We all have rights of privacy.  The courts of the United States enunciated the concept, which is not found expressly in the Constitution or any of the amendments, as part of the right to be “left alone.”  These rights have been broadened over the years as has the press of civilization and technology on those rights.  With the arrival of the Internet and its clear presence well into our individual and collective future, our rights of privacy will face increasing attack and concurrent broadening still further.

In The Offline World

        Rights of privacy claims fall generally into these categories.

        1. The disclosure via some publication of private facts even if true.  This refers to information that goes beyond what is necessary to tell the facts.  In privacy claims, the “publication” required to show a cause of action is generally deemed to be more widespread than that required for defamation claims since the gist of the claim is akin to a public embarrassment.  Thus, the facts so disclosed must be sufficiently private and unrelated to the matters otherwise disclosed that the disclosure becomes offensive to the ordinary person.

        2. The publishing of truthful information that, within the context of the publication, casts the claimant in a “false light.”  This means that, when the material is read or seen, the right of privacy claimant appears to have attributes or qualities that are detrimental and *within the context of the published event,* not true even though there may be technical truth when the matter is looked at outside the distorted context.  This may also occur as a result of editing and not just in the writing.

        3. Trespassing on the private property of another or invading a private space in which the claimant has a reasonable expectation of privacy.  In these instances, even if the photograph for example would be validly taken were the subject not inside a private place, it may become actionable if the photographer had to trespass on private land (the subject’s or a third party’s) to obtain the photograph.

        4. Using the name or likeness of an individual, generally a celebrity but this is not always so, for commercial purposes.  This is sometimes referred to as the “right of publicity” and it has been greatly expanded in recent years.  As but one example, California has a specific statute dealing with this legal right and the penalties for the violation of it.  As indicated, while most often a claim filed by celebrities, there have also been instances where private persons have found their name and likeness used for advertising, especially on the Internet.

        Unlike defamation, there can be an actionable claim for invasion of privacy even if the matters disclosed are true.  This is a separate cause of action from libel or slander in this regard.  Also unlike defamation, only living individuals can sue for invasion of privacy and there is no “trade libel” equivalent for remarks about a company or product.  There is one exception, however, to the “living individual” rule and that applies in the so called “right of publicity” area in which celebrities or those individuals who exploited their name and likeness during their lives have rights to pass on to their heirs and estates.  The estates of Charlie Chaplain, Marilyn Monroe and Jimi Hendrix are but a few examples.  For an article dealing with domain name rights asserted by the estate of Jimi Hendrix, read “Julia, Jimi and Cybersquatting.”

        As with defamation, public officials and others in the public arena enjoy less protection for their rights of privacy than do “ordinary” folks.  Further, disclosure of publicly known facts or matters of concern to the public are also shielded from claims.

        There are many more issues and subtleties in this area of the law than can be covered in this article since I am trying to give a broader picture of this complex area of the law.

On The Internet

        In addition to the laws and rules that apply in the offline world discussed above, the Internet presents us with potential invasions of our rights of privacy that do not find one-to-one equivalents in the offline world.   Because of the technological ease of obtaining and thus collating and ultimately sharing information, whether through overt gathering practices or through the use of cookies and other means, there is some reason to be concerned about how our “tracks” are being used.

        However, it should be noted that, except in certain specific instances, there is no overall statutory structure dealing with such rights on the Internet and sites are not required to have privacy policies. And because, absent these specific instances, there is no such generalized “right of privacy” unless there are the violations mentioned above in the offline equivalent, in some of these instances, the Federal Trade Commission (FTC) has stepped in and determined that the particular “invasion” was actually an “unfair trade practice.”  I have written about some of these cases in the article “Privacy Issues: New Wrinkles.”

        Thus, the cases involve those sites that either have adopted such policies, either for marketing reasons or because they fall within the scope of a regulated area but due to subsequent events, the sites have not adhered to those policies or sites in which, even though there is no stated policy, the FTC has found that there were other “deceptive” practices for which the information collected was being used.  This latter instance may be because there was some sort of implied statement on the site about how information would be used.  The violations may be either intentional or negligent.  The effect on the site visitor’s privacy is often the same.

        Irrespective of whether or not a site has a stated privacy policy, the use of information obtained from site visitors for purposes not directly related to the purpose for which the information was provided can be deemed to be an unfair trade practice.  Among the most widely used “practice” is the sharing of information with third parties, almost always for marketing to the visitor, where such use was not expressly indicated.

        Technologically, this “sharing” takes on new meaning when information gathered online (from those who clicked on banner and other ads and otherwise) can be combined with information obtained offline, since offline database collection has been going on for much, much longer.

        The remedies the FTC has imposed on sites has generally been to order the sites to notify those who provided information and make provision for those parties to delete that information (opt out provisions).  The violating sites are often required to notify the third parties to whom the information was provided to delete such information as well.

        It is an interesting separate issue whether or not in the license agreement for such information such subsequent government action was covered and whether or not the licensor would thus be in breach of that license agreement entitling the licensee to some remedy.  Thus one of the side issues involved here is the structure of such licenses in the first instance and whether or not the information is provided on an “As Is” basis or is the subject of warranties.  If you are a site owner licensor or a third party licensee, be very careful in how you structure such licenses.  Read “Owned and Controlled Licenses.”

Contents of a Privacy Policy

        As site owners contemplate establishing some sort of privacy policy (other than that mandated by COPPA,) several general factors should be considered.  Provisions must be included that deal with notice to and consent from the visitor.  This means that the policy should be set up on the site in such a way that the visitor sees it and, in the ideal situation, has to go through the policy page in order to get to the main part of the site.  This is essential if the policy includes some sort of use of the information that should require the consent of the visitor for without this flow of traffic on the site, there is no way for the site owner to establish that sort of consent if the policy can be bypassed by the visitor.

        Beyond that, site owners must decide threshold questions about how they intend to use the information provided (voluntarily or, in the case of cookies or other technology unknowingly) unknowingly by the visitor.  Since violations of the stated policy are often the main cause of action against owners, the owners must see down the road about such uses.  It is all very well and good to say information will never be shared but if there is any possibility of that happening, it should be stated in the policy.

        In the event that a company changes its policies, then there has to be effective means of notifying both the visitor who previously provided information (or from whom the information was gathered) and giving them an opportunity to delete that information, as well as setting up the revised policy for new visitors.


        There are of course many other issues that have to be dealt with when a site is considering a privacy policy, as well as many other issues involved in whether or not there has been some violation of someone’s right of privacy.  These have to be examined on a case by case basis.

        A hundred years ago, when many of our ancestors lived on farms where the nearest neighbor was miles away, we had the ultimate privacy.  As society “encroached” via technology, first telegrams, then telephones, then faxes and now the Internet, the concept of what is or should be the realm of rights of privacy has changed and some would say, shrunk.  Part of the yin and yang of anything is what some would see as the “downside” to the value and convenience of the “upside.”  Thus, to a large extent, as with former technology, we have to get used to some encroachment on our rights if we embrace the benefits of the Internet.  Of course, that “giving up” should be knowing and voluntary and when it is not, it cannot be said that we have made a conscious choice and that is what the “unfair trade practice” complaint is in its essence.

        Whether it is the role of government or the market to monitor the Internet will be the subject of debate for many years to come.  In the end, however, it is up to each of us, in the exercise of our own personal responsibilities, to take care of our own rights of privacy.

© 2001 Ivan Hoffman


This article is not legal advice and is not intended as legal advice.  This article is intended to provide only general, non-specific legal information.  This article is not intended to cover all the issues related to the topic discussed.  You should not rely on this article in any manner whatsoever and you should not draw any conclusions of any sort from this article.  The specific facts that apply to your matter may make the outcome different than would be anticipated by you.  This article is based on United States laws but the laws of other countries may be different.  You should consult with an attorney familiar with the issues and the laws of your country.  This article does not create any attorney client relationship and is not a solicitation.



No portion of this article may be copied, retransmitted, reposted, duplicated or otherwise used without the express written approval of the author.




Where Next? 

Ivan Hoffman Attorney At Law || More Helpful Articles For Writers and Publishers|| More Internet and Electronic Rights Articles|| More Articles About Privacy || More Articles About e-THICS || Home