Blog Post

Now’s the time for a Web 3.0 right to privacy

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

As social-media sites become more prevalent and individuals share more and more details of their personal lives online, I think we need to rethink the bounds of our right to privacy. Not to regulate technology or industries — I actually think government should tread cautiously on that front — or to limit how authorities can access our information, but to protect us from each other.

Existing remedies have arguably worked well over the last century or so, but they don’t stand up very well in today’s web-centric world. By tomorrow — as I explain in a recent Long View on GigaOM Pro (sub req’d) — they’ll be obsolete.

What we call a right to privacy

Although the Constitution doesn’t expressly grant a right to privacy, court decisions and statutes have effectively created one over the years. Now there are somewhat clear limitations on how much the government can interfere with our personal lives, or where the 4th Amendment begins and ends. There are also criminal statutes that protect us against privacy violations by private citizens, such as cybercrime or actual physical intrusions of our personal space.

Often times, though, invasions of privacy merely hurt our feelings. In this case, we’re left with a collection of common law or what are called “tort” claims: intrusion upon solitude, publicity given to private life, appropriation of name or likeness, and publicity placing a person in a false light. They’re defined generally in Section 652 of the Restatement (Second) of Torts (excerpted here), although every state that recognizes them probably has slightly different interpretations.

Publicity given to private life is probably the most interesting because, unlike libel or slander, truth isn’t a defense. And if you’re upset about someone publishing your private details online, that claim is probably your best bet for redress. But in the Web 3.0 era and beyond, it’s probably not enough.

The web changes everything

Our invasion of privacy tort claims were spurred in large part by an influential 1890 Harvard Law Review article by Samuel Warren and future Supreme Court Justice Louis Brandeis. They were concerned that the invention of the camera, as well as more-invasive journalistic techniques, would result in undue damage to our “right to be let alone.” Newspapers represented an ideal channel for spreading idle gossip about just about anybody and publishing photos that put names and potentially embarrassing details to otherwise anonymous faces in the crowd.

The publicity-given-to-private-life claim has withstood the last century’s technological innovations, such as the television and instant cameras, but it’s antiquated in the face of the web and social media. For one, it carves out an exception for newsworthiness that’s potentially problematic in an age of citizen journalism. It also requires that the information “would be highly offensive to a reasonable person.” Finally, its requirement of publicity instead of mere publication is very limiting and written for a traditional media world. Here’s how the Restatement describes the difference:

“Publication[]” … is a word of art, which includes any communication by the defendant to a third person. “Publicity,” on the other hand, means that the matter is made public, by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge.

However, in a world where there’s the potential for even a seemingly innocuous photo to go viral, these distinctions make for some very difficult line-drawing, for example:

  • If a celebrity’s friend tweets a photo of that celebrity smoking pot in his own house, is that information protected because it’s newsworthy?
  • If I’m an individual who simply wants to keep to myself — no Facebook, no Twitter, not even an email address — is writing about me on a personal blog or Facebook page, or uploading (and/or tagging) photos of me, “highly offensive to a reasonable person?”
  • Even if a disclosure is highly offensive, does publication via social media constitute publicity? What if the publisher only has 3 friends? Or 100? Or 2,000?
  • Does something going viral change a publication among friends into publicity?
  • What if a Flickr (s yhoo) photo from an intimate dinner with friends, not highly offensive, but potentially embarrassing just because someone is ugly, goes viral and the subject becomes a laughing-stock? What’s the recourse?

But it doesn’t stop there. As I discuss in more detail in my GigaOM Pro piece, the confluence of facial-recognition technology, cloud computing and big-data processing could soon make it possible to determine a person’s name and any publicly accessible information about them via a mobile app. Nefarious types with some data-science skills could predict your Social Security number knowing just your name, age and hometown. And it all starts with a single photo on Facebook.

For someone who has intentionally kept a low profile online to avoid sharing personal information, the advent of such technologies completely undermines that personal decision. Far from being just a face in the crowd or a guy at the end of the bar, anyone with a mobile phone and $4.99 app could know more personal information than that person would ever share willingly. All because his friends are sharing the details of their own lives online.

I don’t know how exactly judges and legal scholars might create a new tort claim to balance individuals’ interests in privacy against other individuals’ freedom of speech and technological progression, but it seems like the time is right — more than 120 years after Warren & Brandeis — to rethink our right to be let alone. In an era of viral video and social graphs, information travels faster and further than ever before, making it more important than ever to determine whose right it is to tell their own story.

Feature image courtesy of Flickr user striatic.

9 Responses to “Now’s the time for a Web 3.0 right to privacy”

  1. Mary Ludloff

    I am in agreement with the sentiment but am not at all sure that you can enforce it. Terence Craig and I just finished a book on “Privacy and Big Data” and came to this conclusion: what happens on the Internet stays on the Internet forever. Your point about networked privacy (something Danah Boyd talks about quite often) and having some control over your personal information is a sentiment I share. But, as Boyd has said in the past: online you are public by default and private by a whole lot of effort. The problem is not only with your network of friends and family that may share things about you but also by the fact that our online data is copied so many times. Once your data is “out there” you cannot stop how many times it is copied and sold. There’s also the linkage fact: with three pieces of information, gender, birth date, and zip code, you can be identified 87% of the time. I don’t know about you, but my three pieces of information are all over the Internet and I spend a great deal of time trying to protect my privacy.

    Sadly, today the only way we can protect our right to be let alone is to be vigilant with friends, families, and profession colleagues about our stance on privacy and our desire to keep videos, photos, stories, etc., that include us off the Internet unless we give our permission. I have had this conversation many times and let’s just say some of my circle think I am a bit nuts about this issue. I, of course, think that they simply don’t understand how much of their personal information is out there and how it is bought and sold for unknown purposes!

    • Derrick Harris

      Enforcement is never easy, but I do think something will happen at some point to bring information-sharing back to earth at least minimally. Judges might be willing at some point to expand the scope of publicity of private facts beyond its current bounds, even if only in extreme cases. If I can’t ever take information back once someone puts it out there, don’t I deserve some avenue of recourse against the person who put it out there? Especially if I’ve suffered because of it?

      The law has to keep up with technology somehow, although, as I note, where to draw those lines is the million-dollar question.

      • Derrick great article – as Mary mentioned we didn’t hold out a lot of hope in our book for the ability of the law to help with privacy for a few reasons:
        1. The pace of technology innovation is changing so fast that legal remedies are always going to be focused on yesterday problems.
        2. The global reach of the internet and the ease of moving data to places that have a more lenient view of privacy. This has already happened with the IP scofflaws running torrent sites. I think we will see the same sort of jurisdiction shopping for data markets selling individual data as well. To effectively protect privacy, we would need an international set of laws and the huge differences in how different countries define and value privacy make this extremely unlikely.
        3. Finally some of the largest collectors and abusers of data are governments themselves. Government agencies either ignore privacy laws or create special carve outs in the name of security/social order. This is a disturbing trend across the world including the US.
        If you drop me an email at bigprivacy (at) patternbuilders .com I will ask O’Reilly to send you a review copy of the book – would love to get your thoughts on it.

  2. Privacy == Self Calibration of one’s vulnerabilities. This fundamental requirement is woven into the laws of most civil societies in a variety culture specific ways.

    The InterWeb is fast becoming a unified global space for where societal norms are getting left behind at the expense of social media and social networks.

    I’ve written more than enough about the WebID protocol and its ability to deliver Access Control List functionality at InterWeb scale via the fusion of Structured Data, Trust Logic, and PKI. Thus, I encourage you to take a look at what’s happening on this front as Privacy, Security, Structured Data, and fine-grained Data Access are the key drivers behind the Web’s 3rd dimension i.e., Web 3.0.


    1. — Hyperland (InterWeb) is here, no longer a futuristic vision

    2. — WebID protocol

    3. — Web 2.0 struggles and why the Semantic Web Project finally has a coherent foundation for value comprehension and exchange .

  3. No you can’t get it back into the bottle however we should still look into ways of limiting how far it disperses. When you spill milk on the floor you don’t just stand and let it go wherever it pleases, you try to limit how far it spreads.
    There is also a generational aspect. People of a certain age and less have grown up with little regard for privacy on the web and to them it’s no big deal to upload embarrassing pictures of yourself.

  4. Detlev G. Pinkus

    Cybercrime is the most important fact, and as long as social network companies are unable, or even not willing to protect the users of social networks in an adequate way, this will be not a long term future business model. I am a victim of a cybercrime attack and it took me a long time to get information deleted in the Internet. The support of companies like twitter, facebook or LinkedIn in such a case is simply poor, and the management of these companies simply do not understand the responsibility they have in order to protect the users of social networks against cyber crime attacks. From my standpoint of view the risks against the potential benefits of social networks are far too large.

  5. ĎÚβĨŐÚŚ Dod

    Information has an inherent problem: you can’t get it back into the bottle. Suppose I have the right to ask removal of all my photos from the net (youtube/dmca style). By the time I spot a new violation, people have it on their hard disks. What now? Door-to-door searches?
    But we can whitelist instead of blacklisting:
    Photos should have no legal significance unless they are signed by witnesses (maybe even the people photographed – if it serves their purposes). You see me smoking pot? That’s hearsay. For all we know, you could have doctored it :)