The growth of data warehousing and the Internet pose new privacy questions, having more to do with commercial than governmental threats to privacy. The basic issue is the extent to which personal information may be gleaned from Internet activity and assembled to create a detailed picture of a person, and the extent to which an individual should be informed about the process. So far, these concerns have not been considered in the courts. On the other hand, industry associations and legislatures have been trying to develop policies which strike a balance between individual privacy rights and development of commercially valuable marketing data. Judging only from the amount which has been written about privacy and related issues such as encryption and anonymity, it appears that this is an area where community perceptions of what is happening and what is right, technological developments affecting what is possible, and legislative edicts delineating protections, obligations and remedies for violations, are all in such a state of rapid change that it would be foolhardy to predict what privacy rights will evolve. Interestingly, the potential threat of computer technology to individual privacy was a prominent topic twenty five years ago, perhaps in response to the rapid rise of main frame computing, at the time of the following dissent by Justice Douglas:
In a sense a person is defined by the checks he writes. By examining them the agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliations, education interests, the papers and magazines he reads and so on ad infinitum. These are all tied to one’s social security number; and now that we have the data banks, these other items will enrich that storehouse and make it possible for a bureaucrat - by pushing one button - to get in an instant the names of the 190 million Americans who are subversives or potential and likely candidates."
California Bankers Association v. Schultz, 416 U.S. 21, 79 (1974) (Douglas, dissenting)
Even though more than a quarter century old and from a privacy case concerning federal requirements that banks retain records of customers’ checks, Justice Douglas framed a concern which has returned to prominence due to the rise of the Internet. Indeed, just substitute "marketer" for "bureaucrat," because now the debate has largely turned to commercial, not governmental, intrusions.
The Internet privacy issue which has received the most attention, by legislators, regulators, and industry organizations, has been the need for protection against unauthorized distribution of personal information. Privacy "rights" in this regard are not well defined under current laws. In fact, the Federal Trade Commission (FTC) has issued an extensive report on web site privacy practices, and proposed legislation to regulate how information is obtained from children. From the industry side, a variety of trade organizations have generated model privacy policies, guidelines, and other "self policing" proposals, to head off the passage of any legislation which could restrict the development of personalized marketing to individual consumers by Internet sellers.
Along with the FTC, pressure has been exerted by the European Union (E.U.), which has called upon its member countries to adopt far more stringent restrictions on use or dissemination of personal information. The E.U. Directive which most concerns United States based companies is a requirement that E.U. member nations prohibit transmission of information to outside countries which lack "adequate" personal privacy protection. Reconciling the European Union mandate with the demands of U.S. based companies for the free flow of information and private policing is a work in progress. However legitimate the E.U.’s concerns may be, a solution based on restricting the flow of information across physical borders would seem to run counter to general trends towards open, global information exchange.
Another area of privacy law directly impacted by the Internet is what is commonly referred to as the invasion of privacy. In legalese, invasion cases consist of one or more of the following claims: "false light," "unwanted publicity," or "appropriation of likeness." Although courts and commentators developed this set of pigeonholes to describe the various aspects of this privacy right, the facts of any given case frequently overlap two or more of these categories. With regard to the Internet, the issue then is not so much one of "claim classification" as it is identifying fact patterns that are seen repeated in the Internet context.