As the COVID-19 pandemic continues to roil economies and confine people to the solitude of their homes, much of the public discourse regarding the pandemic is focused on defining the “new normal.” Will wearing masks become an indefinite feature of public gathering? How long will the handshake remain social taboo? Some of the behavioral norms and social expectations we take with us will be innocent, unconscious footnotes to the compendium of our moment. Others will require long overdue deliberation and dialogue. None may be more consequential than our evolving notions of data privacy and cybersecurity. The history of U.S. privacy laws and other technological disruptions may reveal a path toward achieving a more efficient privacy framework for a new normal in which privacy and economic growth share equal influence on regulatory policy.

Yet the present conversation surrounding data privacy and cybersecurity isn’t so much focused on defining a new normal but instead wondering if we will ever return to what was.

For instance, in a recent New York Times op-ed, Kara Swisher noted how Congress’ pre-pandemic interest in regulating data privacy and cybersecurity may evaporate in light of the federal government’s reliance on data to dictate policy responses. Swisher writes, "The effort to rein in tech companies had been building decent momentum before coronavirus outbreak, but it will be harder when focus needs to be on building up rather than breaking apart."

Similarly, after the Department of Health and Human Services recently stated it will relax enforcement against business associates under the Health Insurance Portability and Accountability Act Privacy Rule, some questioned whether privacy might be the sacrificial lamb offered to minimize the risk of future public health emergencies. STAT's Casey Ross wondered, "Will we go back to normal, or will the erosion of privacy become part of the fabric of American health care, accepted as the price of continued vigilance against new viruses, in the same way Americans tolerated the loss of privacy and personal freedoms after the 9/11 terrorist attacks?”

Swisher and Ross also acknowledge the immediate need to relax regulatory obstacles. But COVID-19 isn’t necessarily revealing a diminished political will for regulation or the rising social price Americans may be willing to pay for public health and peace of mind.

It is revealing that our relationship with privacy is amorphous and requires additional context in light of transformative technologies, new economic realities and public health emergencies. How can we reasonably evaluate the costs and benefits of Google or Facebook sharing location data with the federal government when it has been perfectly legal for Walgreen’s to share access to customer data with pharmaceutical advertisers? How does aggregating and anonymizing data safeguard privacy when a user’s personal data can be revealed through other data points?

The pandemic is only revealing that we’ve yet to reach a consensus on privacy norms that will come to define the digital age. 

This isn’t the first time that technology confounded notions of privacy and consumer protection. In fact, the constitutional right to privacy was born out of another public health crisis. Before 1965, 32 women per 100,000 live births died while giving birth. Similarly, 25 infants died per 100,000 live births. As a result, medical professionals and women’s rights advocates began arguing for greater access to birth control. When state legislatures sought to minimize access, birth control advocates filed lawsuits that eventually lead to the Supreme Court’s seminal case regarding the right to privacy, Griswold v. Connecticut.

As some constitutional scholars argue, Justice William O. Douglas manifested a constitutional right of privacy seemingly out of thin air. According to Douglas, while the Bill of Rights makes no mention of a right to privacy, “[v]arious guarantees create zones of privacy.” Relying on other explicit constitutional protections that imply an interest in protecting privacy, Douglas wrote, “The foregoing cases suggest that specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance.” Douglas’ majority opinion reflected the assumption that privacy is a moving target that requires flexibility to meet the social and economic expectations of a particular milieu. 

Before a constitutional right to privacy existed, technological disruption led to criticisms that sound quite familiar today. As titans of industry in the 19th century consolidated economic power in trusts and corporations, public sentiment toward those business leaders soured. Initially, state attorneys general were the first line of defense, deploying quo warranto suits against companies engaged in anticompetitive practices, which included "creating voting trust[s] by combining corporate stocks." As one scholar put it, “Quo warranto was a blunt instrument.” It cured a head cold with a lobotomy by threatening the economic growth it intended to promote.

Eventually, the federal government stepped in.

In 1890, Congress passed the Sherman Antitrust Act, which prohibited “any contract, combination, or conspiracy” restraining interstate commerce. Courts initially took a literalist approach to the act’s text, which led to a judicial reluctance in applying the full force of the law. Namely, courts remained concerned that the law’s application resulted in similar outcomes that occurred with quo warranto suits. Over the following two decades, courts adopted the common law rule of reason to provide a more flexible framework for balancing business practices against purely anticompetitive ones. The rule of reason took a more holistic view of economic competition and recognized that almost any economic relationship amounts to some degree of a restraint on trade. Consequently, the rule of reason "analysis distinguishes between restraints with an anticompetitive effect [ ... ] that are harmful to the consumer, and restraints stimulating competition that are in the consumer’s best interest."

Today, there is growing public concern over the way in which consumer data is used to consolidate economic gain among the few while steering public perception among the many — particularly at a time when privacy seems to be the price for ending public health emergencies.

But the COVID-19 outbreak is also highlighting how user data has the capacity to improve consumer well being and public health. While strict adherence to traditional notions of privacy may be ineffectual in a time of exponential technological growth, the history of our relationship to privacy and technology suggests regulatory policies can strike a balance between otherwise competing interests.

Photo by Fusion Medical Animation on Unsplash