Is the Internet invading privacy, or expanding privacy? The conventional wisdom is that the Internet is eviscerating privacy. But in some ways a heightened focus on privacy in the digital era may be creating new and greater privacy expectations.
Consider the simple matter of lists of addressees and cc’s on emails.
In the ancient days of postal mail, it was never a big deal if a sender revealed, on a letter, the other persons to whom he or she were sending the same letter, or to whom he or she was sending copies of that letter. Lots of letters show multiple addressees or multiple persons copied. That indeed explains the origin of the “cc” field, as a visible list of the persons to whom a “carbon copy” (another ancient term) was being sent.
But an expectation has developed recently that one should never send out a mass email that reveals the email addresses of all of the recipients, unless they previously knew one another. That is why the Federal Trade Commission was so red-faced recently when, in the course of preparation for its first PrivacyCon workshop on privacy research, it sent an email out to all attendees revealing – horrors! – all of their email addresses. The agency “sincerely apologized” for this terrible mistake
The presumed confidentiality of one’s email address is seen in other laws. College professors, for example, are instructed never to communicate with an entire class of students by placing all of their email addresses in the “to” field; rather, they must use the “bcc” field, so that no student receives his or her fellow students’ email addresses, which some of them may have designated as confidential personal information under the Family Educational Rights and Privacy Law.
Though the prohibition against letting strangers see others’ email addresses in group emails now seems to be settled, the presumed harm to be avoided — use of those email addresses for bulk commercial emails — is fairly speculative, and such a misuse, if it occurred, would seem to cause more of an inconvenienced harm than a true privacy invasion. The same goes for concerns about reply-all “catastrophes,” such as the one that hit Thompson Reuters employees in August 2015. The event inconvenienced employees, but its true lasting impact appeared to be a flood of humorous Twitter traffic. (Another reply-all incident struck Time Inc. just this week.)
The best explanation for this new expectation, rather, seems to be an expanding understanding of privacy, at least in certain areas. Contrary to the conventional wisdom, our expectations of privacy are not steadily and uniformly shrinking. In some cases, they are expanding.
Consider, for example, the recent innovative claim that a postcard can be a privacy violation. An individual who received a postcard from the Kansas Department of Children and Families, reminding him to pay child support, made such a claim. He said that sending the postcard, rather than a sealed letter, was an invasion of his privacy. The theory may have been that those who handled the postcard (under duties of confidentiality) became aware that the recipient may have been delinquent in his child support payments (information which, in any event, was available in the public record).
All this isn’t to say that the tech executives who have warned of the passing of privacy are all wrong. But Scott McNealy’s assertion that “you have zero privacy anyway” and Mark Zuckerberg’s observation about the emerging social norm allowing more and more sharing of information, only give part of the picture.
Trends aren’t always uniform in one direction. And in the case of privacy, the increasing focus on privacy rights appears to have expanded in some ways expectations about what kinds of information should be private. It has also expanded the ways in which communication methods new and old can or should be adapted to provide extra privacy comforts.
Mark Sableman is a partner in Thompson Coburn’s Intellectual Property group. He is the editorial director of Internet Law Twists & Turns. You can find Mark on Twitter, and reach him at (314) 552-6103 or email@example.com.