LIKE a cat and mouse game, privacy law strives to keep up and provide redress for injuries related to information extracted from the latest technology. As a result of social media driven technology, society's notion of what should be protected personal information has changed over time. (1) Posting a picture of an intimate moment between two people has become commonplace, and so has meeting that person through a cellphone application. In an age where face-to-face interactions can be completely avoided, society's privacy concerns have adjusted, inspiring new law, but not implementing it. Courts are left to analyze new privacy issues using antiquated methods.
Juxtaposing old practices people used to unlawfully invade another's privacy to the new practices used reflects how old privacy law does not properly address the new problems. People are no longer breaking into buildings or homes to steal sensitive information. This world is now full of people who carry tremendous amounts of sensitive information in their cell phone, and someone no longer has to steal the cell phone to get that information. It can be accessed remotely. The cell phone has advanced to a degree greater than those devices used to send men to the moon. It does not help that because of the current legal landscape, it is unclear whether the average person has a right to protect a majority of the information supplied to social media applications or the unknown information collected.
A modern cell phone is now called a smartphone, which is capable of sharing its physical location at any time. (2) Smartphones have a Global Positioning System ("GPS") chip inside, and the chip uses satellite data to calculate a person's exact position, which is supplied to various social media applications. (3) Even if a GPS signal is unavailable, some social media applications, like Foursquare, (4) can use a less accurate method to gain information from cell towers to find someone's approximate position. (5) GPS and social media applications garner a mass amount of its user's private information, and this process poses a threat to their privacy because industries that manufacture this technology have unregulated security measures to protect sensitive information, if they have any measures at all.
Years ago, small children could gain access to their parents' computers, enter an AOL chat room and at most, risk knowingly sharing personal information with the wrong person. It started with chat rooms, then MySpace and LiveJournal where anyone could publish their thoughts, feelings, birthdays, identify family members and friends, and the website could, in turn, provide direct access to other users. Today, add Twitter, Tumbler, Instagram, Facebook and Snapchat to the social media category as applications available at all times on a cell phone, which provide a user with more outlets to project personal information to others and keep a permanent log of this information. These social media outlets can help someone create a brand; or keep family and friends abreast of their life by sharing images, opinions, and details; or create an easy opportunity for others to unlawfully gain or use personal information.
Social media applications succeed when users use them as much as possible. Profits increase the more information a customer shares, but this information can also be mined and traced by the wrong person. GPS information a company employee can acquire from a vehicle may or may not include the actual physical location of a vehicle, its previous locations manually entered into the navigation system, and the last location the vehicle was parked, also unknown to most consumers. As technology has advanced, so has the average criminal.
In addition to the information a user voluntarily shares, most social media applications use the location-based capability to increase functionality. When someone unlawfully gains private information, it is questionable whether the victim has redress against a company who was in charge of managing this information. Since the average user is not technologically advanced enough to understand how to secure it and social media is hard to avoid in the modern age, this leaves the company with more responsibility to protect consumers.
Though the United States once led the world in its innovative technology, so much of technology has changed since the 1970s that now privacy law requires reform. (6) The lack of reform is due in part over legislative debates about whether tailored legal reform will not serve a changing technical realm, but this argument may be waning. So, reform is timely. According to electrical engineer Gordon Moore, computer-processing speeds hit their limit once computers are as small as atomic particles. (7) This means that in five years, the central processing unit, or the 'brains' of a computer, may only experience incremental progress. (8) Both smart phones and computers contain central processing units. Both contain location-based technology and are the site where the majority of social media applications are accessed.
One industry facing a recent surge in technology is the automotive industry. This article primarily narrows in on this area of new growth, since automobiles create a unique set of privacy and liability concerns. There is no clear directive that guides manufacturers to protect private information. Both GPS and various social media applications can integrate with a car system and present active threats to its private information. The automobile is yet another device that contains a computing unit, except one that may need more protection. If a car's system is unlawfully accessed, not only could a lot more information may be seized, but the passenger could also lose immediate control of the vehicle's functionality. A national directive must protect what information society deems private, and outline an advanced policy that manufacturers must follow to keep information private. Current legislation does not directly punish or outline the duty a company has in this new technological world to prevent unlawful access to a customer's private information.
Part I of this Article addresses the conceptual relationship between the need to update privacy law and the policies behind developing it. Part II grounds this need to update current privacy law by using the newest advances in the automotive industry to describe how someone could hypothetically access data unlawfully and what harm this action could bring. Part III addresses current privacy laws that are outdated to deal with new technology, which opens the door to an unregulated market that leads to privacy concerns. Part IV discusses the latent concerns behind outdated regulations as applied to new technology, then suggests reasons why a more tailored approach to privacy law in light of new technology acknowledges the unease and better achieves the intended end, which is to address a security breach in private information using social media and location-based technology as a pathway.
Setting the Stage for Legislative Reform
Not too long ago, cars without seatbelts were the norm. Recognizing the societal cost of accident induced injuries, Congress enacted laws designed to ensure consumer safety. First, a federal law created an administration to mandate uniform safety standards for vehicles and encouraged states to police and address its citizen's safety. (9) Soon after, manufacturers began developing and producing vehicle safety features, and states also adopted and required manufacturers to comply with specific safety regulations. (10) Now, cars without seatbelts are obsolete. (11)
Privacy law originated from a case that spurred public outcry. In response, New York enacted a statute that acknowledged privacy as a right. (12) New York's response started a national trend, and many other states followed suit to enact legislation solidifying a citizen's right to keep some things private. (13) American common law provides a basis for privacy tort violations, which include the intrusion upon a person's seclusion or solitude, or into their private affairs; public disclosure of embarrassing private facts; publicity which places a person in a false light in the public eye; and appropriating one's name or likeness. (14)
There is no specific legislation that enforces measures to protect data security on the internet-of-things, (15) shorthand for the network of computing devices within different products that connect through the Internet. The threat of another person accessing global positioning data mined from social media applications is of main concern. (16) Specifically, there is no legislation or regulatory guidance that could provide designed security measures for companies that control devices and its data storage.
Federal regulations, historically a leader, fail to adequately protect consumers against the mishandling and misappropriating of their protected information. Potential harm from these actions comes in the form of mental and/or physical effects, and may frequently involve individuals in two different states. When an individual supplies information to their social media applications, a criminal can gain access to it and either harass or find the victim and cause harm. (17) Since the dawn of the Internet-of-Things, it is not difficult for criminals to gain a victim's exact location, their personal information, and even instantly exert control of their device. (18)
Privacy violations by or against public actors are clearly regulated and are not discussed in this article to narrow its scope. (19) There are state statutes that punish private actors for accessing other devices and federal statutes that protect sensitive information supplied to certain industries like healthcare. (20) State statutes that address computers involve hacking or trespassing, but do not specifically mention the duty to prevent the use of private information garnered from another's...