In my review of “Privacy: The Lost Right” by Jon L. Mills (Oxford University Press, USA; 408 pages), I found the book to be a good summary of the law as it relates to individuals protecting their privacy, but I was disappointed that it focused too much on threats to privacy of individuals as such, and didn’t give a sufficient treatment to threats to privacy caused by the commoditization of information.
On one level, this was likely a function of the fact that existing law, and existing horror stories, focus on individuals. For example, in the “Worst-Case Scenarios” chapter, the author describes a case where a stalker obtained home and work addresses for one Amy Boyer by requesting her credit report, then used that information to find and kill Ms. Boyer. This makes for a memorable fact pattern, which caused an easily understandable harm, and can be used to explain existing duties.
By contrast, when there is a huge data security compromise, and millions (or tens, or hundreds of millions) of credit card numbers are stolen, the fact pattern is less memorable (generally, these breaches are the result of mistakes in computer systems of security practices that people do not have firsthand knowledge of), the harms are much more diffuse (everyone has a slightly elevated fraud risk, some people may be victims of fraud who otherwise would not be), and it is not clear that our current legal tools will let people get any kind of compensation (generally, elevated risk of fraud cases haven’t done well).
While it’s clearly more trouble to write about data security compromises (e.g., you might have to do statistics to see if there really is an elevated fraud risk, you might have to talk to security experts who could explain how increased fraud and remedial countermeasures lead to increased costs for consumers) part of the reason I was interested in the book is because I had hoped that this author had taken that trouble. Sadly, by the time I got to the end of the book, my hopes had been dashed.
With that said, I want to reiterate that the book was a good summary of how privacy has been protected in the past, and how modern technology makes traditional privacy violations easier and more common. For example, in the section on why privacy is disappearing, the author points out that there is something qualitatively different about someone publishing a description of some private event, versus someone distributing a video of that event, and that the ubiquity of video cameras and internet video distribution technology makes the later type of intrusion much more common than it has been historically.
The book even includes a discussion of federal statutes that are used to protect privacy, and mentions the problems raised by data brokers and expanded data collection. However, the treatment of data brokers and the implications of data commoditization was not nearly as detailed or memorable as treatment of (for example) publication of private facts.
In the end, if you want a book that discusses what has been done to protect the privacy of individuals from individual intrusions, Privacy: The Lost Right is a good resource. If you want a book that can explain the threats to privacy of an economy based the commoditization of consumer information, and what can be done to address those threats, Privacy: The Lost Right comes up short.
“Privacy: The Lost Right” by Jon L. Mills (Oxford University Press, USA; 408 pages) is available from Amazon.
About the Author
Jon L. Mills is Dean Emeritus and Professor of Law at the University of Florida Levin College of Law.