A taxonomy of privacy.

• Author: Solove, Daniel J.

Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from "an embarrassment of meanings." Privacy, is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of "privacy" do not fare well when pitted against more concretely stated countervailing interests.

In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms.

A new taxonomy to understand privacy violations is thus sorely needed. This Article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.

 INTRODUCTION THE TAXONOMY A. Information Collection 1. Surveillance

2. Interrogation B. Information Processing 1. Aggregation 2. Identification 3. Insecurity 4. Secondary Use 5. Exclusion C. Information Dissemination 1. Breach of Confidentiality 2. Disclosure 3. Exposure 4. Increased Accessibility 5. Blackmail

6. Appropriation 7. Distortion D. Invasion 1. Intrusion 2. Decisional Interference CONCLUSION

   INTRODUCTION

   In Jorge Luis Borges's illuminating parable, Everything and Nothing, a gifted playwright creates breathtaking works of literature, populated with an unforgettable legion of characters, one after the other imbued with a unique, unforgettable personality. (1) Despite his spectacular feats of imagination, the playwright lives a life of despair. He can dream up a multitude of characters--become them, think like them, understand the depths of their souls--yet he himself has no core, no way to understand himself, no way to define who he is. At the end of the parable, before he dies, the playwright communicates his despair to God:

   "I who have been so many men in vain want to be one and myself." The voice of the Lord answered from a whirlwind: "Neither am I anyone; I have dreamt the world as you dreamt your work, my Shakespeare, and among the forms in my dream are you, who like myself are many and no one." (2)

   Privacy seems to be about everything, and therefore it appears to be nothing. As one commentator observed:

    It is apparent that the word "privacy" has proven to be a powerful rhetorical battle cry in a plethora of unrelated contexts.... Like the emotive word "freedom," "privacy" means so many different things to so many different people that it has lost any precise legal connotation that it might once have had. (3) 

   Lillian BeVier writes: "Privacy is a chameleon-like word, used denotatively to designate a wide range of wildly disparate interests--from confidentiality of personal information to reproductive autonomy--and connotatively to generate goodwill on behalf of whatever interest is being asserted in its name." (4) Other commentators have lamented that privacy is "vague and evanescent," (5) "protean," (6) and suffering from "an embarrassment of meanings." (7) "Perhaps the most striking thing about the right to privacy," philosopher Judith Jarvis Thomson has observed, "is that nobody seems to have any very clear idea what it is." (8)

   Often, privacy problems are merely stated in knee-jerk form: "That violates my privacy!" When we contemplate an invasion of privacy-such as having our personal information gathered by companies in databases--we instinctively recoil. Many discussions of privacy appeal to people's fears and anxieties. (9) What commentators often fail to do, however, is translate those instincts into a reasoned, well-articulated account of why privacy problems are harmful. When people claim that privacy should be protected, it is unclear precisely what they mean. This lack of clarity creates a difficulty when making policy or resolving a case because lawmakers and judges cannot easily articulate the privacy harm. The interests on the other side--free speech, efficient consumer transactions, and security--are often much more readily articulated. Courts and policymakers frequently struggle in recognizing privacy interests, and when this occurs, cases are dismissed or laws are not passed. The result is that privacy is not balanced against countervailing interests.

   Abstract incantations of "privacy" are not nuanced enough to capture the problems involved. The 9/11 Commission Report, for example, recommends that, as government agencies engage in greater information sharing with each other and with businesses, they should "safeguard the privacy of individuals about whom information is shared." (10) But what does safeguarding "privacy" mean? Without an understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?

   Many commentators have spoken of privacy as a unitary concept with a uniform value, which is unvarying across different situations. In contrast, I have argued that privacy violations involve a variety of types of harmful or problematic activities. (11) Consider the following examples of activities typically referred to as privacy violations:

   * A newspaper reports the name of a rape victim. (12)

   * Reporters deceitfully gain entry to a person's home and secretly photograph and record the person. (13)

   * New X-ray devices can see through people's clothing, amounting to what some call a "virtual strip-search." (14)

   * The government uses a thermal sensor device to detect heat patterns in a person's home. (15)

   * A company markets a list of five million elderly incontinent women. (16)

   * Despite promising not to sell its members' personal information to others, a company does so anyway. (17)

   These violations are clearly not the same. Despite the wide-ranging body of law addressing privacy issues today, commentators often lament the law's inability to adequately protect privacy. (18) Courts and policymakers frequently have a singular view of privacy in mind when they assess whether or not an activity violates privacy. As a result, they either conflate distinct privacy problems despite significant differences or fail to recognize a problem entirely. Privacy problems are frequently misconstrued or inconsistently recognized in the law. The concept of "privacy" is far too vague to guide adjudication and lawmaking. How can privacy be addressed in a manner that is non-reductive and contextual, yet simultaneously useful in deciding cases and making sense of the multitude of privacy problems we face?

   In this Article, I provide a framework for how the legal system can come to a better understanding of privacy. I aim to develop a taxonomy that focuses more specifically on the different kinds of activities that impinge upon privacy. I endeavor to shift focus away from the vague term "privacy" and toward the specific activities that pose privacy problems. Although various attempts at explicating the meaning of "privacy" have been made, few have attempted to identify privacy problems in a comprehensive and concrete manner. (19) The most famous attempt was undertaken in 1960 by the legendary torts scholar William Prosser. He discerned four types of harmful activities redressed under the rubric of privacy:

1. Intrusion upon the plaintiff's seclusion or solitude, or into his private affairs.

2. Public disclosure of embarrassing private facts about the plaintiff.

3. Publicity which places the plaintiff in a false light in the public eye.

4. Appropriation, for the defendant's advantage, of the plaintiff's name or likeness. (20)

   Prosser's great contribution was to synthesize the cases that emerged from Samuel Warren and Louis Brandeis's famous law review article, The Right to Privacy. (21)

   However, Prosser focused only on tort law. American privacy law is significantly more vast and complex, extending beyond torts to the constitutional "right to privacy," Fourth Amendment law, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state privacy statutes. (22) The Freedom of Information Act contains two exemptions to protect against an "unwarranted invasion of personal privacy. (23) Numerous state public records laws also contain privacy exemptions, (24) Many state constitutions contain provisions explicitly providing for a right to privacy. (25)

   Moreover, Prosser wrote over forty years ago, before the breathtaking rise of the Information Age. New technologies have given rise to a panoply of different privacy problems, and many of them do not readily fit into Prosser's four categories. Therefore, a new taxonomy to address privacy violations for contemporary times is sorely needed.

   The taxonomy I develop is an attempt to identify and understand the different kinds of socially recognized privacy violations, one that hopefully will enable courts and policymakers to better balance privacy against countervailing interests. The purpose of this taxonomy is to aid in the development of the law that addresses privacy. Although the primary focus will be on the law, this taxonomy is not simply an attempt to catalog existing laws, as was Prosser's purpose. Rather, it is an attempt to understand various privacy harms and problems that have achieved a significant degree of social recognition. I will frequently use the law as a source for determining what privacy violations society recognizes. However, my aim is not simply to take stock of where the law currently stands today, but to provide a useful framework for its future development.

   THE TAXONOMY

   Privacy cannot be understood independently from society. As sociologist...