In the United States, every individual should have the same privacy rights. Yet, too many times, lawmakers have supported privacy laws that expand protections for only their personal information. This is often done after an influential figure or class of people experience a privacy harm, but it ignores the need to protect individuals from those same harms. This approach fails to solve the whole problem and cements the notion that privacy is a special privilege reserved for elites. The current regulatory piecemeal approach to privacy and security laws should end, and a comprehensive federal privacy law that protects all Americans should be enacted.
The latest example of lawmakers putting their own privacy before that of other Americans came in July 2023, when Senators Amy Klobuchar (D-Minn.) and Ted Cruz (R-Texas) submitted an amendment to the National Defense Authorization Act for fiscal year 2024. The amendment was not voted on, but if it had been adopted, it would make members of Congress “at-risk individuals” who would be allotted privacy protections that many Americans would not have. For example, the amendment would have made it unlawful for data brokers to sell, trade, or purchase, among other things, a Congress member’s home address, precise geolocation data, or personal email address. Yet, many — if not all — politicians use those same data brokers for their election campaigns to track constituents’ personal interests, what cars they purchase, and their net worth to help gain a strategic edge in swaying voters.
When privacy laws are passed that offer essential protections for all Americans but only emerge after an influential person experiences a privacy intrusion, it feels as if the American people are an afterthought. In 1987, then-President Ronald Reagan nominated Robert Bork as a Supreme Court justice, a strict constitutionalist who did not believe there is an individual right to privacy in the Constitution. Bork harshly criticized the Supreme Court’s decision in Griswold v. Connecticut, which held that a law violated a constitutional right to privacy.
The irony, of course, is that during Bork’s nomination, a reporter went to a local video rental store, obtained Bork’s video rental history, and published it. Soon after, and perhaps terrified of what their video rental history might reveal, members of Congress passed the Video Privacy Protection Act (VPPA). The VPPA made disclosing an individual’s video rental records illegal without consent. In 2023, while most video rental stores are extinct, the VPPA is still an effective privacy protection law that curtails the disclosure of an individual’s video streaming history by services like Netflix and Hulu.
When privacy laws are passed that offer essential protections for all Americans but only emerge after an influential person experiences a privacy intrusion, it feels as if the American people are an afterthought.
It is also the case that a high-profile tragedy can often spur congressional action. In 2020, US District Judge Esther Salas’ son, Daniel Anderl, opened his home’s front door and was shot and killed by a vindictive litigant who located her personally identifiable information online. Later, Congress passed the Daniel Anderl Judicial Security and Privacy Act of 2021, which made it unlawful for federal agencies and private businesses to publicly post certain personal information, such as home addresses, of federal judges or their immediate family members.
When the bill was initially introduced, the American Civil Liberties Union (ACLU) opposed it because its broad scope would unconstitutionally restrict free speech. However, when it was reintroduced in 2022, Congress narrowed the scope and included an exception for speech on matters of public concern. According to the ACLU, these changes to the bill were an improvement, and they dropped their opposition but did not ultimately support it.
The Daniel Anderl Judicial Security and Privacy Act is limited in scope and only protects federal judges, leaving many other groups unprotected. For example, the privacy and security of state judges, police officers, and military members are also affected by publicly available information being published by data brokers and people search sites. And while some states, like California, extend privacy protections to judges and law enforcement officers, many do not.
Notably, the Army Cyber Institute released a report that revealed how law enforcement’s and other “high-value individual’s” personal data could be used in microtargeted attacks by bad actors. Further, at a much larger scale, data brokers and online people search sites can affect individuals who are victims of stalking, domestic violence, or other violent crimes. Offering a slough of patchwork privacy laws limited in scope needs to stop. A comprehensive federal data privacy and security law that protects all Americans is long overdue.
Privacy for All
The American Data Privacy Protection Act (ADPPA) would fit this bill by providing substantial protections to all Americans. The ADPPA’s protections include expressly regulating data brokers, mandating that the Federal Trade Commission establish a data broker registry, and requiring data brokers to comply with “Do Not Collect” requests from individuals, including deleting any covered data related to that individual’s request that was not collected directly from that individual through a mutual transaction.
It is important to note that the ADPPA would not necessarily prevent all these issues because people searching sites often scrape publicly available information, which is broadly exempt from the ADPPA. A similar theme is seen in most comprehensive state privacy laws, too. Nevertheless, when a strong privacy bill like the ADPPA fails to cross the finish line, it strengthens the notion that privacy is a privilege reserved for the elite rather than a right all Americans deserve. Congress should take action to dispel the notion that they view themselves as above the people they serve and finally pass a comprehensive federal privacy law.