Federal Judges and Congress Don't Care About Your Privacy

Privacy matters to hundreds of millions of people in the United States, not just lawyers, judges, social scientists, policy makers, and companies who fear being sued over privacy violations. The right to privacy is a fundamental right recognized as existing under the Fourteenth Amendment of the United States Constitution.[1] When a right is deemed fundamental under the Constitution, it means it is so vital to human existence that life cannot be lived in any fulfilling and meaningful way without it.[2] Although the Constitution generally addresses freedoms as they pertain to an individual against the government, privacy is a much broader concept and right, one that is in grave danger. In America, both the government and big business are eroding the right to privacy.[3]

In 1890, two American lawyers, Samuel Warren and Louis Brandeis (a future United States Supreme Court Justice) struggled with and worried over emerging technologies such as cameras and gossip rags, both of which served to erode privacy in America.[4] Warren and Brandeis both realized, “mental pain and distress, far greater than could be inflicted by mere bodily injury.”[5] Despite the century and several decades gap that exists between us, their struggle remains our struggle.

Your Data Is Being Sold Without Your Consent, Which Exposes You to Identity Theft 

Currently, the government, companies, data brokers, and health providers are all collecting our personal, medical, and financial information, the most intimate details of our lives; sometimes we know about it, and sometimes—often—we do not.[6] This data is the most valuable commodity on earth, and it is being collected, packaged, and sold, often without our consent or knowing.[7]

Protecting the right to privacy means protecting this personal data, our personal data, which is comprised of the most intimate details of our lives such as our sexual preference, our sex lives, gender identity, medical history, thoughts, doubts, needs, desires, preferences, things we only tell our loved ones (and that they tell us), our emails, texts, online chats, browsing history, purchasing history, nanny cam videos, and private details about our young children. In short, privacy is a “precondition to a life of meaning.”[8] Imagine that information is vulnerable, that we are vulnerable, that our children are vulnerable. Because it is vulnerable. We are all vulnerable, which means we are unsafe unless we can somehow be protected.

When a data breach occurs, our private information, intimate data about what creates our identity and what makes us human, it is stolen by hackers from, for example, online retailers such as Target, Walmart, Amazon, LinkedIn, Equifax, TransUnion, and others, and more than likely used to steal our identity and do us personal, financial, and psychological harm.[9]

With privacy the risk is always maintaining it, and that privacy is destroyed when a data breach occurs. If used maliciously (it usually is), personal information contained in that stolen data can destroy reputations, expose private medical conditions, endanger people physically, and ruin people financially. It affects everyone, and there is no way to escape it, which is why it is so scary and so important.

You Will Be a Victim Of a Data Breach 

Unfortunately, the risk of exposure of private data of consumers is surprisingly high in the United States because 48% of consumers have been victims of a data breach, compared to the rest of the world where 33% of consumers have been victims of data breach.[10] In the United States alone that is well over a hundred million people. Worldwide 33% is several billion people.

Furthermore, 47% of consumers in the United States, who are victims of a data breach, may not know it.[11] Data breaches have disastrous consequences for companies and for people, and these studies and facts provide a prism through which to consider the legal aspect of the data breach.

The question this raises is: what, if anything, can the law do to protect personal data from being breached, stolen by hackers, and used to destroy our credit, steal from us, and ruin our reputations?

Not much, argues renowned University of Virginia School of Law Professor Danielle Keats Citron:

“Overly narrow harm requirements are the source of the problem. Courts dismiss claims because plaintiffs have not suffered tangible injuries like economic or physical damage. Federal courts use the same rationale to deny the same plaintiffs standing. Privacy harms are often intangible—emotional distress, anxiety, thwarted, expectations and other,” denials, loss of trust, the chilling of expression, damaged reputations, and discrimination. These injuries are real.”[12]

It is particularly important to view it from the legal perspective because, in theory, the law should make data breaches less likely by holding the organizations that control and fail to secure the data accountable as well as punish criminals who steal the data. Without legal accountability, there can be no deterrence, which means organizations will not be motivated or forced by the power of the law to protect individuals’ privacy.

Laws should require and incentivize businesses, medical providers, and educational institutions, and government entities all of whom store and maintain data on individuals to make that data more secure. Likewise, there should be harsh financial penalties for organizations that do not keep data safe. It cannot be assumed that organizations will make data safe, and the law must hold organizations accountable.

It is anathema to think the law might make it easier for corporations to avoid responsibility for protecting the personal data they gather from individuals and profit from financially. Unfortunately, this is precisely what is happening because of barriers created by laws, the lack of laws, and federal judges not holding those organizations accountable in court.

Lawsuits are a way of holding organizations accountable when they break the law, and slamming the courthouse door the in face of individuals trying to seek remedies for harm they have suffered is fundamentally unfair, especially when corporations do not receive the same level of scrutiny in the courts as citizens. That kind of thinking is antithetical to justice because it makes private information less safe, yet it has invaded the minds of many federal judges. It is extremely difficult for a victim or victims of a data breach to file a lawsuit in federal court without having it dismissed because the court finds no “concrete” injury that is causally linked to that injury. This is referred to as “actual harm," which is generally financial harm. And it is all necessary to establish standing, which is the standard for legal injury necessary to maintain a federal lawsuit. That harm may not be apparent or even discoverable, but the law does not allow individuals to recover for worry, anxiety, fear, and time spent to remedy the situation, nor does it provide for recovery for future harm, no matter how likely that future harm.

---

^[1] U.S. Const. amend. XIV, § 1.

^[2] Fundamental Right, LII / Legal Information Institute, https://www.law.cornell.edu/wex/fundamental_right (last visited Apr 1, 2023).

^[3] Adam D. Moore, Privacy, Speech, and Values: What We Have No Business Knowing, SSRN Journal (2015).

[4] Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 193 (1890). Professors Daniel J. Solove and Danielle Keats Citron are the foremost experts on the right to privacy and data privacy in particular in the United States, and I found their article Daniel J. Solove & Danielle Keats Citron, Risk and Anxiety: A Theory of Data-Breach Harms, 96 TEX. L. REV. 737, 741-742, fn. 22 (2018) most helpful.

[5] Id.

[6] Chris Kirkham, Jeffrey Dastin & Jeffrey Dastin, A look at the intimate details Amazon knows about us, Reuters, Nov. 19, 2021, https://www.reuters.com/technology/look-intimate-details-amazon-knows-about-us-2021-11-19/ (last visited Apr 15, 2023).

[7] Data: The Most Valuable Commodity for Businesses, KDnuggets, https://www.kdnuggets.com/data-the-most-valuable-commodity-for-businesses.html (last visited Apr 15, 2023).

[8] Danielle Keats Citron, The fight for privacy: protecting dignity, identity, and love in the digital age, Introduction, xii (First edition ed. 2022).

[9] Daniel J. Marcus, The Data Breach Dilemma: Proactive Solutions for Protecting Consumers' Personal Information, 68 DUKE L.J. 555 (2018).

^[10] Report: 33% of global consumers are data breach victims via hacked company-held personal data, VentureBeat (2022),https://venturebeat.com/security/report-33-global-consumers-data-breach-victims-hacked-company-held-personal-data/ (last visited Apr. 6, 2023).

^[11] Data breaches: Most victims unaware when shown evidence of multiple compromised accounts, University of Michigan News (2021), https://news.umich.edu/data-breaches-most-victims-unaware-when-shown-evidence-of-multiple-compromised-accounts/ (last visited Apr. 6, 2023)

[12] Danielle Keats Citron, The fight for privacy: protecting dignity, identity, and love in the digital age (First edition ed. 2022).