Cybersecurity

A new role in data privacy: the searcher

The EU’s efforts to define a right to be forgotten and the recent U.S. Supreme Court decision about how privacy is protected on cell phones go hand in hand.  They remind us that the medium is still the message and that there is a new role in discussing data access and control.

Why connect these two events?  Because these particular debates are different from other recent  privacy debates.

Most privacy debates regard who controls the data in a transaction in which the parties are all more or less direct participants.  The traditional roles for data access and control are: the subject, the collector, the discloser, the user and the regulator.  Some of the roles overlap sometimes, especially the collector, discloser and user, but they are all related to transactions about individual data points and the role of these entities/individuals interacting with them.

For example, the HIPAA Privacy Rule makes the reasonable argument that even though a health care provider can own an electronic copy of a medical record by virtue of providing care to a patient and thereby creating that record itself, the patient, as the recipient of that care and subject of the data, has some rights when it comes to controlling that record.

In contrast, in both the case of the EU’s right to be forgotten and the Supreme Court decision on cell phones, the searcher has no necessary relationship at all to the data they are searching for.

Take the Supreme Court’s description of what makes cell phones different from other items that the police might search and apply it to search engines.

ACTUAL LANGUAGE FROM SUPREME COURT: “Cell phones differ in both a quantitative and a qualitative sense from other objects that might be carried on an arrestee’s person. Notably, modern cell phones have an immense storage capacity. Before cell phones, a search of a person was limited by physical realities and generally constituted only a narrow intrusion on privacy. But cell phones can store millions of pages of text, thousands of pictures, or hundreds of videos. This has several interrelated privacy consequences. First, a cell phone collects in one place many distinct types of information that reveal much more in combination than any isolated record. Second, the phone’s capacity allows even just one type of information to convey far more than previously possible. Third, data on the phone can date back for years. In addition, an element of pervasiveness characterizes cell phones but not physical records.”

-RILEY v. CALIFORNIA, No. 13–132. Argued April 29, 2014—Decided June 25, 2014

SUBSTITUTING SEARCH ENGINES FOR CELL PHONES:Cell phones [Search Engines] differ in both a quantitative and a qualitative sense from other objects [web sites] that might be carried on an arrestee’s [refer to a] person. Notably, modern cell phones [Search Engines] have an immense storage capacity. Before cell phones [Search Engines], a search of [about] a person was limited by physical realities [of finding individual web sites where a person is referenced] and generally constituted only a narrow intrusion on privacy. But cell phones  [Search Engines] can store [list] millions of pages of text, thousands of pictures, or hundreds of videos. This has several interrelated privacy consequences. First, a cell phone [Search Engine] collects in one place many distinct types of information that reveal much more in combination than any isolated record. Second, the phone’s [Search Engine’s] capacity allows even just one type of information to convey far more than previously possible. Third, data [listed] on the phone [Search Engine] can date back for years. In addition, an element of pervasiveness characterizes cell phones [Search Engines] but not physical records [other individual web sites where a person is referenced].”

None of this is about whether the data are accurate, but about how the medium for observing the data is a special class of medium that must be treated differently in order to protect individuals from the data being misused against them.

There is of course one major difference between a cell phone and a search engine.  A person owns a cell phone and a person distinctly does not own a search engine.   And the public debate around “search and seizure” is centuries old whereas we are just beginning to debate search engines.  But both these events are related in that they define a medium that can aggregate/store data as special and they both define a new role in the data rights equation: the searcher.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s