Changing expectations of privacy

The BBC reports on how the expanding use of online social networking is redefining “reasonable expectations” of privacy for everyone. It cites Dr Kieron O’Hara of the University of Southhampton:

“As more private lives are exported online, reasonable expectations are diminishing. When our reasonable expectations diminish, as they have, by necessity our legal protection diminishes”.

The reason is that the law attempts to balance the “reasonable expectations” of privacy with other considerations, such as freedom of information and free speech. In New Zealand, the Bill of Rights Act 1990, section 14, enshrines this freedom (as best it can, given the unsatisfactory state of that Act):

“14. Freedom of expression: Everyone has the right to freedom of expression, including the freedom to seek, receive, and impart information and opinions of any kind in any form”.

That right remains strong, but there is no doubt that “reasonable expectations” of privacy are rapidly shifting. In the article Dr O’Hara gives the example of an embarrassing photo taken at a party:

“A decade ago, he said, there would have been an assumption that it might be circulated among friends. But now the assumption is that it may well end up on the internet and be viewed by strangers.”

Another prime example is Google’s Street View. A decade or two ago there may have been some expectation of privacy when walking in the street (although as Katrine Evans of the University of Wellington, now Assistant Privacy Commissioner, notes there is a “considerable body of [precedent] which states that innocuous photographs of people in public places will not attract the protection of the common law”).

Today, Street View routinely photographs people in the streets; there is no doubt that this sort of occurrence will be a permanent part of our lives in some shape or form. Street View has various privacy measures in place (e.g. blurring faces) but there have been cases of people caught in compromising situations and a number of court cases have been fought or are pending.

A while ago I blogged (Don’t expect privacy in cyberspace) about a US case where a girl’s public MySpace rant – ostensibly intended only for her friends – was republished in a newspaper. She claimed a breach of privacy. The Court said:

“[The student’s] affirmative act [of publishing her post on MySpace] made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material”.

The US Court’s ruling was quite sensible, however it highlights the point that not only are expectations of privacy rapidly changing, but the avenues for disseminating private information (and thereby possibly redefining what constitutes reasonable expectations) are also expanding. This is happening at the same time that the law in many common law jurisdictions (e.g. UK, US, Canada, Australia & New Zealand) is still relatively unsettled and developing. The societal changes of “the Facebook generation” has already been recognised in data loss / information security incidents, and is equally relevant in privacy law.

It is worth noting that in New Zealand’s current leading case on privacy (Hosking v Runting [2005] 1 NZLR 1) the actual existence of a tort of privacy was only accepted by a 3-2 decision. Since that time, other jurisdictions have expanded their privacy laws more liberally than the Hosking case’s relatively narrow scope. Most recently the 2008 Max Mosley case in the UK (argued on the basis of breach of confidence and “unauthorised disclosure of personal information”) has thrown up a number of related issues likely to be explored in a future New Zealand case.

Due to reasons of cost, substantial court cases involving breaches of privacy are rare. It seems likely that, whatever currently a “reasonable expectation” of privacy is, it will have changed again by the time the next case is argued.