Under a variety of laws and the US Constitution, Americans enjoy general rights to privacy. Sometimes, however, those rights are complicated—especially when new technology presents scenarios the laws’ authors didn’t contemplate.
Where is our right to privacy protected?
The constitutional right to privacy
There are no specific “rights to privacy amendment” in the US constitution. However, legal scholars and the courts have interpreted several amendments to provide a right to privacy in various ways.
- The First Amendment protects the privacy of beliefs
- The Third Amendment protects privacy in our homes.
- The Fourth Amendment protects us against unlawful searches
- The Fifth Amendment protects against self-incrimination, which allows us to withhold our own private information
- The Ninth Amendment protects privacy in all the ways that are not enumerated in the other amendments.
So although the rights to privacy amendment aren’t specifically spelled out, you could say the Bill of Rights represents a “rights to privacy Constitution.”
Legal right to privacy
The primary federal law providing a right to privacy is the Privacy Act of 1974. This law has been updated periodically to consider new methods of collecting and sharing personal information. Under the law, organizations that gather personal information must keep it secure. It may only be shared under certain, specified circumstances.
The Federal Trade Commission (FTC) ensures that businesses meet their obligations to keep private information secure. In the event that a business violates the Privacy act or rights to privacy amendment to the Constitution, it may face disciplinary action.
More comprehensive digital privacy laws are now being passed at the state level, applying the spirit of the Privacy Act and each right to privacy amendment to the digital universe.
California was first with the California Privacy Rights Act, which goes into effect on January 1, 2023. Under the law, consumers will have more control over their personal information. For example, they will be able to restrict companies from sharing their personal information with advertisers.
Since the passage of the California law, four other states have passed comprehensive data privacy laws: Colorado, Connecticut, Utah, and Virginia. Additional states are working on similar laws.
Are consumers protected?
What is the effect of the Privacy Act, state-level laws, and each right to privacy amendment?
In general, consumers can expect companies that possess their personal information to keep it safe. They can also expect that, if a company fails to do so, the company will be on the hook for any damages the breach of that data causes.
This is important because major data breaches continue to happen. In one of the most brazen, a former Amazon Web Services (AWS) software engineer illegally accessed 100 million Capital One credit card applications on an AWS server in 2019. She shared the entire trove of data on GitHub, using her full name—= leading the FBI directly to her.
Compensation for damages
Even though companies are supposed to keep data safe and pay damages in the event of a data breach, navigating the settlements can be challenging.
First, it can be difficult to know how your information is being used, if at all. Second, most settlements accept claims for a limited period of time. Many consumers may not know they’re affected until after the claims window is closed.
When news of a data breach breaks, consumers should immediately determine if their data has been compromised. If it has, they should open a claim within the settlement window. If the breach leads to significant damages, they should consult with an attorney to ensure that they receive the compensation they deserve.