The Right to Data Privacy: Revisiting Warren & Brandeis

Volini, Anthony G. | November 1, 2023

In their famous 1890 article The Right to Privacy, Samuel Warren and Louis Brandeis found privacy as an implicit right within existing law. Regarded as perhaps the most influential legal essay of all time, it offers concepts that ring as true today as they did in 1890. In defining privacy as an important legal principle implicit in the law, they focused on information privacy, such as public disclosure of personal information, rather than decisional privacy. Analyzing the 1890 article is an ideal starting point to assess the origins of privacy law and to understand privacy issues from a simpler time in terms of law and technology. Its concepts thus provide an easily understandable frame of reference before diving into more challenging modern issues and assessing a path forward. Accordingly, this article compares each key principle from 1890 and explores privacy issues that remain similar versus privacy issues that seem new based on particular advances in technology. The key similarity between 1890 and today is that problems of information dissemination present similar issues, albeit on a larger scale. Some key differences between 1890 and today, however, are that computer technologies now allow for massive data collection, massive data retention and increasingly aggressive data analysis that can be used to abuse privacy even with ostensibly public data. Warren and Brandeis taught us that new technologies continually present new privacy issues; so as new technologies are evolving today, thought must still be given to how the law might flexibly adapt to new and unforeseen changes in tech. Their article exposed that various U.S. laws were insufficient in 1890 to broadly protect information privacy, causing Warren and Brandeis to imply a broad right. Today, the same problem persists: laws within the U.S. are inadequate to address privacy harms caused by continually evolving technologies. The U.S. still has no broad express privacy law, and a path forward might contemplate making express what Warren and Brandeis had to imply in order to address new privacy harms. I propose two key ideas. First, the law needs to more clearly distinguish decisional privacy from information privacy. Decisional privacy is really not a privacy interest at all and is instead a personal liberty interest separate from information privacy. Second, when contemplating legal protection for information privacy, perhaps it’s time to consider the arduous and improbable task of enacting a constitutional amendment guaranteeing broad and general protection against information privacy abuse from both government and private actors. While difficult to enact, a broad express federal right could provide significant advantages, such as (1) establish a baseline right from which states and Congress could add consistent legislation; (2) enable courts to restrict clear instances of privacy abuse without waiting for Congress to act, which seems especially helpful given the expected proliferation of artificial intelligence (“AI”) and new and unforeseen privacy harms; (3) increase harmonization with the European Union (“E.U.”) and potentially other jurisdictions; (4) and finally, avoid the problem of originalist or strict constructionist judges refusing to infer or imply a constitutional information privacy right in the wake of the Supreme Court’s Dobbs v. Jackson Women’s Health Organization, 597 U.S. __ (2022), decision. Thus, a flexible and general broad right of federal protection from information privacy abuse might provide an optimal, flexible baseline for courts and regulators to quickly restrict new privacy abuses while allowing time for the states and Congress to enact further detailed legislation.