Privacy Advisor

Q&A with Summit Keynote Speaker Jeffrey Rosen

February 1, 2008

By Mike Spinney

The IAPP Privacy Summit 2008 returns to our traditional spring location: Washington, D.C. In keeping with its setting in the U.S. Capitol, the Summit's emphasis is usually centered on issues of policy. Each year there are significant developments in the U.S. and overseas that exert tremendous influence on how privacy practitioners do their jobs.

Whether it's a new state law related to identity theft or credit freeze, a new directive from the European Commission, a new twist on privacy regulation out of Canada or Latin America, or the development of privacy law and regulation from one of the important Asian markets, the evolution of privacy is a continuous process within the world's legislative assemblies.

Here in the U.S., the federal government has been relatively quiet on the issue of privacy of late. Bills have been proposed and discussed, but because the presidency is in a state of transition, and with elections coming at the end of the year, no significant new laws are anticipated from Congress. But that doesn't mean the federal government won't have an influence on privacy in the U.S.

While the executive branch prepares to turn over, and while the legislative branch awaits the outcome of the November elections, the judicial branch of the U.S. government remains a force to be reckoned with as laws are challenged. Indeed, the very concept of privacy is one that has deep roots in American law, and a tradition that continues to this day.

At the Summit, the U.S. Supreme Court and its role in the evolution of U.S. privacy law will be the focus of two keynote addresses. One of those keynotes will be delivered by author, scholar and friend of the IAPP, Jeffrey Rosen. Rosen is a George Washington University law professor and frequent media commentator. He has written a number of books on privacy and the Supreme Court, the most recent being The Supreme Court: The Personalities and Rivalries that Defined America.

Rosen took some time recently to answer a few questions for The Privacy Advisor:

Privacy Advisor:
In your view, what are the origins of privacy law in the United States? Did they begin with Louis Brandeis' famous statement, and what do you think Judge Brandeis would think of privacy law today?

Jeffrey Rosen: Privacy law in the United States begins with the framing of the Constitution and the Bill of Rights. The framers of the Fourth Amendment were galvanized by King George's efforts to retaliate against his political enemies with general warrants that authorized the King's agents to rummage through the houses of hundreds of innocent people in an effort to identify the authors of anonymous pamphlets criticizing the King.
A hundred years later, in his famous article, Louis Brandeis called for the creation of civil remedies for privacy violations by private citizens. Since Brandeis went on to imagine the age of cyberspace, and worried that secret letters could be extracted from desks without breaking into the home and then introduced in court, I imagine he'd take a grim satisfaction in the fact that his predictions have been vindicated.

PA: Is the consumer's view of privacy more similar to that of the Supreme Court than the view held by industry? How much sympathy can an increasingly frustrated consumer expect from the courts as privacy law works its way up through America's legal system?

Privacy means different things to different people. Some consumers are more concerned about email privacy; others about the right to control their data, but speaking broadly, Americans are more concerned about privacy invasions by government, unlike Europeans who care more about privacy invasions by the private sector. As a result, both Congress and the Supreme Court have been reluctant to embrace broad constraints on data sharing by the private sector, although they're perfectly willing to constrain the executive branch.
In Europe, the balance is precisely the opposite. For all these reasons, American consumers shouldn't expect that the main solution to their concerns will come from the Supreme Court.

PA: How involved in the issue of consumer privacy rights do you expect the Supreme Court to be?

JR: It hasn't been terribly concerned in the past. If the next President adopted a privacy bill of rights, as Hillary Clinton has proposed to do, more court cases might emerge.

PA: What are the key legal issues that privacy professionals might see eventually being decided by the nation's highest court?

Are there limits on ubiquitous, dragnet surveillance technologies that can track people from door to door, and record each of their moves online? Do brain scan technologies that purport to detect hidden bias or identify a propensity to violence violate our mental privacy? Does the Constitution protect a sphere of "cognitive liberty?"

PA: In an increasingly global marketplace a great deal of pressure is being exerted on American industry by foreign jurisdictions to comply with, for example, European Union law rather than U.S. law. Do you feel this conflict will be settled by U.S. courts, or is this an issue for the markets to decide?

JR: Unless the interpretation of treaties are involved, I'd expect the markets to take the lead.

Does the U.S. legal system recognize a difference between consumer privacy rights and personal privacy rights? If so, please describe this difference and whether or not the average citizen understands this difference. If not, please offer your opinion as to how the courts have come to view these two sides of individual privacy — and whether the Supreme Court may upset that balance.

The U.S. legal system recognizes strong differences between privacy invasions by government and those by the private sector. It's much more willing to impose constraint on the government than on industry. That may not make much sense in a post 9/11 world where the government and industry are increasingly working together to create databases for national security, and to share data with our European partners. Whether the Courts will change their focus in light of this new reality remains to be seen.

PA: Will case law related to privacy rights move quickly into and through the courts, or will this be a slow process?

The law always progresses at a stately pace — it changes far more slowly than technology and politics.

PA: What elements of privacy rights in 2008 and beyond do the courts find most vexing?

JR: Identifying how much privacy citizens actually expect, and whether it's reasonable for them to do so.

PA: What do you think IAPP Summit attendees will find most surprising about what you have to say at your keynote address in March?

JR: I'm not sure, because I haven't finished it. I'm looking forward to surprising myself!

See Jeffrey Rosen speak at the IAPP Privacy Summit 2008 in Washington, D.C., March 26-28. Register at

Mike Spinney, CIPP, is a principal at communications consultancy SixWeight, providing privacy-savvy. He is a member of the Ponemon Institute, co-chair of the IAPP's Boston KnowledgeNet chapter, and a frequent author and speaker on privacy issues. Mike can be reached at 978-597-0342, or