The evolution of privacy rights in America has seen a dramatic shift from its roots in English common law, where privacy was closely tied to property rights, to a broader understanding that encompasses individual autonomy and digital protection. The digital age has introduced complex challenges, with personal data now residing in cyberspace and often vulnerable to breaches and inadequate cross-border enforcement. Despite these hurdles, various organizations have implemented robust frameworks to safeguard digital privacy, underscoring the continued evolution and importance of privacy rights in a modern, interconnected world.

The right to privacy is one of the cornerstones of modern America. It safeguards everything from same-sex marriage to birth control, and it’s mentioned in countless enactments at both the state and federal level. With all these protections in place, it might seem like we’re living in a golden age of privacy, but that is not the case. In reality, the right to privacy is threatened like never before. To understand this apparent paradox, we need to understand how the right to privacy evolved in the US.

The historical foundation: Privacy in common law

The modern American concept of a right to privacy arose from developments in English common law. As the jurist William Blackstone noted in Book 4 of his Commentaries on the Laws of England, “eaves-droppers, or such as listen under walls or windows, or the eaves of a house, to hearken after discourse, and thereupon to frame slanderous and mischievous tales, are a common nuisance and presentable at the court-leet: or are indictable at the sessions, and punishable by fine and finding sureties for the good behaviour.” 

Key common law cases

The common law also recognized that individuals had a right to control entry into their houses. In the early 17th century, Peter Semayne obtained a court order allowing him to seize goods belonging to a man who had died in debt to him. However, they were located in a house that had been co-owned with another man named Robert Gresham. After Gresham refused to allow the Sheriff of London into the house to obtain the goods, the sheriff ordered that Gresham’s house be entered forcibly. However, Semayne filed a lawsuit, and the Court of King’s Bench ultimately ruled against him. In his 1604 report of the case, Sir Edward Coke famously wrote that “the house of everyone is to him as his castle and fortress, as well for his defence against injury and violence, as for his repose.” 

This idea was arguably reinforced by the judgment of the Court of Common Pleas in Entwick v. Carrington. In 1762, one of the Secretaries of State authorized the seizure of personal papers belonging to John Entick, a writer associated with a publication the government deemed seditious. Entick subsequently sued the King’s Messengers who carried out the search for trespass and won. While the case of Entick v. Carrington is often viewed through the lens of property rights, there was a privacy dimension as well. According to a previously unknown manuscript version of the judgment published in the Kentucky Law Journal, the presiding judge, Lord Camden, noted that “Private Papers are the only way of concealing a man's most valuable Secrets either in his Profession or any other Way, & are his dearest property. Where private Papers are carried away, the Secrets contained in them may be discovered.” 

Developments in American law

In cases like Semayne and Entick, questions of privacy were tethered to questions of property. But in the 19th century, the notion of privacy as its own distinct right started to emerge. In an 1890 article in the Harvard Law Review entitled “The Right to Privacy,” Samuel Warren and Louis Brandeis portrayed the right to privacy as something distinct from the right to property. They noted that originally “the ‘right to life’ served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual his lands and his cattle. Later, there came a recognition of man's spiritual nature, of his feelings and his intellect. Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life–the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term ‘property’ has grown to comprise every form of possession–intangible, as well as tangible.” 

Warren and Brandeis recognized that state power wasn’t the only potential threat to the right to privacy. In an eerily prescient passage, they noted that “[r]ecent inventions and business methods call attention to the next step which must be taken for the protection of the person…instantaneous photographs and news-paper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.”

Landmark legal developments

American jurists fleshed out the right to privacy throughout the 20th century, though in the absence of explicit statutory provisions, they had to look elsewhere for its origin. In Pavesich v. New England Life Insurance Company (1905), the Supreme Court of Georgia justified a right to privacy on the grounds of natural law. Sixty years later, the US Supreme Court held in Griswold v. Connecticut that “specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance. Various guarantees create zones of privacy.” Griswold in particular would have an enormous impact on later jurisprudence, and it would go on to be cited in many subsequent cases, including Lawrence v. Texas (which struck down anti-sodomy laws) and Obergefell v. Hodges (which overturned bans on same-sex marriage). 

The legislative response

‍

But it wasn’t just case law that developed the right to privacy. Congress also stepped up to the plate, enacting the Privacy Act of 1974 (which established rules for the handling of personal data by federal agencies) and the Health Insurance Portability and Accountability Act of 1996 (which made similar provisions for the healthcare industry). Many states have incorporated similar provisions in their own domestic law. For example, California passed the California Consumer Privacy Act of 2018 which gave Californians the right to know about the personal information businesses collect about them, a right to delete that information, and the right to opt out of sharing personal information. In 2020, voters further enhanced these provisions by passing Proposition 24. This created additional protections, including a right to correct inaccurate information. In addition, a number of states, including Florida, Montana, and Alaska, have codified a right to privacy in their constitutions. 

The challenges of privacy in cyberspace

As we’ve seen, early efforts to safeguard the privacy of individuals were often aimed at protecting them from the state. But as Warren and Brandeis foresaw all the way back in 1890, the emergence of new technologies has dramatically altered the landscape. Living in cyberspace means we now entrust copious amounts of our personal data to a plethora of private companies. In theory, we’re making informed decisions. After all, you can hardly do anything in the digital realm without having to agree to a long, turgid set of terms and conditions. But let’s be honest–most of us click through them as quickly as possible. Even if we did take the time to pore over every word, their dense legalese can make them seem like an impenetrable thicket of verbiage. But this means many of us have no idea what we’re agreeing to. 

To make matters worse, the globalized nature of the Internet can make it difficult to enforce existing privacy laws. California might have a world-class data-privacy regime, but enforcing its provisions outside the boundaries of the state can be tricky. And even if a company diligently follows the various privacy laws, they can easily fall victim to a cyber attack that leaves their customers’ personal information exposed for all the world to see.

Successful privacy protection implementations

While these challenges may seem daunting, several organizations have devised schemes to protect individuals’ data.

Thomson Reuters' privacy framework

• Documented data minimization principles
• Published data retention schedules
• Clear protocols for cross-border data transfers
• Transparent subscriber rights procedures

Associated Press privacy guidelines

• Clear procedures for managing subscriber data
• Published data retention policies
• Content licensing privacy requirements
• Standardized data handling procedures

Mozilla's privacy features

• Enhanced cookie controls that improve content access privacy
• Transparent data collection practices
• Clear documentation of third-party data sharing
• Regular transparency reports on data practices

Brave Browser's content model

• Privacy-preserving analytics for content engagement
• Transparent reporting on data collection
• Clear opt-in procedures for features
• Published audit results of privacy practices

DuckDuckGo's content distribution

• No personal data collection for content delivery
• Clear documentation of limited data retention
• Transparent tracking prevention
• Published privacy protection measures

Key success factors

While the details of these policies vary, they have some things in common:

• Privacy considerations integrated into content delivery
• Clear documentation of data practices
• Regular privacy policy updates
• Strong data minimization principles
• Transparent user controls

Privacy has come a long way

The right to privacy has evolved dramatically. In English common law, privacy arose out of efforts to prevent the state from interfering with individuals’ property rights. In time, it grew beyond a focus on property, and American jurists in particular recognized that the right to privacy also encompassed the right to be left alone. Over time, court decisions and legislation further fortified these principles, resulting in an expansive yet incomplete set of protections across many different jurisdictions. But the arrival of the Internet has made it far more difficult to protect the right to privacy, as it can be difficult to enforce rules across international borders. And cyber criminals present a further challenge that can undermine even the best-constructed regulatory regime. However, a number of organizations have attempted to meet the challenge by providing users with ways to protect their personal data.

‍