Privacy in the private sector: use of the automotive industry's "event data recorder" and cable industry's "interactive television" in collecting personal data.

by Katz, David M.

Rutgers Computer & Technology Law Journal • Spring, 2003 •

I. INTRODUCTION

While the mention of the term "Big Brother" typically arouses suspicion of the government, many privacy advocates have been expressing concern over the private sector's access to and use of valuable personal information. One example of this possible encroachment upon privacy rights occurs within the automotive industry, specifically the use of "Event Data Recorders" ("EDR") in vehicles. These devices, akin to the "black boxes" of the aviation industry, record the vital statistics of an automobile's operation in five-second loops, thereby saving the final five seconds prior to impact. (1) Some of the notable data recorded include airbag deployment, seatbelt use, speed prior to impact, acceleration or deceleration, and braking. (2)

Another illustration of modern technology encountering privacy issues is the emergence of a new media, known as "Interactive Television" ("ITV"). With sophisticated set-top cable boxes, consumers will be able to interact with their television, thus focusing the content of programming, advertising, and "t-commerce"(3) to suit individual preferences. (4) The privacy debate involves the cable company's ability to collect and share personal information recorded through the consumer's interaction with the technology. (5) The breadth of this forthcoming technology thus impacts many industries, including: cable, programming, advertising, marketing, and retail, among others. (6)

This Note seeks to explore the interrelationship between privacy rights and the modern technology of the private sector, with particular emphasis on "information privacy." I will set forth the statutory and common law protections of privacy rights, and analyze their applicability to the technology of today and tomorrow, focusing on the Event Data Recorder and Interactive Television. Further, I will show that most privacy concerns are ill-founded, as the practices of the private sector are, by-and-large, in accordance with both the law and sound public policy. Similarly, technology such as the EDR and ITV represent societal progress in the areas of safety and convenience, thus thoroughly outweighing any nominal social cost to personal privacy. Finally, I will provide suggestions to the legislature, private sector businesses, and the public-at-large for maintaining the crucial balance between preserving inherent privacy rights and expanding the boundaries of technology.

II. ORIGINS OF PRIVACY RIGHTS

A. Common Law Tort

The development of common law privacy rights began with the oft-quoted Harvard Law Review article of Samuel Warren and Louis Brandeis in 1890. (7) In the article, privacy was characterized as the "right to be let alone." (8) Inspired by the overzealous and intrusive nature of the press, a private sector industry, Warren and Brandeis argued for the creation of a new privacy right in personal information. (9) Later, Dean William Prosser further developed the common law privacy right, as he classified invasions of privacy into four distinct causes of action in tort law. (10) These four categories are: (1) intrusion upon one's seclusion or solitude, (2) publicly disclosing private facts of one's life, (3) placing another in a false light in the public eye, and (4) appropriation of name or likeness. (11) Prosser's classifications were later adopted by the Restatement (Second) of Torts. (12) It is the "intrusion upon seclusion" (13) cause of action that forms the basis of the information privacy concerns relevant to the EDR and ITV.

B. United States Constitution

The right to privacy is not mentioned explicitly in the United States Constitution. However, the United States Supreme Court, in i v. Connecticut held that the "specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance," which create "zones of privacy." (14) Despite the privacy right created from an aggregation of the guarantees of the Bill of Rights, the Constitution only provides protection from state actions that violate an individual's privacy. As a result, no Constitutional privacy right attaches when the intruding party is a private entity. More specifically, the Supreme Court held in Smith v. Maryland: "[A] person has no legitimate expectation of privacy in information he voluntarily turns over to [private] third parties." (15) Thus, the scope of the fundamental privacy right recognized under the Constitution does not reach the private sector, and is therefore extraneous to the privacy issues raised by the use of the EDR and ITV in private industry.

C. Federal Statutory Schemes

Similar to the Constitutional privacy protections, many federal statutes solely regulate state actors, as opposed to the private sector. (16) The federal legislation that does reach private entities' collection or use of information is drafted on an ad-hoc basis, thus addressing narrow, industry-specific privacy concerns from a reactive approach. (17) Some examples of federal statutes aimed at addressing informational privacy issues are the Cable Communication Privacy Act of 1984 ("Cable Act"), (18) the Children' s Online Privacy Protection Act, (19) the Telecommunications Act of 1996, (20) the Electronic Communications Privacy Act (e-mail), (21) and the Video Privacy Protection Act (video rentals). (22) While the automotive industry's EDR does not appear to be regulated by any federal statutory scheme, the mass media industry's ITV seems, on its face, to fall within the ambit of the Cable Act. However, the transmission of ITV will occur through various media sources, including satellite links and telephone lines, therefore, arguably, negating the protection of the Cable Act, which only applies to cable operators. (23) The limited scope of the statute leads one to believe that the legislature of the early 1980's did not envision interaction with the television via any media other than the cable set-top box. Despite the miscalculation on the relevant media source, it appears that the legislature did have the foresight to contemplate the impact of interactivity, as it drafted one of the most protective privacy statutes. (24)

D. State Statutory Schemes

Another approach to safeguarding citizens' informational privacy rights from the private sector is state-level legislation. The state of California is at the forefront in regulating new technologies, such as ITV. (25) California State Senate Bill 1090 ("S.B. 1090"), passed into law on October 10, 2001, extends the federal Cable Act to "satellite systems," which include a broader array of media used to transmit ITV. (26) S.B. 1090, which amends [section] 637.5 of the California Penal Code:

[E]xpands California's cable privacy laws to

prevent satellite companies from disclosing any

personal information or television viewing habits

to anyone but the individual customer unless the

customer "opts in" and allows that information to

be collected and sold. Companies that violate the

bill's privacy guidelines are subject to a

misdemeanor penalty and a $3,000 fine. The bill

also allows people to file civil lawsuits against

companies that violate the bill's privacy

protections.... The bill passed the Legislature

with overwhelming bipartisan support and goes

into effect on January 1, 2002. (27)

Therefore, S.B. 1090 directly addresses the privacy concerns surrounding ITV, as it mandates stringent regulations on the collection and use of personal information by the California ITV providers who use satellite or cable mediums.

III. THE EVENT DATA RECORDER

A. What is the EDR?

According to a member of the National Highway Traffic Safety Administration's ("NHTSA") Event Data Recorder Working Group, an EDR can be defined as "an on-board device or mechanism capable of monitoring, recording, displaying, storing or transmitting pre-crash, crash, and post-crash data element parameters from a vehicle, event and driver." (28) One of the most significant events in the development of EDR technology was the International Symposium on Transportation Recorders (the "Symposium"), which took place May 3-5, 1999, in Arlington, Virginia. (29) At the Symposium, officials from the NHTSA and the General Motors Corporation ("GM") announced a cooperative effort between the NHTSA, the National Transportation Safety Board ("NTSB"), and automobile manufacturers to gather collision information through the use of the EDR. (3) As far as the history of the EDR technology, a Symposium report noted:

Since 1974, General Motors' airbag equipped

production vehicles have recorded airbag status

and crash severity data for impacts that caused a

deployment. Many of these systems also recorded

data during "near-deployment" events, i.e., impacts

that are not severe enough to deploy the airbag(s).

GM design engineers have used this information to

improve the performance of airbag sensing systems

and NHTSA researchers have used it to help

understand the field performance of alternative

airbag system designs. Beginning with the 1999

model year, the capability to record pre-crash