¹ Whitman, JQ, ‘The Two Western Cultures of Privacy: Dignity Versus Liberty’ (2004) 113(6) YaleLJ 1151Google Scholar; for an engagement with Whitman's cultural approach, as opposed to a functional approach to comparative methodology, see Special Issue of AmJCompL (2017) Vol 65; see especially Gordley, J, ‘Comparison, Law, and Culture: A Response to Pierre Legrand’ (2017) 65 AmJCompL 133Google Scholar; Zumbansen, P, ‘Les Jeux Sont Faits: Comparative Law—As It Really Was Meant to Be?’ (2017) 65 AmJCompL 237Google Scholar. See also RC Post, ‘Three Concepts of Privacy’ (2001) 89 GeoLJ 2087; Eberle, EJ, Dignity and Liberty: Constitutional Visions in Germany and the United States (Praeger 2001)Google Scholar; Carmi, GE, ‘Dignity Versus Liberty: The Two Western Cultures of Free Speech’ (2008) 26 BostonUIntlLJ 277Google Scholar; Markesinis, B et al, ‘Concerns and Ideas about the Developing English Law of Privacy (and How Knowledge of Foreign Law Might be of Help)’ (2004) 52(1) AmJCompL 133Google Scholar.

² For reflection on space and privacy, see Altman, I, The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding (Brooks/Cole 1975)Google Scholar; Hildebrandt, M, ‘Privacy and Identity’ in Claes, E, Duff, A and Gurwirth, S (eds), Privacy and the Criminal Law (Intersentia Publishers 2006) 43, 46Google Scholar, where the author comments: ‘the concept of space is important for privacy, though not in a naturalistic sense. Space is a crucial source of perceptual information that allows a person to move around and fit into her environment, to interact with it or even to reshape it.’ See also Feinberg, J, ‘Autonomy, Sovereignty, and Privacy: Moral Ideals in the Constitution’ (1983) 58 NotreDameLRev 445Google Scholar.

³ Nissenbaum, H, Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford University Press 2009) 11CrossRefGoogle Scholar, where the author maps privacy against information technologies by distinguishing between the technological capacities of (1) tracking and monitoring, (2) aggregation and analysis, and (3) dissemination and publication.

⁴ JD Lasica, ‘The Net Never Forgets’ (Salon, 26 November 1998) <https://www.salon.com/1998/11/25/feature_253/>.

⁵ Rosen, J, ‘The Web Means the End of Forgetting’ The New York Times (New York, 21 July 2010)Google Scholar; Rosen, J, ‘The Purposes of Privacy: A Response’ (2001) 89 GeoLJ 2117Google Scholar.

⁶ VM Schönberger, Delete: the Virtues of Forgetting in the Digital Age (Princeton University Press 2009) 99–100.

⁷ Case C-131/12 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González EU:C:2014:317 (Google Spain).

⁸ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1, art 17.

⁹ Google Spain (n 7) para 93.

¹⁰ European Council, ‘Council Resolution on Encryption – Security through Encryption and Security Despite Encryption’ (24 November 2020) 13084/1/20.

¹¹ Big Brother Watch and Others v United Kingdom App No 58170/13, 62322/14 and 24960/15 (ECtHR, 25 May 2021); in contrast to earlier authority that insisted on targeted surveillance based on ‘reasonable suspicion’, eg Weber and Saravia v Germany App No 54934/00 (ECtHR, 29 June 2006); Liberty and Others v United Kingdom App No 58243/00 (ECtHR, 1 July 2008); Kennedy v United Kingdom App No 26839/05 (ECtHR, 18 May 2010).

¹² Big Brother Watch ibid, paras 348–350 (majority judgment).

¹³ Big Brother Watch ibid, para 22 (partly dissenting judgment by Pinto de Albuquerque).

¹⁴ Joined Cases C-511/18 and C-512/18 La Quadrature du Net and Other v France EU:C:2020:791.

¹⁵ Case C-623/17 Privacy International v United Kingdom EU:C:2020:790.

¹⁶ Charter of Fundamental Rights of the European Union [2012] OJ C326/391, art 7 (privacy), art 8 (data protection), art 11 (freedom of expression).

¹⁷ La Quadrature du Net and Other (n 14) paras 134–139, especially para 135; contrast to Joined Cases C-203/15 and C-698/15 Tele2 Sverige and Watson and Others EU:C:2016:970.

¹⁸ Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline over Monitoring Act [2015]; see also United States v Moalin, No 13-505732 (9th Cir 2020).

¹⁹ D Solove, ‘“I've Got Nothing to Hide” and Other Misunderstandings of Privacy’ (2007) 44 SDLRev 745, 768 (discussing the structural shifts and power imbalances that occur as a result of surveillance).

²⁰ Council of Europe, ‘Guide on Article 8 of the European Convention on Human Rights’ (31 August 2022) <https://www.echr.coe.int/documents/guide_art_8_eng.pdf>.

²¹ F Schoeman, ‘Privacy: Philosophical Dimensions’ (1984) 21(3) AmPhilQ 199.

²² Whitman (n 1) 1160; see also Post (n 1) and Eberle (n 1), whose comparative analysis based on dignity and liberty preceded Whitman.

²³ For an empirical overview of the histories of privacy recognition of EU Member States, see D Erdos, ‘Comparing Constitutional Privacy and Data Protection Rights within the EU’ (2022) 47 ELR 482.

²⁴ Semayne's Case (1604) 5 Co Rep 91a, 77 ER 194.

²⁵ See Wilson v Arkansas 514 U.S. 927, 932 (1995): ‘This “knock and announce” principle appears to predate even Semayne's Case … [which] itself indicates that the doctrine may be traced to a statute in 1295, and that at that time the statute was “but an affirmance of the common law.”’

²⁶ Semayne's Case (n 24) 195.

²⁷ Semayne's Case has been linked to Article 8 of the ECHR in, eg, Bempoa, R (on the application of) v London Borough of Southwark [2002] EWHC 153, para 13. See Erdos (n 23) where the author shows that the protection of the home is also long standing in many Continental European jurisdictions.

²⁸ Katz v United States 389 U.S. 347, 361 (1967).

²⁹ W Blackstone, Commentaries on the Laws of England: A Facsimile of the First Edition of 1765–1769 (University of Chicago Press 1979) vol 5, amendment IV, document 8: ‘For every man's house is looked upon by the law to be his castle of defence and asylum, wherein he should suffer no violence’; R v Meade and Belt (1823) 1 Lew CC 184: ‘the making of an attack upon the dwelling, and especially at night, the law requires as equivalent to an assault on a man's person; for a man's house is his castle, and therefore, in the eye of the law, it is equivalent to an assault …’ For paradigmatic US cases on the body as a private sphere, see Griswold v Connecticut 381 U.S. 479 (1965) (recognises an implicit right to privacy in the US constitution, and includes the use of contraception) and Roe v Wade 410 U.S. 113 (1973) (the right to abortion) now overruled by Dobbs v Jackson Women's Health Organization No. 19-1392, 597 U.S. (2022).

³⁰ G Phillipson, ‘Transforming Breach of Confidence? Towards a Common Law Right of Privacy under the Human Rights Act’ (2003) 66(5) ModLRev 726, 733.

³¹ R Wacks, ‘The Poverty of Privacy’ (1980) 96 LQR 73; JC Innes, Privacy, Intimacy, and Isolation (OUP 1992).

³² SD Warren and LD Brandeis, ‘The Right to Privacy’ (1890) 4 HarvLRev193.

³³ This traditional position changed in a number of common law jurisdictions, including England and Wales in Campbell v MGN Ltd [2004] UKHL 22; and Canada in Les Editions Vice Versa Inc v Aubry [1998] 5 BHRC 437.

³⁴ Feinberg (n 2) 454; see also: ‘Where one has one's domicile, however, and where one owns land, there one has space that is entirely one's own, where uninvited intruders (with certain necessary and well understood exceptions) may not enter.’

³⁵ Semayne's Case (n 24) 197.

³⁶ In H Brougham, Historical Sketches of Statesmen who Flourished in the Time of George III (First Series, G. Cox 1845) vol 1, quoted, for example, in Southam v Smout [1964] 1 QB 308, 320. This extension of the prohibition to the King has, of course, been subject to exceptions, as provided by law, eg search warrants.

³⁷ Boyd v United States 116 U.S. 616 (1886).

³⁸ Whitman (n 1) 1212.

³⁹ ibid 1212–3.

⁴⁰ ibid 1161, 1189–95; see also J Kohler, Das Eigenbild im Recht (J Guttentag 1903); Warren and Brandeis (n 32).

⁴¹ Kohler ibid 10 (translation by author).

⁴² Typically, see Article 2(1) of the German Basic Law on the right to free development of one's personality, which includes as part of the right to personal dignity (art 1(1)) the right to control the use of one's image or words, eg in a news story. W Kahl, Die Schutzergänzungsfunktion von Art. 2 Abs. 1 Grundgesetz (Mohr Siebeck 2000) 8. See also Tonband/Recording (German Constitutional Court, 31 January 1973) 2 BvR 454/71, BVerfGE 34, 238.

⁴³ Recognised in the Census Case (German Constitutional Court, 15 December 1983) BVerfGE 65 in the context of creating protection against the ‘transparent citizen’ and providing a theoretical foundation for data protection law; see G Hornung and C Schnabel, ‘Data Protection in Germany I: the Population Census Decision and the Right to Informational Self-Determination’ (2009) 25(1) CLSRev 84. For common law privacy theorists who define privacy as informational self-determination, control or autonomy, see AF Westin, Privacy and Freedom (Atheneum 1967); C Fried, ‘Privacy’ (1968) 77 YaleLJ 475, 482; Phillipson (n 30) 732 P Bernal, Internet Privacy Rights: Rights to Protect Autonomy (CUP 2014). More generally, on different theories: Schoeman (n 21); Nissenbaum (n 3) 69ff; H Fenwick and G Phillipson, Media Freedom under the Human Rights Act (OUP 2006) 662ff.

⁴⁴ U Frevert, The Politics of Humiliation: A Modern History (OUP 2020).

⁴⁵ U Frevert, ‘The History of Humiliation Points to the Future of Human Dignity’ (Psyche, 20 January 2021) <https://psyche.co/ideas/the-history-of-humiliation-points-to-the-future-of-human-dignity>.

⁴⁶ Whitman (n 1) 1164–5.

⁴⁷ NR Whitty, ‘Overview of Rights of Personality in Scots Law’ in NR Whitty and R Zimmermann (eds), Rights of Personality in Scots Law: A Comparative Perspective (Edinburgh University Press 2009).

⁴⁸ Whitman (n 1) 1166 (emphasis in original).

⁴⁹ Lord Hoffman, ‘Mind Your Own Business’ (Goodman Lecture, 22 May 1996, unpublished) cited in Fenwick and Phillipson (n 43) 663 (emphasis added).

⁵⁰ Whitman (n 1) 1161.

⁵¹ Frevert (n 45).

⁵² Post (n 1) 2095.

⁵³ ibid 2095.

⁵⁴ Whitman (n 1) 1182; see also Whitty (n 47) 159f, arguing that there is a distinction between ‘the traditional idea of dignity, its core being honour, respectability and status from the enlightenment idea of human dignity conceived of as personal autonomy …’ (internal marks omitted). See I Kant, Groundwork of the Metaphysics of Morals (1785, M Gregor and J Timmermann trans and eds, CUP 1998, revised 2012) 57: ‘thus a free will and a will under moral laws are one and the same’.

⁵⁵ Whitman (n 1) 1181 (emphasis omitted).

⁵⁶ Whitty (n 47) 161, referring to the different levels at which ‘dignity’ can be defined.

⁵⁷ The value of dignity has exceptionally surfaced in the American jurisprudence in the practice of ‘perp walks’, see eg Lauro v Charles 219 F.3d 202 (2d Cir. 2000) where it was held that public arrests (or ‘“a ritual degradation that publicly signals [the arrestee's] change in status from an ordinary citizen.”’ (204)) staged only for the press violated the accused's Fourth Amendment rights.

⁵⁸ See, for example, accounts that ground the right to informational self-determination ‘in the interest of the public, to guarantee a free and democratic communication order’. Hornung and Schnabel (n 43) 86; or accounts of privacy and freedom of expression being mutually supportive, eg Fenwick and Phillipson (n 43) 686.

⁵⁹ Whitman (n 1) 1176.

⁶⁰ Post (n 1) 2095.

⁶¹ There is a complementarity in that the American emphasis on seclusion and being hidden stresses the autobiographical dimension of personal identity, whilst the Continental European emphasis on personal oversight of one's standing in public is concerned with the biographical or social dimension of identity. See literature on the related topic of identity, or the right to identity, eg Hildebrandt (n 2); S Gutwirth, ‘Beyond Identity?’ (2008) 1 IDIS 123; P De Hert, A Right to Identity to Face the Internet of Things (Council of Europe Publishing 2007).

⁶² Whitman (n 1) 1163.

⁶³ Feinberg (n 2) 483ff, commenting on the judicial interpretation of the US Bill of Rights in Griswold v Connecticut (n 29) speaking of ‘zones of privacy’ which denote zones of individual discretion.

⁶⁴ Whitman (n 1) 1182.

⁶⁵ Note, however, that the balancing of the conflicting rights is, in German jurisprudence, structured along a privacy-ascending, speech-descending order of five spheres: the public, social, private, confidential and intimate spheres which reflect a private–public spectrum, rather than a simple binary: Markesinis et al (n 1) 188ff.

⁶⁶ E Barendt, ‘“A Reasonable Expectation of Privacy”: a Coherent or Redundant Concept?’ in AT Kenyon (ed), Comparative Defamation and Privacy Law (CUP 2016) 96, 111.

⁶⁷ Case C-369/98 The Queen v Minister of Agriculture, Fisheries and Food, ex parte Trevor Robert Fisher and Penny Fisher EU:C:2000:79 (Opinion of AG Alber) para 41.

⁶⁸ GG Fuster and S Gutwirth, ‘Opening up Personal Data Protection: A Conceptual Controversy’ (2013) 29 CLSRev 531.

⁶⁹ Census Case (n 43); see further D Korff and M Georges, ‘The Origins and Meaning of Data Protection’ (SSRN, 13 January 2020).

⁷⁰ P De Hert and S Gutwirth, ‘Data Protection in the Case Law of Strasbourg and Luxembourg: Constitutionalisation in Action’ in S Gutwirth et al (eds), Reinventing Data Protection? (Springer 2009) 3, 5f, commenting on the Council of Europe's adoption of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No 108) (28 January 1981) in response to the perceived limitations of Article 8 (the definition of ‘private life’ and the vertical nature of the protection) in the early 1970s.

⁷¹ The GDPR also to private and public actors consistent with the Continental European culture of privacy; it requires a balancing of the ‘privacy’ interests and the public interests in, for example, public health, national security and law enforcement.

⁷² Contrast to English law, eg Douglas & Ors v Hello! Ltd & Ors [2007] UKHL 21, para 83 (relying on Coco v A. N. Clark (Engineers) Ltd [1969] RPC 41): ‘for the adjective “confidential” one can substitute the word “private”. What is the nature of “private information?” It seems to us that it must include information that is personal to the person who possesses it and that he does not intend shall be imparted to the general public.’ This is consistent with the traditional approach under Article 8 (discussed below) and was also endorsed by the CJEU, eg in Joined Cases C-465/00, C-138/01 and C-139/01 EU:C:2003:294, paras 74–75. See also Markesinis et al (n 1) 162ff.

⁷³ Note that some types of sensitive personal data under the GDPR would be confidential data, eg ‘data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited’.

⁷⁴ GDPR (n 8) art 9, formerly Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/31 (Data Protection Directive) art 8.

⁷⁵ GDPR (n 8) art 9(1).

⁷⁶ Cf De Hert and Gutwirth (n 70) 6, 10.

⁷⁷ The ‘purpose limitation principle’—see GDPR (n 8) art 5(1)(b); as ‘purpose limitation’ is a central concept in data protection law, it appears with high frequency in the Regulation.

⁷⁸ Google Spain (n 7).

⁷⁹ Data Protection Directive (n 74) arts 14, 12(b).

⁸⁰ Google Spain (n 7) para 36.

⁸¹ ibid, paras 85–87.

⁸² Google, Google's Transparency Report <https://transparencyreport.google.com/eu-privacy/overview?hl=en_GB>; for a brief account of the factors taken into account by Google, see NT1 & NT2 v Google LLC (The Information Commissioner intervening) [2018] EWHC 799 (QB) para 131.

⁸³ S Tippmann and J Powles, ‘Google Accidentally Reveals Data on “Right to be Forgotten” Requests’ The Guardian (London, 14 July 2015): ‘These include a woman whose name appeared in prominent news articles after her husband died, another seeking removal of her address, and an individual who contracted HIV a decade ago.’

⁸⁴ The social aspect of privacy has been acknowledged, eg in Botta v Italy App No 21439/93 (ECtHR, 24 February 1998) para 32, referring to ‘the development, without outside interference, of the personality of each individual in his relations with other human beings’.

⁸⁵ JC Buitelaar, ‘Post-Mortem Privacy and Information Self-Determination’ (2017) 19 Ethics Inf Technol 129, 137; see also Feinberg (n 2) 478; D Parfit, ‘Later selves and moral principles’ in A Montefiore (ed), Philosophy and Personal Relations: A French Study (Routledge & Kegan Paul 1973) 137ff.

⁸⁶ See, for example, the UK Rehabilitation of Offenders Act 1974. Note, in the UK the effect of rehabilitation in terms of the right to be forgotten is limited, partly, by virtue of the fact that not all offences fall within the remit of the Act and, partly, by virtue of the judicial authority to the effect that a conviction being spent does not necessarily coincide with a privacy entitlement, but is merely a factor which goes towards it: Gaughran v Chief Constable for the Police Service of Northern Ireland [2015] UKSC 29; see also dicta in R (T) v Chief Constable of Greater Manchester Police [2014] UKSC 35, para 18: ‘the point at which a conviction … recedes into the past and becomes part of a person's private life will usually be the point at which it becomes spent under the 1974 Act. It is a neat and logical suggestion which this court should adopt.’

⁸⁷ For similar earlier domestic provisions, see Segerstedt-Wiberg and Others v Sweden App No 62332/00 (ECtHR, 6 June 2006) and Österreichischer Rundfunk v Austria App No 35841/02 (ECtHR, 7 December 2006).

⁸⁸ Case C-136/17 GC, AF, BH, and ED v Commission Nationale de l'Informatique et des Libertes (CNIL), Premier ministre, and Google LLC EU:C:2019:773 (GC and Ors). But see O Lynskey, ‘Deconstructing Data Protection: The “Added Value” of a Right to Data Protection in the EU Legal Order’ (2014) 63 ICLQ 567 (where the author documents instances where the CJEU has conflated data protection and privacy).

⁸⁹ GDPR (n 8) art 9, which prohibits processing unless one of the exceptions, such as express consent, is satisfied.

⁹⁰ GC and Ors (n 88) paras 25–28.

⁹¹ ibid, paras 53, 66; Google Spain (n 7) paras 81, 97. See also S Kulk and F Borgesius, ‘Privacy, Freedom of Expression, and the Right to Be Forgotten in Europe’ in E Selinger, J Polonetsky and O Tene (eds), The Cambridge Handbook of Consumer Privacy (CUP 2018) 301, noting its inconsistency with the approach of equal status taken by the ECtHR.

⁹² GC and Ors (n 88) para 66; see also para 67, noting the strengthened privacy interests in the case of sensitive personal data.

⁹³ Google Spain (n 7) para 81; now GDPR (n 8) art 17(3)(a).

⁹⁴ GC and Ors (n 88) para 36; Google Spain ibid, paras 35–37.

⁹⁵ GC and Ors ibid, para 66.

⁹⁶ Data Protection Directive (n 74) art 8(2)(e) and GDPR (n 8) art 9(2)(e); GC and Ors ibid, para 63. Information Commissioner's Office, ‘Special Category Data: What are the Conditions for Processing?’ (e) <https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/special-category-data/what-are-the-conditions-for-processing/#conditions5>: ‘[this] clearly assumes a deliberate act by the individual. It's not enough that it's already in the public domain – it must be the person concerned who took the steps that made it public.’

⁹⁷ GC and Ors ibid, para 69: a search engine can refuse a de-referencing request if the ‘processing is covered by the exception in Article 8(2)(e) of the directive, provided that the processing satisfies all the other conditions of lawfulness laid down by the directive, and the data subject has not exercised the right under Article 14(a) of the directive to object to that processing on compelling legitimate grounds relating to his particular situation.’

⁹⁸ ibid, para 77.

⁹⁹ Article 29 Data Protection Working Party, ‘Guidelines on the Implementation of the Court of Justice of the European Union Judgment on “Google Spain and Inc v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” C-131/12’ (26 November 2014) 14/EN WP225, 13: ‘A good rule of thumb is to try to decide where the public having access to the particular information – made available through a search on the data subject's name – would protect them against improper public or professional conduct.’

¹⁰⁰ R Gavison, ‘Privacy and the Limits of Law’ (1980) 89(3) YaleLJ 421, 438 (emphasis in original). See also S Gardbaum, ‘The “Horizontal Effect” of Constitutional Rights’ (2003) 102 MichLRev 387.

¹⁰¹ DJ Solove and NM Richards, ‘Privacy's Other Path: Recovering the Law of Confidentiality’ (2007) 96 GeoLJ 123.

¹⁰² WL Prosser, ‘Privacy’ (1960) 48 CalLRev 383, 389; see also NM Richards and DJ Solove, ‘Prosser's Privacy Law: A Mixed Legacy’ (2010) 98 CalLRev 1887. For its continued relevance, see eg A Gajda, ‘Privacy and the Right to Be Left Alone’ in WR Davie and TM Maher (eds), First Amendment Law in Louisiana (University of Louisiana Press 2015).

¹⁰³ Warren and Brandeis (n 32) 195f (referring to photographs and newspaper enterprise invading ‘the scared precincts of private and domestic life’ and to ‘the evil of the invasion of privacy by newspapers’) and 205 (on the ‘inviolate personality’).

¹⁰⁴ Prosser constructed this category—as an extension of libel that would protect against mental distress and reputational damage, with the main difference being that the disclosed information was private, rather than false—at a time when the Supreme Court's reluctance to restrain truthful (personal) information had not yet materialised. See also Nissenbaum (n 3) 103ff (on privacy in public).

¹⁰⁵ Prosser (n 102) 394f (internal notes omitted; emphasis added).

¹⁰⁶ ibid 396 (internal notes omitted).

¹⁰⁷ Discussed further below.

¹⁰⁸ Prosser (n 102) 396. The test has also been adopted in other common law countries, see n 150 below; see also discussion in Barendt (n 66) 98ff.

¹⁰⁹ Briscoe v Reader's Digest Association, Inc. 4 Cal.3d 532 (1971); see also Melvin v Reid 112 Cal.App 285, 297 P. 91 (1931).

¹¹⁰ Gates v Discovery Communications, Inc. 34 Cal.4th 679 (Cal. 2004).

¹¹¹ Cox Broadcasting Corp. v Cohn 420 U.S. 469 (1975); Oklahoma Publishing Co. v District Court 430 U.S. 308 (1975); Smith v Daily Mail Publishing Co 443 U.S. 97 (1979); The Florida Star v B.J.F. 491 U.S. 524 (1989). These cases all concerned the identities of the victims of a crime, rather than that of the offender.

¹¹² Bartnicki v Vopper 532 U.S. 514 (2001).

¹¹³ Cox Broadcasting Corp. (n 111).

¹¹⁴ ibid 494f.

¹¹⁵ Smith v Daily Mail Publishing Co. (n 111) 103 summarising Oklahoma Publishing Co. v District Court (n 111), approved in The Florida Star v B.J.F. (n 111) 535.

¹¹⁶ Gates v Discovery Communications, Inc. (n 110). See also Eberle (n 1) 191–2 describing how free speech was elevated to its status as the ‘premier fundamental freedom’ through its incorporation into other rights/freedoms starting with the Due Process Clause (14th Amendment) in Gitlow v New York 268 U.S. 652 (1925). Note also the curtailing of defamation claims in New York Times Co. v Sullivan 376 U.S. 254 (1964).

¹¹⁷ Prosser (n 102) 396f.

¹¹⁸ See discussion below on the disentitling effect of such self-help actions under ECHR, art 8.

¹¹⁹ V Dressler, ‘Google Quietly Rolls Out the Right to be Forgotten Mechanism in the U.S.’ (Office for Intellectual Freedom of the American Library Association, 14 June 2022) <https://www.oif.ala.org/oif/google-quietly-rolls-out-the-right-to-be-forgotten-mechanism-in-the-us/>. The right is limited to information such as phone numbers, email or physical addresses, handwritten signatures, non-consensual explicit or intimate personal images, involuntary fake pornography, or personal content on websites with exploitative removal practices.

¹²⁰ ML and WW v Germany App No 60798/10 and 65599/10 (ECtHR, 28 June 2018) (ML & WW).

¹²¹ NT1 & NT2 (n 82); for similar cases on public disclosure of spent convictions, see Hayden v Duckworth [2021] EWHC 1033; Hayden v Dickenson [2020] EWHC 3291.

¹²² J Kokott and C Sobotta, ‘The Distinction between Privacy and Data Protection in the Jurisprudence of the CJEU and the ECtHR’ (2013) 3(4) IDPL 222; De Hert and Gutwirth (n 70) 3. An arguably preferable approach to their relationship has been taken in the EU Charter of Fundamental Rights (n 16) where privacy and data protection exist side by side as distinct and independent rights in art 7 (privacy) and art 8 (data protection). See Lynskey (n 88).

¹²³ ML & WW (n 120) para 97, acknowledging the difference.

¹²⁴ O Diggelmann and MN Cleis, ‘How the Right to Privacy Became a Human Right’ (2014) 14 HRLRev 441, 452: ‘The UDHR was clearly the most important point of reference.’ (tracing the unusual birth of privacy as a human right internationally despite not having enjoyed explicit recognition in any constitutions).

¹²⁵ ibid 445.

¹²⁶ ibid 446, 449. Note that ‘The Statement of Essential Human Rights’ (American Law Institute 1945) itself was drafted by a multi-national committee with a strong US presence (ie 12 out of 25 members) and included Article 6 on Freedom from Wrongful Interference: ‘Freedom from unreasonable interference with his person, home, reputation, privacy and, activities, and property is the right of every one.’

¹²⁷ See, for example, the Greek Constitution of 1911: ‘The Greeks are equal in the eye of the law and contribute without distinction to the public burdens according to their ability …’ (art 3); ‘The dwelling is inviolable …’ (art 12); ‘The secrecy of letters is absolutely inviolable.’ (art 20). See also the Weimar Constitution of 1919 (Germany): ‘All Germans are equal before the law. Men and women have the same fundamental civil rights and duties. Public legal privileges or disadvantages of birth or of rank are abolished …’ (art 109); ‘The home of every German is his sanctuary and is inviolable …’ (art 115); ‘The secrecy of letters and all postal, telegraph, and telephone communications is inviolable …’ (art 117).

¹²⁸ Ed Bates, The Evolution of the European Convention on Human Rights (OUP 2010) 5ff.

¹²⁹ Von Hannover v Germany App No 59320/00 (ECtHR, 24 June 2004); discussed in NA Moreham, ‘Privacy in Public Places’ (2006) 65(3) CLJ 606; Fenwick and Phillipson (n 43) 671ff. For important forerunners, see Peck v the United Kingdom App No 44647/98 (ECtHR, 28 January 2003); P.G. and J.H. v United Kingdom App No 44787/98 (ECtHR, 25 September 2001).

¹³⁰ Von Hannover v Germany ibid (emphasis added).

¹³¹ Von Hannover v Germany ibid, para 57, citing in support: X and Y v the Netherlands App No 8978/80 (ECtHR, 26 March 1985) para 23; Stjerna v Finland App No 18131/91 (ECtHR, 25 November 1994) para 38; Verliere v Switzerland App No 41953/98 (ECtHR, 28 June 2001). For subsequent decisions on the positive obligations of States to guard against horizontal violations, see K.U. v Finland App No 2872/02 (ECtHR, 2 December 2008) paras 42–51; Ageyevy v Russia App No 7075/10 (ECtHR, 18 April 2013) paras 194–195: ‘although the object of Article 8 is essentially to protect the individual against arbitrary interference by the public authorities, it does not merely compel the State to abstain from such interference: in addition to this primarily negative undertaking, there may be positive obligations inherent in an effective respect for private or family life … These obligations may involve the adoption of measures designed to secure respect for private life even in the sphere of the relations of individuals between themselves.’

¹³² Princess Caroline of Monaco 1 BvR 653/96 (BVerfG, 15 December 1999) paras 102–113 affirmed the decision of the Federal Court of Justice in favour of the publication: Princess Caroline of Monaco 13 A 5005/95 (BGH, 19 December 1995) (holding that figures of contemporary society ‘par excellence’ were entitled to privacy outside their home but only in secluded places away from prying eyes).

¹³³ The decision has been rightly criticised for cutting the margin of appreciation to a ‘vanishing point’ and for misunderstanding the nuanced privacy entitlements of public figures in German jurisprudence: Fenwick and Phillipson (n 43) 674; Markesinis et al (n 1) 146f, 185ff.

¹³⁴ Based on Articles 8 and 10 of the ECHR; and the duty imposed by the Human Rights Act 1998 on public authorities to act compatibly with both parties' Convention Rights and, specifically in the case of courts, to interpret the law consistently with Convention Rights.

¹³⁵ Campbell v MGN Ltd (n 33) para 51, where the House of Lords explicitly recognised the new privacy cause of action and expressed its distinct underlying values in Continental European privacy terms: ‘Instead of the cause of action being based upon the duty of good faith applicable to confidential personal information and trade secrets alike, it focuses upon the protection of human autonomy and dignity—the right to control the dissemination of information about one's private life and the right to the esteem and respect of other people.’

¹³⁶ Phillipson (n 30) 735ff.

¹³⁷ Z v Finland App No 22009/93 (ECtHR, 25 February 1997) paras 95–97; Rotaru v Romania App No 28341/95 (ECtHR, 4 May 2000) para 43; Amann v Switzerland App No 27798/95 (ECtHR, 16 February 2000) para 65.

¹³⁸ Kokott and Sobotta (n 122) 224.

¹³⁹ M.M. v United Kingdom App No 24029/07 (ECtHR, 13 November 2012) para 188, discussed in Kokott and Sobotta ibid 224; see also Rotaru v Romania (n 137): ‘Moreover, public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities. That is all the truer where such information concerns a person's distant past.’

¹⁴⁰ NT1 & NT2 (n 82) para 140 (emphasis added). See also para 170.

¹⁴¹ Data Protection Directive (n 74) art 2(a), and now GDPR (n 8) art 4(1).

¹⁴² While Article 8 is primarily directed at ‘private’ harms, the ECtHR has held that ‘there is no reason of principle to justify excluding activities of a professional or business nature from the notion of “private life”’: Rotaru v Romania (n 137); Amann v Switzerland (n 137). For the ECtHR jurisprudence of privacy entitlements in respect of professional and business activities, see Council of Europe (n 20) 23ff.

¹⁴³ ML & WW (n 120) para 88 (emphasis added).

¹⁴⁴ NT1 & NT2 (n 82) paras 154–155, 167. In relation to NT2, the balance tipped in favour of removal partly because he had a young family: ‘Moreover, unlike NT1, this claimant has a young family, and the impact of disclosure of his old conviction is capable of having an adverse impact. His case on interference with family life is stronger.’ (para 222; see also paras 224, 226).

¹⁴⁵ Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke and Eifert EU:C:2010:662, para 59: ‘It is of no relevance in this respect that the data published concerns activities of a professional nature …’.

¹⁴⁶ Google Spain (n 7).

¹⁴⁷ GC and Ors (n 88) para 77.

¹⁴⁸ In re JR38 [2015] UKSC 42 contrast majority and minority judgment; discussed in J Purshouse, ‘The Reasonable Expectation of Privacy and the Criminal Suspect’ (2016) 79(5) ModLRev 871, commenting that the ECtHR has not used the test as a touchstone test; see also Barendt (n 66) 104.

¹⁴⁹ Katz v United States (n 28).

¹⁵⁰ Australia: Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd [2001] HCA 63, para 42 (‘highly offensive to a reasonable person of ordinary sensibilities’); New Zealand: Hosking v Runting [2005] 1 NZLR 1 (‘the existence of facts in respect of which there is a reasonable expectation of privacy’); England and Wales: Campbell v MGN Ltd (n 33) (‘the touchstone of private life is whether in respect of the disclosed facts the person in question had a reasonable expectation of privacy’); Barendt (n 66) critiques the test as artificial and importing free speech interests both at the first and second stages of the analysis.

¹⁵¹ Barendt ibid 103f also notes that the Strasbourg court has been relying on the test in intrusion cases, arguably on the basis of a lack of an alternative test given the victim's absence of knowledge.

¹⁵² Katz v United States (n 28).

¹⁵³ In English jurisprudence the test has been used at the second of a three-stage approach to Article 8—after deciding whether the alleged Article 8 intrusion is serious enough, and before determining whether it is outweighed by other (public) interests; see R (Wood) v Commissioner of Police for the Metropolis [2010] 1 WLR 123, 136. Both Barendt (n 66) 102f, and Purshouse (n 148) 881, persuasively argue that the test should, if at all, only figure at that third/balancing stage.

¹⁵⁴ ML & WW (n 120) para 109.

¹⁵⁵ NT1 & NT2 (n 82) paras 125, 130, 168, 170.

¹⁵⁶ ibid, para 168.

¹⁵⁷ ibid, para 130, where Warby J somewhat acknowledges the unfairness of the position. See also In re JR38 (n 148) where the UK Supreme Court unanimously dismissed the appeal of a 14-year-old minor who argued that the publication of his image taken by police during a sectarian riot, violated his Article 8 entitlement, with a majority holding that Article 8 was not engaged, discussed in Purshouse (n 148).

¹⁵⁸ NT1 & NT2 (n 82) para 170 (emphasis added).

¹⁵⁹ The GDPR (n 8) refers to the reasonable expectations (see Recital 47) but links those expectations to the purpose of the use of the data, rather than its disclosure or dissemination per se.

¹⁶⁰ In GC and Ors (n 88), the term ‘private’ does not appear at all in the Opinion of the Advocate General, and only three times in the judgment of the Court in the course of the balancing exercise.

¹⁶¹ For an obvious example, see Peck v UK [2003] EMLR 15 (where closed circuit TV footage that included the applicant and was collected by the council was later passed on to the media for a Crime Beat programme).

¹⁶² Nissenbaum (n 3).

¹⁶³ On consent, GDPR (n 8) arts 6(1)(a), 7, 9(2)(a); on data subject rights, see GDPR (n 8) Chapter III.

¹⁶⁴ As supported by some common law privacy lawyers, eg Moreham (n 129) 617ff.

¹⁶⁵ Fenwick and Phillipson (n 43) 663, citing with approval WA Parent, ‘A New Definition of Privacy for the Law’ (1983) 2 Law&Phil 305, 306f (emphasis added).

¹⁶⁶ Axel Springer AG v Germany App No 39954/08 (ECtHR, 7 February 2012) para 83; cited with approval in ML & WW (n 120) para 88; NT1 & NT2 (n 82) para 111. However, see also Sciacca v Italy App No 50774/99 (ECtHR, 11 January 2005) para 29, where the ECtHR noted that the fact that the applicant was subject to criminal proceedings cannot curtail the scope of Article 8.

¹⁶⁷ Daily Times Democrat v Graham 162 So.2d 474 (1964).

¹⁶⁸ For a critique, see G Phillipson, ‘Press Freedom, the Public Interest and Privacy’ in A Kenyon (ed), Comparative Defamation and Privacy Law (CUP 2016) 136, 150; also LL Weinreb, ‘The Right to Privacy’ (2009) 17 Soc Philos Policy 43: ‘The so-called “waiver,” however, which rarely is explicit, consists of nothing but the fact that the information is not, in the circumstances, regarded as private.’ (internal marks omitted).

¹⁶⁹ ML & WW (n 120) para 88.

¹⁷⁰ NT1 & NT2 (n 82) paras 110–113; Schedule 3, Condition 5 of the Data Protection Act 1998, following Townsend v Google Inc. & Anor [2017] NIQB 81. Data Protection Directive (n 74) art 8(2)(e) (upon which Condition 5 is based) refers to ‘manifestly made public by the data subject’ (emphasis added).

¹⁷¹ Townsend v Google Inc. & Anor ibid.

¹⁷² ibid, para 62; NT1 & NT2 (n 82) para 110.

¹⁷³ NT1 & NT2 ibid, para 113, where Warby J had to gloss over the wording of ‘manifestly made public by the data subject’ in the Directive.

¹⁷⁴ GC and Ors (n 88) and see text accompanying n 95.

¹⁷⁵ F Schauer, ‘The Exceptional First Amendment’ in M Ignatieff (ed), American Exceptionalism and Human Rights (Princeton University Press 2005).

¹⁷⁶ See also n 65.

¹⁷⁷ NT1 & NT2 (n 82) para 133.

¹⁷⁸ F Brimblecome and GP Phillipson, ‘Regaining Digital Privacy? The New “Right to be Forgotten” and Online Expression’ (2018) 4 CJCCL 1.

¹⁷⁹ Axel Springer AG v Germany (n 166) para 87; Von Hannover v Germany (No 2) App No 40660/08 (ECtHR, 7 February 2012) para 106; Mityanin and Leonov v Russia App No 11436/06 (ECtHR, 7 May 2019) para 108; followed in NT1 & NT2 (n 82) para 132f.

¹⁸⁰ Markesinis et al (n 1) 155.

¹⁸¹ ibid.

¹⁸² Carmi (n 1) 334ff; RJ Krotoszynski Jr, ‘A Comparative Perspective on the First Amendment: Free Speech, Militant Democracy, and the Primacy of Dignity as a Preferred Constitutional Value in Germany’ (2004) 78 TulLawRev 1549, 1581–3; see also n 65 and accompanying text.

¹⁸³ Section 22 of the German Copyright Act, discussed in Von Hannover v Germany No 2 (n 179).

¹⁸⁴ Under section 23(1) of the same Act, the publication of pictures portraying aspects of contemporary society is exempted from the obligation to obtain the consent of the person concerned within the meaning of section 22.

¹⁸⁵ German Copyright Act, section 23(2). See also comparative discussion of ‘public figures’ in Markesinis et al (n 1) 144ff.

¹⁸⁶ Data Protection Directive (n 74) art 14(a).

¹⁸⁷ GDPR (n 8) arts 21(1), 17(1)(c).

¹⁸⁸ Zumbansen (n 1) 252f.