Privacy law is the area of law concerning the protection and preservation of the privacy rights of individuals. By definition, most countries treat privacy as the rights of individuals and not institutions. The governments and other organizations collect vast amounts of personal information for a variety of purposes. The law of privacy limits how these organizations can collect and use this information.

The scope of applicability of privacy laws is called expectation of privacy.

Classification of privacy laws

Privacy laws can be broadly classified into:

General privacy laws

These laws have an overall bearing on the personal information of individuals and affect the policies that govern many different areas of information

Specific privacy laws

These laws are designed to protect specific types of information such as health information, financial information, etc. about individuals. Some examples include:

• Health privacy laws
• Financial privacy laws
• Online privacy laws
• Communication privacy laws
• Information privacy

Privacy laws by country

Australia

In Australia,^[1] the federal Privacy Act 1988 sets out principles in relation to the collection, use, disclosure, security and access to personal information. The Act applies to Australian Government and Australian Capital Territory agencies and private sector organisations (except some small businesses). The Office of the Privacy Commissioner is the complaints handler for alleged breaches of the Act. Some Australian States have enacted privacy laws.

The Australian Law Reform Commission http://www.alrc.gov.auis currently conducting an extensive inquiry into privacy law in Australia and is due to report to the Australian Government in March 2008.

More information about Australian Privacy Laws can be found at Federal Privacy Law

Canada

In Canada, the federal 'Personal Information Protection and Electronic Documents Act (PIPEDA) governs the collection, use and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. It generally does not apply to non-commercial organizations or provincial governments. Personal information collected, used and disclosed by the federal government and many crown corporations is governed by the Privacy Act. Many provinces have enacted similar provincial legislation such as the Ontario Freedom of Information and Protection of Privacy Act which applies to public bodies in that province.

There remains some debate whether there exists a common law tort for breach of privacy. There have been a number of cases identifying a common law right to privacy but the requirements have not been articulated.^[2]

In Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada^[3] Canada's Supreme Court found that CP could collect Eastmond's personal information without his knowledge or consent because it benefited from the exemption in paragraph 7(1)(b) of PIPEDA, which provides that personal information can be collected without consent if "it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement".^[3]

United Kingdom

As a member of the European Convention on Human Rights, the United Kingdom adheres to Article 8 ECHR, which guarantees a "right to respect for privacy and family life", subject to restrictions as prescribed by law and necessary in a democratic society towards a legitimate aim.

However, there is no independent tort law doctrine which recognises a right to privacy. This has been confirmed on a number of occasions.

• Kaye v. Robertson
• Wainwright v. Home Office

United States

The idea of a right to privacy originated in America. A future Supreme Court judge, Justice Brandeis and another young lawyer, Samuel D. Warren, published an article called 'The Right to Privacy' in the Harvard Law Review in (1890) arguing that the constitution and the common law allowed for the deduction of general "right to privacy".^[4] Their project was never entirely successful and the renowned tort expert Dean Prosser argued that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone."^[5] These elements were

1. appropriating the plaintiff's identity for the defendant's benefit
2. placing the plaintiff in a false light in the public eye
3. publicly disclosing private facts about the plaintiff
4. unreasonably intruding upon the seclusion of solitude of the plaintiff

• Health Information Privacy Accountability Act -- Office for Civil Rights U.S. Department of Health and Human Services
• Financial Services Modernization Act (GLB), 15 U.S. Code §§ 6801-6810
• Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
• Fair Credit Reporting Act (FCRA), 15 U.S. Code §§ 1681-1681u

See also

• Privacy laws
• Information Privacy Laws
• Data privacy
• Internet privacy

Legislation

• Privacy Act of 1974 (US)
• Electronic Communications Privacy Act (US)

References

1. ↑ List of Privacy Laws
2. ↑ See for example, Somwar v. McDonald's Restaurants of Canada Ltd, [2006] O.J. No. 64 for a discussion on this
3. ↑ ^{a b} Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada, June 11, 2004
4. ↑ Warren and Brandeis, 'Right to Privacy' (1890) 4 Harvard Law Review 193
5. ↑ Dean Prosser, 'Privacy' (1960) 48 California Law Review 383