IAPP-GDPR Web Banners-300x250-FINAL

By Christopher Wolf
Just because you can “Google” someone, should you? This is a good question for the U.S. Federal Trade Commission, which is re-examining privacy during a series of roundtable events this winter.

One would not expect a Supreme Court Justice to weigh in on the question unless it was presented formally before the Court. But the absence of a case did not stop Justice Antonin Scalia from expressing his opinion that searching online for personal details about someone—him—is wrong. What prompted the Justice’s pronouncement? Fordham University Professor Joel Reidenberg assigned his privacy class to “Google” Justice Scalia and his family (and look at other publicly available sources), as an educational exercise to show just how much information is out there on the Internet about each of us. The search turned up family pictures, home phone numbers, and other Scalia family information not intended for the world at large. Professor Reidenberg was not stalking the Justice. Rather, he launched the educational exercise in response to the assertion by Justice Scalia at a privacy conference in January that he didn’t think “every single datum about my life is private.” (The dossier the Fordham students prepared never was released to the public.)

The Justice was furious, calling the class exercise in Googling a demonstration of bad judgment. Analogizing to the First Amendment, the Justice said that just because the law allows you to do something does not mean you should do it.
At a recent IBM-sponsored program, the issue of privacy and ethics was discussed, with a particular focus on the episode of Scalia Googling. One aspect of the issue was whether, in the Google/MySpace/YouTube era, anyone—especially a public figure—can have an expectation of privacy when it comes to publicly available information that appears online. For sure, information provided in private, or for one particular purpose, is ending up on the Internet for all to see. Does that mean there should be a rule of ethics that even though information is publicly available, one should refrain from looking at it (or downloading it)?

The rules on intellectual property are a lot clearer: Just because copyrighted sound recordings and motion pictures may be available for download on the Internet does not mean we should take them for free. It’s illegal. But there are no legal rules on helping ourselves to freely viewable personal information online. That, as Justice Scalia has put it, is a matter of “judgment.”

To be sure, there are legal restrictions on what personal information can be accessed from credit bureaus and for what purpose it can be used. And other companies that provide personal information to law enforcement and business operate under legal rules. But for the great maw of information available online, it is pretty much “anything goes.”

In his book, Delete: The Virtue of Forgetting in the Digital Age, Viktor Mayer-Schönberger explains that forgetting is a natural human process, but that digital technology and cheap storage make forgetting impossible. So we appear to be approaching the fictional world of the movie Defending Your Life with Albert Brooks and Meryl Streep, in which every episode in one’s life is recorded for later viewing (to pass judgments).
As much as Justice Scalia would like, it is unlikely that society will develop ethical norms about accessing freely available online personal information. So should we just throw up our hands and conclude in the words of former Sun Microsystems Chairman Scott McNealy that “there is no privacy, get over it”?

Actually, privacy is both a matter of giving and taking. Yes, personal information online is free for the taking and that is not likely to change. But we still have lots of ability to control what personal information is taken from us, and for what purpose—the personal information that has the potential to end up online for public view. The legal and ethical problem so far has been on how we are informed about who is taking our information, for what purpose, with whom it is being shared, how long it will be retained and when (and how) it will ultimately be destroyed.

The Federal Trade Commission has gotten a lot tougher recently about the notices that companies give about the collection of online information, and new FTC leadership is focusing hard on that question. Congressman Rick Boucher is proposing new legislation to control online tracking of consumers for targeted advertising. And many think that our “digital natives,” the kids who have grown up with computers and social networking sites, need to be educated about the permanent record that the online world creates. Funny pictures from a fraternity bash or an irreverent “tweet” on Twitter may impede a young person’s educational or job opportunities.

Responsible companies, too, are recognizing, as a matter of law and business ethics, that providing clear and timely notice to consumers about the collection and use of information from them builds trust. In this age where information is the lubricant of commerce, being fair to people about their personal information is not just the right thing to do, it is good business. The Future of Privacy Forum, a think tank focused on privacy issues, is working on new ways online marketers can engage users about how their Web activity is being used for tailored advertising.

So, we may never solve the problem of all of us becoming online voyeurs, accessing and looking at personal information about others because we can. “Googling someone” has entered common parlance precisely because it is common. But as technologies accelerate in their ability to collect information about us, providing each of us with control on the input side of things is imperative.

Mr. Wolf leads the privacy law practice at Hogan & Hartson LLP and is the co-chair of a think tank focused on privacy issues, the Future of Privacy Forum. This article is an adaptation of a recent presentation at the IBM IT Services Legal Summit in New York City.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»