendment protects people, not places’. Justice Stewart rejected any necessary connection between that Amendment and the notion of trespass. With respect, I believe this approach is equally appropriate in constructing the protections in s. 8 of the Charter of Rights and Freedoms.

In Katz, Stewart J. discussed the notion of a right to privacy, which he described at p. 350 as ‘his right to be let alone by other people’. Although Stewart J. was careful not to identify the Fourth Amendment exclusively with the protection of this right, nor to see the Amendment as the only provision in the Bill of Rights relevant to its interpretation, it is clear that this notion played a prominent role in his construction of the nature and the limits of the American constitutional protection against unreasonable search and seizure.

Like the Supreme Court of the United States, I would be wary of foreclosing the possibility that the right to be secure against unreasonable search and seizure might protect interests beyond the right of privacy, but for purposes of the present appeal I am satisfied that its protections go at least that far. The guarantee of security from unreasonable search and seizure only protects a reasonable expectation. This limitation on the right guaranteed by s. 8, whether it is expressed negatively as freedom from ‘unreasonable’ search and seizure, or positively as an entitlement to a ‘reasonable’ expectation of privacy, indicates that an assessment must be made as to whether in a particular situation the public’s interest in being left alone by government must give way to the government’s interest in intruding on the individual’s privacy in order to advance its goals, notably those of law enforcement.”

In R v Spencer, [2014] SCR 212 Justice Thomas Cromwell, writing for another unanimous court, reaffirmed at para. 15 that: “This Court has long emphasized the need for a purposive approach to s. 8 that emphasizes the protection of privacy as a prerequisite to individual security, self-fulfillment and autonomy as well as to the maintenance of a thriving democratic society.” As I have discussed previously on this blog, the Supreme Court of Canada has adopted a privacy doctrine that embraces privacy as secrecy, privacy as control and privacy as anonymity that is of singular importance in the post-Snowden era. In Spencer, Justice Cromwell said this about privacy as control, at para. 40:

“Privacy…includes the…wider notion of control over, access to and use of information, that is, ‘the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others’: A.F. Weston, Privacy and Freedom (1970), at p. 7, cited in Tessling, at para. 23. La Forest J. made this point in Dyment. The understanding of informational privacy as control ‘derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit’ (Dyment, at p. 429, quoting from Privacy and Computers, the Report of the Task Force established by the Department of Communications/Department of Justice (1972), at p. 13). Even though the information will be communicated and cannot be though of as secret or confidential, ‘situations abound where the reasonable expectations of the individual that the information shall remain confidential to the persons to whom, and restricted to the purposes for which it is divulged, must be protected’ (pp. 429-30); see also R. v. Duarte, [1990] 1 S.C.R. 30, at p. 46.”

The high water mark at the international level is the Universal Declaration of Human Rights (1948). Article 12 states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation.” In a speech to the United Nations Human Rights Council on September 9, 2013, Navi Pillay, the UN’s High Commissioner for Human Rights, spoke about the right to electronic privacy and freedom from surveillance as as human right: “The broad scope of national security surveillance regimes in countries including the United States and the United Kingdom, and the impact of these regimes on individuals’ right to privacy and other human rights, continues to raise concern. Laws and policies must be adopted to address the potential for dramatic intrusion on individuals’ privacy which have been made possible by modern communications technology…While national security concerns may justify the exceptional and narrowly tailored use of surveillance, I would urge all States to ensure that adequate safeguards are in place against security agency overreach and to protect the right to privacy and other human rights.” (See: D.J. Pangburn. The UN High Commissioner Says Privacy Is a Human Right. Motherboard. September 18, 2013)

And, in the Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression (2015), David Kaye described the right to privacy in these terms, at para. 16: “Encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks. The previous mandate holder noted that the rights to ‘privacy and freedom of expression are interlinked’ and found that encryption and anonymity are protected because of the critical role they can play in securing those rights (A/HRC/23/40 and Corr.1)…The General Assembly, the United Nations High Commissioner for Human Rights and special procedure mandate holders have recognized that privacy is a gateway to the enjoyment of other rights, particularly the freedom of opinion and expression (see General Assembly resolution 68/167, A/HRC/13/37 and Human Rights Council resolution 20/8).”

At the regional level, Article 8 of the European Convention on Human Rights (1953) states: “Everyone has the right to respect for his private and family life, his home and his correspondence.” In the opinion of the European Commission, the right to respect for private life also comprises the right to establish and develop relationships with other human beings, especially in the emotional field for the development and fulfillment of one’s own personality. [See: X v Iceland, 5 Eur Comm HR 86-87 (1976)] And, Privacy International has noted in a paper titled Privacy and Human Rights: An International Survey of Privacy Laws and Practice, at p. 6, that the European Court of Justice has imposed sanctions on several countries for failing to regulate wiretapping; it has reviewed cases of individuals’ access to personal information retained on government files to ensure that adequate procedures are implemented; and, it has expanded the protection of Article 8 beyond government actions to private persons where government should have prohibited those actions.

In the digital world of the Internet, Ann Cavoukian, formerly the Information and Privacy Commissioner of Ontario (Canada) made these prophetic comments about e-commerce in a paper titled Privacy as a Fundamental Human Right vs. an Economic Right: An Attempt at Conciliation (1999) in the Abstract, at p. iv:

“Privacy is not an absolute, it never was; it is not a matter of either/or – this value or that. A balance must usually be struck somewhere along the continuum between an absolutist position of total privacy and complete anonymity vs. one that denies or negates all privacy rights. While this view recognizes that personal privacy is valued as a fundamental right, deserving of the highest protection, it also recognized that at times, personal information is used in ways that may be considered comparable to a commodity or a currency. That is to say, personal information is often traded or exchanged for goods and services, sometimes at the behest of the individual, but far too often without his or her knowledge or consent.

The extraordinary growth of the role of technology in modern life (in particular, the World Wide Web) is arguably the principle reason for the commodification of personal information, transforming it into a key to unlock services of all kinds. It is said that the vast potential of electronic commerce requires, on the most basic level, this exchange of information. Yet it is becoming equally clear that electronic commerce will not reach the dizzying heights projected unless privacy forms a cornerstone of the e-business world.”

Well, some sectors of the e-business world were rocked last week with the release of the European Court of Justice ruling in Schrems v Data Protection Commissioner, Case 362/14 (often referred to in the media as Schrems v Facebook). The court held that the Safe Harbour agreement between the European Union and the United States regarding the transfer of personal data was invalid. Specifically, the court found that: (a) legislation permitting public authorities to have access on a generalized basis to the content of electronic communications compromises the essence of the fundamental right to respect for private life; and, (b) legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data, or obtain rectification or erasure of such data, compromises the essence of the fundamental right to judicial protection inherent in the rule of law (at paras. 94-95). [See also: Digital Rights Ireland Ltd v Minister for Communications et al and Karntner Landesregierung et al, Joined Cases C-293/12 and C-594/12 (CJEU)]

Mass government surveillance thus breaches the fundamental right of European citizens to respect for private life which clearly implicates the dragnet programs of the US National Security Agency and the Government Communications Headquarters (GCHQ) in Britain. In an article titled Behind the European Privacy Ruling That’s Confounding Silicon Valley published in The New York Times edition of October 9, 2015, Robert Levine quoted Professor Mayer-Schonberger of the Oxford Internet Institute as saying: “Data protection is a right to determine how – rather than whether – one participates in sharing information. [I]t’s intended to give individuals control over every phase and stage of the use of their personal information.” The distinction is important. As Mr. Levine observed, data protection doesn’t just protect information that individuals don’t want to share, it gives them some control over information that companies have already gathered. (See also: Henry Farrell and Abraham Newman. Here’s how the Facebook case has just transformed the surveillance debate. The Washington Post. October 6, 2015; and, Maria Helen Murphy. Snowden leaks provided momentum to bring us to this crucial point in data protection. The Journal. October 7, 2015)

The ruling was universally welcomed by privacy hawks. In an article titled Privacy groups hail ‘freedom from surveillance’ in European court’s Facebook ruling published by The Guardian on October 6, 2015, Sam Thielman quoted Evan Greer, campaign director for Fight for the Future: “The ECJ has confirmed what the vast majority if internet users already know: large US-based tech companies have been deeply complicit in mass government surveillance, and have traded their users’ most basic rights for a cozy relationship with the US government. While the discussion around NSA spying has far too often focused only on the rights of US citizens, the ECJ ruling is a reminder that freedom from indiscriminate surveillance is a basic human right that should be protected for everyone, regardless of where they live.”

And in an article titled Spies and internet giants are in the same business: surveillance. But we can stop them published in The Guardian edition of October 11, 2015, John Naughton quoted Professor Lorna Woods, University of Essex, School of Law, who wrote: “This is a judgment with very far-reaching implications, not just for governments but for companies the business model of which is based on data flows. It reiterates the significance of data protection as a human right and underlines that protection must be at a high level.” Mr. Naughton goes on to describe Professor Woods’ comment as classic lawyerly understatement: “My hunch,” he wrote, “is that if you were to visit the legal departments of many internet companies today you would find people changing their underpants at regular intervals.”

Let us look, then, more closely at the language used in my privacy monologue. Professor Brandeis wrote about “the right to privacy” as “the right to be let alone”. In Olmstead, Justice Brandeis later said that “the right to be let alone” is “the most comprehensive of rights”. Justice Stewart, in Katz, rejected the notion that the Fourth Amendment cannot be translated into a general “right to privacy”. In Hunter, Justice Dickson held that s. 8 goes at least as far as to protect “the right to privacy”. Justice Cromwell, in Spencer, emphasized the protection of privacy as including a wider notion of control over, access to, and use of information. And in Schrems, the ECJ couched access to, rectification of, and erasure of personal data in the language of the right to private life.

The reasonable expectation test is therefore not an expression of the right but an analytical tool used to determine whether the right to privacy is established in a specific situation. No one suggests that the right is absolute. The reasonable expectation test is limiting by its nature. And Article 8(2) of the European Convention  provides that a public authority may interfere with the right in specific instances such as national security and public safety. Or, under judge made law, as Justice Dickson suggested in Hunter, there will be situations where the individual’s right to be left alone must give way to a compelling state interest. It is thus reasonable to conclude, based upon international, regional and national law, that the answer is: Yes. Privacy is a human right.

Comments are closed.