CCPA/CPRA Data Mapping: The Why, What, and How
How often does the word “right” show up in the text of the CCPA/CPRA?Read Now
June 1, 2020
When we think of data privacy, most of us consider it a relatively new challenge spawned from the risk of living in a digital world. But data privacy roots run much deeper. Thanks to the mind and perseverance of Louis Brandeis in the early 1900s, his Right to Privacy work paved the way for our modern laws and the software solutions designed to help companies comply.
If you don’t know much about Louis Brandeis, we’d like to introduce him to you. Brandeis is a data privacy pioneer. His foundational work a century ago is why you, as a consumer, can hold companies accountable to protect your personal data, and why you, as a company, can do your part to ensure your customers have a say about how their personal information is collected.
Louis Brandeis was born in Kentucky as the son of Jewish immigrants from Bohemia. He graduated from Harvard Law School in 1877 at just 21 at the top of his class with the highest grade point average in the history of the law school. He became a successful lawyer in Boston and in 1890, he co-penned the first major article to advocate for a legal right to privacy in the Harvard Law Review.
His work caught the eye of President Woodrow Wilson who appointed him to the Supreme Court in 1916 as its first Jewish Supreme Court Justice. By 1948, he had the first Jewish-sponsored nonsectarian university in the United States named after him, Brandeis University in Massachusetts.
Among his many accolades, Brandeis took a firm stand on many issues that still impact us today. He defended statutes of various states prescribing maximum hours of labor and minimum wages. He attacked monopolies in favor of enforced competition, warned against unlimited government, and championed individual liberty. He believed in the First Amendment of free speech unless it posed a “clear and present danger” and never stopped fighting for social justice. So much so, he was dubbed the “Robin Hood of the law” by The Economist.
His cases, opinions, notable books, and essays are still studied and referenced today. But his Right to Privacy article has had the most significant impact on our current society as it relates to personal data.
Was Brandeis prophetic in his belief that people would need the right to privacy? Not exactly. The increasing use of the telephone and wiretapping in the 1920s concerned him. In 1927, he argued that personal data obtained through wiretapping without a warrant was not admissible in court. He argued that the Fourth and Fifth Amendment rights applied to wiretapping, noting there was no difference between listening to a phone call or reading a sealed letter without consent.
His dissent fueled future Supreme Court rulings on the topic, requiring warrants before any phones could be wiretapped. In fact, his premise that people have the “right to be let alone” influences everything from modern data privacy laws to abortion.
While there was no way Brandeis could’ve predicted social media, e-commerce, or the cloud, he did set the stage for the General Data Protection Regulation (GDPR), California Consumer Protection Act (CCPA), and other personal data privacy standards. Here’s how:
Brandeis was adamant that we have the right to be free from the invasion of privacy. He argued that our personal conversations, correspondence, and other information about us are the property of the person. He was suspicious about the technology of that time and understood emerging technology posed a threat to privacy.
Flash forward to today and our technology may have evolved, but the notion is still the same. Technology may further our capabilities and even alter our culture, but he would argue that it still doesn’t give anyone, any organization, or any government the right to obtain our personal information without consent. And even if consent is freely given, the entity has the responsibility to protect that data.
Even as business people, we are also consumers. Unlike many consumers, we understand that every time we go online, use our credit or debit card, use an app, or go onto a social platform, we leave behind details about ourselves. This is personal, often private information we wouldn’t necessarily blast to the world, yet we still put it out there without much thought of what happens to it after we swipe or log out.
Your organization likely collects customer data for all kinds of reasons, such as “personalization” to prevent making the same choices over and over on a website. But even for this innocent reason, it’s still the consumers’ right to not be marketed to - to be left alone. Here’s what Brandeis said about it in 1890:
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual...the right ‘to be let alone’...Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.”
Brandeis argued that there needed to be laws to enforce the boundaries between what we make public and our private lives. How insightful he was. Even though we may post a photo on Facebook (the public) of us eating an Oreo, we aren’t necessarily inviting Nabisco or their competitor to hound us (our private lives) with advertisements, emails, and the like. We have the right to be left alone. We, and our customers, get to decide - or at least be made aware when we/they sign up to use the app - if we give Facebook permission to share our data with their partners for marketing purposes.
Some legal experts argue that we are living in a different world than the one Brandeis’ arguments were based on. For instance, back then people didn’t willingly give out their personal information as we do on Facebook today. But even if this were a valid argument, Brandeis would likely argue that the circumstance or the medium doesn’t matter. What matters is that we all should have the right to own our own data, and it’s our right to decide whether we want to give companies permission to collect our data.
The premise of the GDPR, CCPA, and other modern privacy standards is that you are now held accountable for asking for permission or notifying your users that their data is being collected before you actually collect it. Going a step further, you must tell your customers what you plan on doing with their data. Thank you, Mr. Brandeis!
Brandeis’ track record suggests he would have been in favor of these sorts of laws. If you’re reading this, you already understand the importance of this legislation. You value your customers’ data for more than the insight it provides because you recognize it’s private data.
At Osano, we are inspired by privacy pioneers like Louis Brandeis. We believe Mr. Brandeis was ahead of his time in understanding how important personal privacy was. His work motivates us to continue to develop our capabilities in simplifying data privacy compliance so every organization, large or small, can do their part in protecting consumer data and honoring people’s right to privacy.
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.