I’m very pleased with today’s decision from the DC Circuit Court of Appeals on recently-strengthened privacy protections for phone records. The short history goes something like this: the FCC created strong opt-in (affirmative consent) provisions for the sharing of phone records (who calls whom, for how long, etc). In 1996, the 10th Circuit held that the restrictions violated the First Amendment rights of companies that wanted to sell this data to marketers. Thus, the FCC relaxed the standard to opt-out, meaning that you had to take affirmative action to stop your phone records from being sold.
Did you know that the burden was upon you? Probably not! That’s why in 2005, I petitioned the FCC to reestablish stronger privacy protections, because all sorts of investigation companies were pretexting and obtaining phone records for perverts, stalkers, etc. The FCC opened a rulemaking and reestablished opt-in protections for phone records again. The industry sued, arguing that the First Amendment barred opt-in protections. Today the DC Circuit rejected the industry’s argument, holding that the FCC had sufficient justification for the heightened protections.
But what’s more important is that the DC Circuit’s opinion “gets” privacy. Many courts conceive of privacy as a way to shield oneself from embarrassment. The DC Circuit disagreed, writing, “There is a good deal more to privacy than that. It is widely accepted that privacy deals with determining for oneself when, how and to whom personal information will be disclosed to others. See Daniel J. Solove, Conceptualizing Privacy, 90 CAL. L. REV. 1087, 1109-10 (2002).”
Further, “…the carrier’s sharing of customer information with a joint venturer or an independent contractor without the customer’s consent is itself an invasion of the customer’s privacy – the very harm the regulation targets. In addition, common sense supports the Commission’s determination that the risk of unauthorized disclosure of customer information increases with the number of entities possessing it. The Commission therefore reasonably concluded that an opt-in consent requirement directly and materially advanced the interests in protecting customer privacy and in ensuring customer control over the information.”
Wow! In privacy law, courts are often wedded to waiting for some type of harm to arise, such as unwanted telemarketing calls. They rarely get the idea that it is the data sharing itself that is the problem, and that privacy is about how personal data is controlled. Good job, Judge Randolph. Now the burden won’t be upon you to shield your phone records from sale to marketers!