In 1981, as cable television and pay channels such as HBO were first beginning to gain a foothold among consumers, the Wisconsin Legislature passed a comprehensive bill protecting the privacy of cable subscribers’ viewing habits.
The law went so far as to prohibit the unauthorized dissemination of any “information that discloses or reasonably leads to the disclosure of any aspect of the behavior, including but not limited to individual habits, preferences or finances, of the subscriber or of a member of the subscriber’s household.”1 The legislature recognized that the television programs one watches constitute connections or associations that can shed light on one’s identity, and it thus implemented a measure to protect that associational privacy.
Since the advent of the digital age, statutory protections have been slower to arrive.
Thus far, privacy statutes have focused on holding businesses responsible for protecting small categories of customer information deemed especially sensitive and prone to misuse – namely, individuals’ health information and personally identifiable financial data, such as credit card and Social Security numbers. These laws built on preexisting privacy statutes protecting individuals’ names and likenesses from unauthorized commercial use or defamation.
When it comes to the Internet, however, there is little that resembles the broad-ranging protection against disclosure of “any aspect of the behavior” of cable television consumers, and demand for application of similar protections in the broader digital context remains relatively muted. There are signs that this status quo is ripe for a significant shift in the coming years, however.
Determining Digital Associations
Through technological advances, firms now can aggregate the digital associations of individuals to determine aspects of our behavior as never before.
Matthew R. Lynch, Iowa 2006, is senior counsel in the Madison office of Foley & Lardner LLP and a member of the firm’s business litigation and dispute resolution; construction; consumer financial services; and privacy, security, and information management practices.
Social networking sites do not need to know a person’s Social Security number to predict her acquaintances with uncanny accuracy. Online advertising firms need not obtain a person’s credit report to know what he likely wants to purchase. And to obtain a partial dossier on another person, hiring a private investigator isn’t necessary; anyone with an Internet connection can find much information about other people’s associations and criminal history and even satellite photographs of people’s homes.
Indeed, in disclosures following a recent and well-publicized surveillance scandal, the National Security Agency (NSA) acknowledged obtaining call logs from phone providers not for the purpose of examining the calls’ content – which would have run into significant legal hurdles under the Fourth Amendment and federal statutes – but to learn about the connections among people and groups that those records revealed, information that has fewer protections.
Against this backdrop, arguments for the type of associational-privacy protection exemplified by the cable television statute are proliferating, in lawsuits if not yet the statutes.
In two cases in which decisions were issued in 2013, Wisconsin plaintiffs sought to apply more comprehensive protections to the existing legal framework governing Internet privacy. None of the plaintiffs were successful, but the cases offer a preview of litigation likely to become more common in the coming years.
Protecting Internet Privacy
In Habush v. Cannon,2 the plaintiffs (named partners of the Habush Habush & Rottier law firm) sued the named partners of a competitor law firm. The Cannon firm attorneys had bid on the Google search terms “Habush” and “Rottier,” which meant that the results of a Google search for Habush Habush & Rottier included a sponsored-link advertisement for the competitor. The plaintiffs argued that the defendants unreasonably invaded their privacy by misappropriating the Habush and Rottier names for the defendants’ own commercial purposes.
The Wisconsin Court of Appeals disagreed, likening the defendants’ actions to a firm placing a billboard next to a competitor’s billboard, an act that does not violate privacy laws.
Under the court’s ruling, the defendants’ actions would not amount to misappropriation of the plaintiffs’ identities unless the defendants used those identities to endorse or promote their own law firm in a way that is visible to the public. Because the use of the plaintiffs’ name was within the context of Google’s advertising mechanism, and thus outside the public view, the court held that it was not prohibited by current privacy statutes. [Note: For an in-depth discussion of the holding in Habush v. Cannon, see “Internet Keyword Advertising: Not a Violation of Right to Publicity” in the July/August 2013 Wisconsin Lawyer.]
The second case, Stayart v. Google Inc.,3 also involved a Wisconsin plaintiff aggrieved over the associations that popped up when her name was typed into Google – specifically, the search engine’s suggestion of a connection between her name and an erectile-dysfunction drug.
The plaintiff sued Google directly, alleging that Google generated advertising revenue through the suggested connection and violated her right to publicity. The Seventh Circuit Court of Appeals threw out Stayart’s claims under Wisconsin law, noting that the connection was incidental to Google’s revenue generation efforts and was a matter of public interest, given that Stayart had previously filed another public lawsuit making the same allegations against Yahoo!.
In sum, the courts held that the plaintiffs in each of these cases held claims that did not quite fit within the existing legal privacy framework. But their claims probe the edges of what may be the next wave of digital-privacy law: protections not just for an individual’s name and likeness, credit card numbers, and health information but also for a person’s associations.
Neither courts nor legislatures have fully accepted or settled on a general theory of associational privacy, but in a significant number of lawsuits, plaintiffs are trying various means to bring protection of one’s associations within the principles (if not the letter) of existing privacy laws.
The combination of ever-improving technology, growing public awareness, and a rising number of test cases will amplify the pressure to clarify this increasingly important area of the law.
There is a wide spectrum of possibilities, ranging from barring firms from using data they possess to make certain associations (like the cable television statute) to barring plaintiffs from impeding the flow of information by bringing such lawsuits.
In the meantime, in an era in which one false, misleading, or embarrassing online association is immediately accessible to the public and may have significant consequences, expect litigants to continue to probe the boundaries of associational privacy with greater frequency in the years to come.
1 Wis. Stat. § 134.43.
2 Habush v. Cannon, 2013 WI App 34, 346 Wis. 2d 709, 828 N.W.2d 876.
3 Stayart v. Google Inc., 720 F.3d 719 (7th Cir. 2013).