Introduction:
The right to privacy is a common term often overlooked in today’s world of intrusive social media, where a single click in South Africa, Iran, or Russia can result in the disclosure of information (both true and false) to millions of people worldwide. Indeed, there are now websites and applications whose sole purpose is to publicize what would normally be considered private and sensitive information.
Libel and slander are the dissemination of untrue and damaging statements or facts about a person or entity which causes harm to that entity. Violation of one’s right to privacy, on the other hand, can be the dissemination of true facts or statements that damage a person in some manner.
Is there still relief available to an injured party when a person violates one’s right to privacy by making true statements or publications? That is the topic of this article.
Basic Law:
In California, the invasion of privacy criteria is rooted in both statutory and common law, reflecting the state’s commitment to protecting personal privacy. The California Constitution recognizes privacy as an inalienable right, setting a high standard for what constitutes an invasion.
To establish a claim, plaintiffs must show an intentional intrusion into a private matter that would be highly offensive to a reasonable person. This standard is outlined in the California Civil Code, which specifies acts such as capturing images or recordings in private settings without consent.
The courts have refined these criteria through rulings. In Shulman v. Group W Productions, Inc., the California Supreme Court emphasized the importance of context, noting that privacy expectations vary depending on the situation. This case highlighted that even in public spaces, individuals might have a reasonable expectation of privacy if the intrusion is excessive or unjustified.
California law also addresses digital privacy concerns. The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), expand privacy protections to include data collection and sharing practices. These laws require businesses to disclose their data practices and allow consumers to opt out of the sale of their personal information. Violations can be considered an invasion of privacy if they involve unauthorized access or misuse of personal data.
Another significant area involves the misuse of personal data, particularly in the digital space. The CCPA and CPRA set rigorous standards for data handling. Businesses failing to comply with these regulations can face charges for collecting or selling personal data without proper disclosures or consumer consent.
The state also addresses intrusion upon seclusion, a common law privacy tort involving unwanted intrusions into private affairs, such as unauthorized entry into private spaces or improper gathering of personal information. California courts recognize such claims, providing individuals with legal recourse against invasive actions.
Under California law, a “public disclosure of private fact” occurs when a person publicly discloses private and embarrassing facts about another that are not of legitimate public concern.
There are five elements to support a claim for public disclosure of private facts. These are:
1. There is a public disclosure;
2. That concerns private facts;
3. The disclosure is one that would offend the average person;
4. The disclosure was not of legitimate public concern; and,
5. The defendant published private facts with reckless disregard for their truth or falsity.
Shulman v. Group W. Prods, Inc., 74 Cal. Rptr. 2d 843. See also Briscoe v. Reader’s Digest Ass’n, 4 Cal. 3d 529 (1971), overruled on other grounds by Gates v. Discovery Communications, Inc., 101 P.3d 552 (Cal. 2004).
Note that the last criterion would seem to imply falsity as a part of the required element.
False light
California’s “false light” privacy law is similar to defamation.
It creates a right to sue when someone knowingly or recklessly creates publicity about another person in a way that unreasonably places the other person in a false light.
The three elements that must be proven in a successful lawsuit for false light are:
1. The defendant made a public disclosure;
2. The disclosure placed the plaintiff in a false light; and,
3. An average person would consider the false light offensive. Gill v. Curtis Publishing Co., 38 Cal. 2d 273.
In some cases, the plaintiff might also have to prove that the defendant acted with malice. Selleck v. Globe Int’l, Inc., 166 Cal. App. 3d 1123
Thus, civil actions for damages lie for this invasion of privacy. Note that damages may often be hard to prove. However, such indirect evidence as loss of commercial opportunities or advancement in business may be presented to show damages.
California Consumer Privacy Act
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This law secures new privacy rights for California consumers, including:
The right to know about the personal information a business collects about them and how it is used and shared;
The right to delete personal information collected from them (with some exceptions);
The right to opt out of the sale or sharing of their personal information including via the GPC;
The right to non-discrimination for exercising their CCPA rights.
In November of 2020, California voters approved Proposition 24, the CPRA, which amended the CCPA and added new additional privacy protections that began on January 1, 2023. As of January 1, 2023, consumers have new rights in addition to those above, such as:
The right to correct inaccurate personal information that a business has about them; and
The right to limit the use and disclosure of sensitive personal information collected about them.
Businesses that are subject to the CCPA have several responsibilities, including responding to consumer requests to exercise these rights and giving consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
What rights exist under the CCPA?
If one is a California resident, one may ask businesses to disclose what personal information they have and what they do with that information; one may demand they delete personal information, to direct businesses not to sell or share one’s personal information, to correct inaccurate information that they have about one, and to limit businesses’ use and disclosure of sensitive personal information:
One can request that a business disclose: (1) the categories and/or specific pieces of personal information they have collected, (2) the categories of sources for that personal information, (3) the purposes for which the business uses that information, (4) the categories of third parties with whom the business discloses the information, and (5) the categories of information that the business sells or discloses to third parties. One can make a request to know up to twice a year, free of charge.
Right to delete: One can request that businesses delete personal information they collected from you and tell their service providers to do the same, subject to certain exceptions (such as if the business is legally required to keep the information).
Right to opt out of sale or sharing: You may request that businesses stop selling or sharing your personal information (“opt out”), including via a user-enabled global privacy control. Businesses cannot sell or share your personal information after they receive your opt-out request unless you later authorize them to do so again.
Right to correct: One may ask businesses to correct inaccurate information that they have about oneself.
Right to limit use and disclosure of sensitive personal information: One can direct businesses to only use one’s sensitive personal information (for example, social security number, financial account information, precise geolocation data, or genetic data) for limited purposes, such as providing one with the services one requested.
One also has the right to be notified, before or at the point businesses collect personal information, of the types of personal information they are collecting and what they may do with that information.
Generally, businesses cannot discriminate against one for exercising rights under the CCPA. Businesses cannot make one waive these rights, and any contract provision that says one waives these rights is unenforceable.
California’s privacy laws serve as a crucial framework for safeguarding personal information in a digital world. As technology evolves, so do the risks of data breaches and invasions of privacy. These laws protect individuals from unauthorized access and misuse of their data.
Penalties for Violations:
Criminal invasion of privacy
California’s privacy laws cover a range of violations. One common violation is unauthorized surveillance or recording without consent. Under California Penal Code Section 632, it is illegal to eavesdrop or record confidential communications without consent from all parties involved. Violators can face misdemeanor charges.
Penalties for privacy violations in California are significant. Violations under Penal Code Section 632 can result in fines of up to $2,500 per incident, or $10,000 for repeat offenses. Individuals convicted of illegal recording or eavesdropping may face imprisonment for up to a year.
Digital privacy violations under the CCPA and CPRA can lead to civil penalties of up to $7,500 per intentional violation, and $2,500 for unintentional violations not corrected within 30 days of notice. These financial penalties incentivize compliance and ensure companies prioritize consumer privacy. The CPRA established the California Privacy Protection Agency to enforce these regulations and levy fines.
In cases of intrusion upon seclusion, plaintiffs may seek damages through civil litigation. Courts can award compensatory damages for actual losses suffered by victims, and punitive damages may be imposed to deter egregious conduct.
Penal Code 647(j) makes it a misdemeanor to violate someone’s privacy in any of three specific ways:
1. Using a device such as a telescope or binoculars to invade a person’s privacy;
2. Secretly photographing or recording a person’s body under or through his or her clothing for the purpose of sexual arousal or gratification; or
3. Secretly recording or photographing someone in a private room in order to view that person’s body or undergarments
A person found guilty of violating PC 647(j) is charged with a misdemeanor. A misdemeanor is punishable by:
• Up to six (6) months in county jail, and/or
• A fine of up to $1,000.
Legal Defenses and Exceptions:
Consent:
A prominent defense is consent. If individuals have given permission for their information to be recorded or shared, this serves as a defense against privacy invasion claims. Consent can be explicit or implied, depending on the context.
Public Interest
Another exception involves matters of public interest or newsworthiness. In cases where privacy invasion is justified by the need to inform the public, defendants can argue their actions are protected under the First Amendment. This defense balances privacy rights and press freedom, allowing certain intrusions for a greater societal purpose. Courts have upheld this exception, recognizing the media’s role in disseminating information of public concern.
Conclusion:
A troubling development in the world of social media is that studies tend to show that many people, especially the younger generation, do not seem to value privacy to the same degree as previously. One aspect of privacy often overlooked is that once it is violated it is very hard to retrieve. Your personal information, once in the public realm, can be transferred to hundreds of users who, in turn, may use it without you even knowing it is taking place.
The international aspect of social media and the internet also makes enforcement difficult. Your private information used on a database in Russia or Malaysia will have no real protection once disseminated in those realms.
Thus, if you intend to protect your privacy, the time to move is quickly before widespread use is achieved. The laws do provide protection, but it is up to you to activate those protections.