In January 2019, Dana Nessel was sworn in as Michigan’s 54th attorney general. Since then, Attorney General Nessel has leveraged her experience in fighting for civil rights and has been an outspoken advocate for consumer protection, including the right to privacy.

Nessel began her legal career as a prosecutor and later started her own criminal defense and civil rights practice. She represented plaintiffs in civil rights actions and became involved in litigating LGBTQ rights issues in Michigan. Her efforts in this area contributed greatly to the expansion of LGBTQ rights, including the fundamental right to relationship and marriage privacy. She represented same-sex couples in an action that was later consolidated with Obergefell v. Hodges, in which the U.S. Supreme Court ultimately recognized the right to same-sex marriage in the United States. 

Earlier this year, Nessel testified in favor of state bills that would ensure victims’ privacy rights in Michigan. More recently, Nessel has publicly spoken about the impact that the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization decision could have on privacy.

The Privacy Advisory had an opportunity to discuss Nessel’s ongoing work in the area of consumer privacy as well as her reaction to Dobbs, thoughts on state consumer privacy legislation and the spread of misinformation online.

Michigan Attorney General Dana Nessel

The Privacy Advisor: In reversing Roe v. Wade, the Supreme Court called into question decades of precedent built upon the idea of a fundamental right to privacy. You have worked extensively to ensure rights for the LGBTQ community, many of which are rooted in privacy. How do you envision this ruling will impact other rights that are premised on the right to privacy? How has this ruling impacted Michigan and what other changes do you expect to see in your state? 

Nessel: The loss of the federal right to abortion care is a travesty. The decision in Dobbs stripped American women of a fundamental right to bodily autonomy and laid bare the vulnerability of other protections and freedoms we rely upon. As we know, the basis for the right to abortion established by Roe v. Wade was the right to privacy and that precedent extends to more than just choices related to reproductive health care. I believe it is critical that those of us who understand the impact of that reversal of Roe communicate the potential far-reaching impact of the Dobbs ruling. Justice (Clarence) Thomas all but extended an invitation to bring challenges to other critical decisions in his concurring opinion when he wrote, “In future cases, we should reconsider all of this Court’s substantive due process precedents, including Griswold, Lawrence, and Obergefell.”

In Michigan, a 1931 statute criminalizing abortion would be in effect but for an injunction from the state’s Court of Claims and a temporary restraining order recently issued at the Circuit Court level to criminal prosecution in two separate lawsuits. While these legal measures protect abortion access in the short term, the only way to ensure access is by passing a ballot measure guaranteeing reproductive health care that will appear on the state’s November ballot.

The Privacy Advisor: Federal law protects the privacy of medical files at clinics and hospitals, but third-party applications and technology companies can sell certain data, including location data, search histories, and health information, including period and ovulation tracking data. Taken together, this data may be used to determine whether someone has terminated a pregnancy. In the wake of Dobbs, what steps would you like to see tech companies and individuals take to better protect personal data? What legislation might be appropriate?

Nessel: In the wake of Dobbs, my department cautioned consumers about the potential for apps that track menstruation and ovulation to gather and sell personal health data to entities that may use it for purposes not obvious to the user. While it is unclear how the data could be used in states where abortion is not legal, it is imperative that consumers be made aware of potential risks. In Michigan, our Consumer Protection Act is restricted by two state supreme court rulings that exempt any industry that is otherwise generally regulated from enforcement under the act. Those rulings greatly limit the ability of my department to pursue bad actors operating in those regulated industries.

I believe it is imperative that state legislatures act to ensure the privacy of consumers and evaluate existing consumer protection laws for adequate protections and enforcement. Otherwise, many residents may find themselves in a vulnerable position with little to no protections.

The Privacy Advisor: Five states have passed comprehensive privacy legislation in the last few years. Michigan House Bill No. 5989, which would create the Michigan Consumer Privacy Act, is currently pending in the House. The bill mirrors similar laws in Colorado, Connecticut, Utah and Virginia, and gives the attorney general exclusive enforcement powers. Does your office have interest in this legislation or other similar efforts and do you expect Michigan to join the growing number of states with a consumer privacy act?

Nessel: I welcome additional statutory tools to help protect Michigan consumers. Consumer protection is one of the primary functions of my department and one of my top priorities as attorney general. I will continue to lobby in support of legislation that extends additional protections to consumers, and I would hope Michigan legislators recognize the value of such legislation for their constituents.

The Privacy Advisor: Are there any changes you would like to see in the Michigan Consumer Privacy bill? 

Nessel: I believe this legislation would go a long way in providing Michiganders with privacy protections in relation to the data that they have online. As noted, we have seen similar legislation enacted in other states, and this model — which mimics the Virginia legislation — provides a person with the ability to have a greater say in what information of theirs is findable online and the ability to edit and delete that data.

The Privacy Advisor: You recently testified in support of Michigan House Bills 4798 and 4974, which address safety concerns arising last year when the Michigan Court of Appeals ruled in People of the State of Michigan v. Ricky Dale Jack that a prosecutor must provide a defendant with victim and witness information, including their addresses and telephone numbers. In this age where information is so easily spread online, why is it important to ensure privacy for victims and how do you balance this right to privacy with the defendant’s right to access information to prepare for trial? 

Nessel: It takes great strength and courage for victims to face their abusers or assailants. Those who do so are among the most vulnerable individuals in our judicial system — and they deserve and need encouragement and protection. 

Providing witnesses’ and victims’ addresses during a criminal trial will deter victims from participating in the criminal justice system. And giving abusers access to phone numbers and addresses puts at grave risk these brave individuals who, in the pursuit of justice, are willing to testify against defendants.

The practice of redacting the addresses and phone numbers of victims and other witnesses is longstanding. Any problems with prosecutors’ withholding such information are resolved easily by motion. There is no need to create a process where personal information of victims and other witnesses are indiscriminately published.

In addition, the legislation does not shift any burden onto the defendant, other than the responsibility to explain why the defendant needs the victim’s or witness’s information. This is not a high bar, and it is a small ask in light of the importance of protecting the safety of victims and witnesses.  

The legislation helps to remedy the obstacles People v. Jack created. It aims to help shield victims who fear their assailants and adds a layer of protection for their personal information. Furthermore, it requires proof that the address of a victim or witness is absolutely crucial to the integrity of a criminal case. And, it discloses the contact information essentially under a protective order that shields the information from falling into the wrong hands and being used for nefarious purposes. These measures will go a long way to stem witness intimidation and show good-faith support for victims and witnesses.

I also advocated for Michigan’s Address Confidentiality Program. The program will be housed in the Department of Attorney General and allows certain crime victims to apply for and receive a designated address to be used in place of their actual address. 

The state legislature allocated $500,000 in next year’s budget to begin implementation. My department is currently in the process of recruiting and training staff from community organizations in how to access the program for people in need with a goal to fully launch the program in February of 2023. This is an important service for crime victims who would be left otherwise vulnerable if their actual address were publicly available.

The Privacy Advisor: In terms of privacy law enforcement mechanisms, what is your view on a private right of action, enforcement through the attorney general’s office or enforcement by a separate agency (as California is preparing to do)? What resources would you need if your office were tasked with enforcing a comprehensive state privacy law as it would be under the Michigan Consumer (Protection Act)?

Nessel: I would support both a private right of action and the ability for my office to enforce privacy mechanisms laid out in the Michigan Consumer (Protection Act). My office actively works in the consumer protection space and will seek to enforce the legislation should it be enacted. However, providing a private right of action ensures that if a future attorney general does not prioritize consumer protection (as we’ve seen in previous administrations) consumers themselves could ensure their personal information can be accessed, corrected and deleted.

The Privacy Advisor: In light of the Jan. 6 attack on the U.S. Capitol and the plot to kidnap (Michigan) Governor (Gretchen) Whitmer, how do you view the competing interest between freedom of speech and association versus the need to monitor and censor harmful or misleading speech? When it comes to online platforms, what is your view on how to handle those competing interests and who is best equipped to do so?

Nessel: As attorney general, I created and expanded my department’s Hate Crimes and Domestic Terrorism Unit. These are typically complex crimes that can span multiple jurisdictions and require resources beyond what local law enforcement can devote. My department partners with federal law enforcement to pursue these crimes and works with local law enforcement to deliver training for officers and provide support for cases in their jurisdictions. 

Hate itself is not a crime and our civil liberties protect the right to speak about even the most terrible of things. But when a criminal offense is committed against a person or property and it is motivated by an offender's bias against a particular group, then my office will act.

Our federal partners and the Michigan State Police are trained and equipped to monitor social media platforms and other technology to identify communication that goes beyond the protections of the First Amendment.

My department also works with the Michigan Department of State and Secretary of State (Jocelyn) Benson to dispel misinformation around the elections process. While this misinformation may not necessarily constitute a crime, I believe it is my duty to use the resources of my office to disseminate accurate information to guard against voter disenfranchisement.