Editing Right to privacy (section)

== Privacy laws in different jurisdictions ==
Privacy laws apply to both public and private sector actors.

=== Australia ===
{{see also|Privacy in Australian law}}
Australia does not have a constitutional right to privacy. However, the ''[[Privacy Act 1988]]'' ([[Commonwealth of Australia|Cth]]) provides a degree of protection over an individual's [[personally identifiable information]] and its usage by the government and large companies.<ref name="AU Research Note March 2005">{{citation|title=Do Australians have a legal right to privacy?|first=Morag|last=Donaldson|date=14 March 2005|access-date=14 November 2021|url=https://parlinfo.aph.gov.au/parlInfo/download/library/prspub/CBHF6/upload_binary/cbhf64.pdf|work=[[Parliament of Australia]]}}</ref> The ''Privacy Act'' also outlines the 13 Australian Privacy Principles.<ref>{{cite web|url=https://www.oaic.gov.au/privacy/australian-privacy-principles|title=Australian Privacy Principles|work=[[Office of the Australian Information Commissioner]]|access-date=14 November 2021|archive-date=14 November 2021|archive-url=https://web.archive.org/web/20211114123208/https://www.oaic.gov.au/privacy/australian-privacy-principles|url-status=live}}</ref>

Australia also lacks a [[tort]] against [[invasion of privacy|invasions of privacy]]. In the 2001 case of {{cite court |litigants=[[Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd]]|vol=208|reporter=[[Commonwealth Law Reports|CLR]]|opinion=199| postscript=none }}, the [[High Court of Australia]] explained that there stood the possibility of "a tort identified as unjustified invasion of privacy",<ref name="ABC v Lenah Game Meats">{{cite court |litigants=Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd|vol=208|reporter=[[Commonwealth Law Reports|CLR]]|opinion=199|pinpoint=pg. 249|court=[[High Court of Australia]]|date=15 November 2001|quote=In the course of his judgment, Latham CJ rejected the proposition that under the head of nuisance the law recognised a right of privacy (232). But the decision does not stand for any proposition respecting the existence or otherwise of a tort identified as unjustified invasion of privacy.}}</ref> but that this case lacked the facts to establish it.<ref name="AU Research Note March 2005"/> Since 2001, there have been some state-based cases{{emdash}}namely the 2003 case {{cite court |litigants=Grosse v Purvis|reporter=QDC|opinion=151| postscript=none }}; and the 2007 case {{cite court |litigants=Doe v Australian Broadcasting Corporation|reporter=VCC|opinion=281| postscript=none }}{{emdash}}that attempted to establish a tortious invasion of privacy, but these cases were settled before decisions could be made. Further, they have received conflicting analyses in later cases.<ref>{{cite web|title=A common law action for breach of privacy in Australia?|date=27 March 2014|access-date=14 November 2021|work=[[Australian Law Reform Commission]]|url-status=live|archive-url=https://web.archive.org/web/20211114122126/https://www.alrc.gov.au/publication/serious-invasions-of-privacy-in-the-digital-era-dp-80/3-overview-of-current-law/a-common-law-action-for-breach-of-privacy-in-australia/|archive-date=14 November 2021|url=https://www.alrc.gov.au/publication/serious-invasions-of-privacy-in-the-digital-era-dp-80/3-overview-of-current-law/a-common-law-action-for-breach-of-privacy-in-australia/}}</ref>

=== Canada ===
{{main|Canadian privacy law}}Canadian privacy law is derived from the [[common law]], statutes of the [[Parliament of Canada]] and the various provincial legislatures, and the ''[[Canadian Charter of Rights and Freedoms]]''. Perhaps ironically, Canada's legal conceptualization of privacy, along with most modern legal Western conceptions of privacy, can be traced back to Warren and Brandeis’s [[The Right to Privacy (article)|"The Right to Privacy"]] published in the ''Harvard Law Review'' in 1890, Holvast states "Almost all authors on privacy start the discussion with the famous article '[[The Right to Privacy (article)|The Right to Privacy]]' of Samuel Warren and Louis Brandeis".

=== China ===
The Constitution is the highest law in China. Privacy rights have been applied throughout China.<ref>Wang, Hao. ''Protecting Privacy in China: A Research on China's Privacy Standards and the Possibility of Establishing the Right to Privacy and the Information Privacy Protection Legislation in Modern China''. Heidelberg: Springer, 2011. Print.</ref> The Constitution provides direction for all states in China and it further stipulates that "all states must abide by and be held accountable for any violation of the Constitution and the law; the law specifically protects civil rights of a citizen's personal dignity and confidentiality of correspondence."<ref>{{Cite web|last=Horsley|first=Jamie P.|date=29 January 2021|title=How will China's privacy law apply to the Chinese state?|url=https://www.brookings.edu/articles/how-will-chinas-privacy-law-apply-to-the-chinese-state/|access-date=15 July 2021|website=Brookings|language=en-US}}</ref> China has a new standard and the first of its kind for the country coming into effect 1 January 2021, the Civil Code is the first of its kind sweeping law replacing all laws covering general provisions, real property, contracts, personality rights, marriage and family, inheritance, tort liability, and supplementary provisions.<ref>{{Cite web|title=The adoption of the Chinese Civil Code and its implications on contracts relating to China {{!}} Perspectives {{!}} Reed Smith LLP|url=https://www.reedsmith.com:443/en/perspectives/2020/06/the-adoption-of-the-chinese-civil-code-and-its-implications-on-contracts|access-date=16 July 2021|website=www.reedsmith.com|language=en}}</ref>

In many cases raised in the legal system, these rights have been overlooked as the courts have not treated each case with the same legal precedent for each case.  China deploys [[mass surveillance in China|mass surveillance]] on its population including through the use of [[closed-circuit television]].<ref>{{Cite web |title=The world's biggest surveillance system is growing—and so is the backlash |url=https://fortune.com/2020/11/03/china-surveillance-system-backlash-worlds-largest/ |access-date=2022-09-24 |website=Fortune |language=en}}</ref>

The 2021 [[Data Security Law of the People's Republic of China|Data Security Law]] classifies data into different categories and establishes corresponding levels of protection.<ref name=":Zhang">{{Cite book |last=Zhang |first=Angela Huyue |title=High Wire: How China Regulates Big Tech and Governs Its Economy |publisher=[[Oxford University Press]] |year=2024 |isbn=9780197682258}}</ref>{{Rp|page=131}} It imposes significant data localization requirements, in a response to the extraterritorial reach of the United States [[CLOUD Act]] or similar foreign laws.<ref name=":Zhang" />{{Rp|pages=250-251}}

The 2021 [[Personal Information Protection Law of the People's Republic of China|Personal Information Protection Law]] is China's first comprehensive law on personal data rights and is modeled after the European Union's [[General Data Protection Regulation]].<ref name=":Zhang" />{{Rp|page=131}}

=== European Union ===
[[File:Wikimania first day 7 Aug 2024-06.jpg|thumb|Lanyards of Wikimania Katowice 2024: the lanyard worn is blue when the person gives permission to be photographed, red when the person does not give permission]]
The right to privacy is protected in the EU by [[European Convention on Human Rights]] Article 8:
{{Blockquote
|text=1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
|multiline=yes
|source=[https://www.echr.coe.int/documents/d/echr/convention_ENG European Convention on Human Rights]
}}

Compared to the United States, the European Union (EU) has more extensive data protection laws.<ref name=":0">{{Cite journal|last1=Hoofnagle|first1=Chris Jay|last2=Sloot|first2=Bart van der|last3=Borgesius|first3=Frederik Zuiderveen|date=2 January 2019|title=The European Union general data protection regulation: what it is and what it means|journal=Information & Communications Technology Law|volume=28|issue=1|pages=65–98|doi=10.1080/13600834.2019.1573501|issn=1360-0834|hdl=11245.1/8a9b1909-1ce8-478f-b3fc-be5126911846|s2cid=86416362|url=https://dare.uva.nl/personal/pure/en/publications/the-european-union-general-data-protection-regulation-what-it-is-and-what-it-means(8a9b1909-1ce8-478f-b3fc-be5126911846).html |hdl-access=free}}</ref>

The [[General Data Protection Regulation]] (GDPR) is an important component of EU [[privacy law]] and of [[human rights law]], in particular Article 8(1) of the [[Charter of Fundamental Rights of the European Union]].

Under GDPR, data about citizens may only be gathered or processed under specific cases, and with certain conditions. Requirements of data controller parties under the GDPR include keeping records of their processing activities, adopting data protection policies, transparency with data subjects, appointing a Data Protection Officer, and implementing technical safeguards to mitigate security risks.{{Citation needed|date=June 2024}}

=== Council of Europe ===

The [[Council of Europe]] gathered to discuss the protection of individuals when the Convention Treaty No.108 was created and opened for signature by member states and for accession by non-member States.<ref name="Full list">{{Cite web|title=Full list|url=https://www.coe.int/en/web/conventions/full-list|access-date=12 June 2021|website=Treaty Office|language=en-GB}}</ref>

The Convention closed and was then renamed Convention 108: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.

Convention 108 has undergone 5 ratifications with the last ratification 10 January 1985 officially changing the name to Convention 108+ and providing the summary stating the intent of the treaty as:

<blockquote>''The first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data, and which seeks to regulate at the same time the transfrontier flow of personal data.<ref name="Full list"/>''</blockquote>

Increase use of the Internet and technological advancement in products lead to the Council of Europe to look at Convention 108+ and the relevance of the Treaty in the wake of the changes.

In 2011 the modernization of Convention 108+ started and completed in 2012 amending the treaty with Protocol CETS No223.<ref>{{Cite web|last=Communication|first=C 2017, ABC Design &|title=Тhe Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal has been adopted – КЗЛД|url=https://cpdp.bg/en/index.php?p=news_view&aid=1235|access-date=12 June 2021|website=cpdp.bg|language=en-US}}</ref>

This modernization of Convention 108+ was in progress while the EU data protection rules were developed, the EU data protection rules would be adapted to become the GDPR.

=== India ===
{{main|Right to Privacy verdict|Digital Personal Data Protection Act, 2023}}

The new [[data sharing]] policy of WhatsApp with Facebook after Facebook acquired WhatsApp in 2014 has been challenged in the Supreme Court. The Supreme Court must decide if the right to privacy can be enforced against private entities.<ref>{{Cite news|url=http://scobserver.clpr.org.in/cases/whatsapp-facebook-privacy-case/|title=Whatsapp-Facebook Privacy Case – Supreme Court Observer|work=Supreme Court Observer|access-date=5 January 2018|language=en-US}}</ref>

The [[Supreme Court of India|Indian Supreme Court]] with nine-judge bench under [[Jagdish Singh Khehar|JS Khehar]], [[Right to Privacy verdict|ruled on 24 August 2017]], that the right to privacy is a fundamental right for Indian citizens per Article 21 of the Constitution and additionally under Part III rights. Specifically, the court adopted the three-pronged test required for the encroachment of any Article 21 right – legality{{snd}}i.e. through an existing law; necessity, in terms of a legitimate state objective and proportionality, that ensures a rational nexus between the object of the invasion and the means adopted to achieve that object.<ref>{{Cite news |last=Rajagopal |first=Krishnadas |date=2017-08-24 |title=Right to privacy inherently protected under fundamental freedoms in Constitution: Supreme Court |language=en-IN |work=The Hindu |url=https://www.thehindu.com/news/national/privacy-is-a-fundamental-right-under-article-21-rules-supreme-court/article62042245.ece |access-date=2022-09-24 |issn=0971-751X}}</ref>

This clarification was crucial to prevent the dilution of the right in the future on the whims and fancies of the government in power.<ref>{{cite web|url=https://thewire.in/170988/right-to-privacy-supreme-court-2/|title=For the Many and the Few: What a Fundamental Right to Privacy Means for India |website=The Wire|access-date=31 March 2018}}</ref> The Court adopted a liberal interpretation of the fundamental rights to meet the challenges posed an increasing digital age. It held that individual liberty must extend to digital spaces and individual autonomy and privacy must be protected.<ref>{{Cite web|title=Supreme Court Observer |url=https://www.scobserver.in/court-case/fundamental-right-to-privacy/judgement-of-the-supreme-court-in-plain-english-i|access-date=8 July 2020|website=scobserver.in}}</ref>

This ruling by the Supreme Court paved the way for decriminalization of homosexuality in India on 6 September 2018, thus legalizing same-sex sexual intercourse between two consenting adults in private.<ref>{{Cite news|url=https://www.thequint.com/india/2017/08/24/supreme-court-verdict-right-to-privacy|title=Too Lazy to Read Right to Privacy Ruling? Here's the TL;DR Version|work=The Quint|access-date=25 August 2017|language=en}}</ref> India is the world's biggest democracy and with this ruling, it has joined United States, Canada, South Africa, the European Union, and the UK in recognizing this fundamental right.<ref>{{Cite web|url=https://andhrastar.com/india-privacy-fundamental-right/|title=Andhrastar – Breaking News, Andhra News, Telangana News, India News, Bollywood, Tollywood News, World News|website=andhrastar.com|language=en-us|access-date=25 August 2017}}</ref>

India's Data Protection law is known as [[Digital Personal Data Protection Act, 2023]].

=== Israel ===
In [[Israel]] privacy protection is a constitutional basic right and is therefore protected by the Basic Law. Basic Law: the Knesset passed on 12 February 1958, by the [[Third Knesset]].<ref>{{Cite web |title=Basic Laws |url=https://m.knesset.gov.il/en/activity/pages/basiclaws.aspx|access-date=24 July 2021|website=The Knesset}}</ref> The Twelfth Knesset update to the Basic Law occurred on 17 March 1992. This update added to the law Human Dignity and Liberty by defining: Human freedom in Israel as being the right to leave the country and enter it, as well as the right to privacy and intimacy, refrainment from searches relating to one's private property, body and possessions, and avoidance of violations of the privacy of one's speech, writings and notes.

October 2006 Israel established a regulatory authority, the PPA, part of the Ministry of Justice. PPA defined the Privacy Law and associated regulates based on two principles: general right to online privacy and the protection of personal data stored in databases.<ref>{{Cite web |url=https://www.gov.il/en/departments/the_privacy_protection_authority/govil-landing-page |access-date=27 August 2023 |title=The Privacy Protection Authority |website=www.gov.il}}</ref>

=== New Zealand ===
{{excerpt|Right to privacy in New Zealand}}
=== Russia ===
The Constitution of the Russian Federation: Article 45 states:<ref>{{Cite web|title=Official Website of the Government of the Russian Federation / The Russian Government|url=http://archive.government.ru/eng/gov/base/54.html#:~:text=Article%2045-,1.,means%20not%20prohibited%20by%20law.|access-date=24 July 2021|website=archive.government.ru}}</ref>

# State protection of human and civil rights and freedoms in the Russian Federation shall be guaranteed.
# Everyone shall the right to protect his (her) rights and freedoms by all means not prohibited by law.

{{Main article|Data protection (privacy) laws in Russia}}

The Russian Constitution specifically articles 23 and 24, institutes individual citizen the right to privacy.  Russia, a member of the [[Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data|Strasbourg Convention]], ratified processing of personal data against automatic processing and afterwards adopted a new convention. The new Russian Federal Law No.152-FZ R implemented on 27 July 2006, was updated to cover Personal Data and this law extends privacy to include personal and family secrets. Its main target is to protect individuals' personal data.

Privacy entered the forefront of Russian legislature in 2014 when the approach to privacy turned to the goal of protecting privacy of government operations and the people of Russia. The amendments originally modified the Personal Data Law which has since been renamed The Data Localisation Law. The new law requires business operators who collect any information on Russian citizens' must maintain the collected data locally. This means that data transmission, processing, and storage must be in a database in Russia. 1 March 2021, the new amendment came into effect. Consent from the data subject is required if the data operator wants to use the data publicly.<ref>{{Cite news|title=Russia: Amendments to the Federal Law On Personal Data Takes Effect|url=https://www.natlawreview.com/article/russia-amendments-to-federal-law-personal-data-takes-effect|access-date=9 April 2021|website=The National Law Review|language=en}}</ref>

=== United States ===
{{main|Privacy laws of the United States}}
The [[Constitution of the United States]] and [[United States Bill of Rights]] do not explicitly include a right to privacy.<ref name="UMKC">{{Cite web|title=The Right of Privacy The Issue: Does the Constitution protect the right of privacy? If so, what aspects of privacy receive protection?|url=http://law2.umkc.edu/faculty/projects/ftrials/conlaw/rightofprivacy.html|access-date=29 September 2020|publisher=University of Missouri – Kansas City School of Law}}</ref> Currently no federal law takes a holistic approach to privacy regulation.

In the US, privacy and expectations of privacy have been determined via court cases. Those protections have been established through court decisions provide a reasonable expectations of privacy.

The [[Supreme Court of the United States|Supreme Court]] in ''[[Griswold v. Connecticut]], 381 U.S. 479'' (1965) found that the Constitution guarantees a right to privacy against governmental intrusion via ''[[Penumbra (law)|penumbras]]'' located in the founding text.<ref name="Vil">{{Cite web|author=R.H. Clark|year=1974|title=Constitutional Sources of the Penumbral Right to Privacy|url=https://digitalcommons.law.villanova.edu/cgi/viewcontent.cgi?article=2046&context=vlr|access-date=29 September 2020|publisher=Villanova Law Review|volume=19}}</ref>

In 1890, Warren and Brandeis drafted an article published in the ''[[Harvard Law Review]]'' titled "The Right To Privacy" that is often cited as the first implicit finding of a U.S. stance on the right to privacy.<ref name="Brandeis"/>

Right to privacy has been the justification for decisions involving a wide range of [[civil liberties]] cases, including ''[[Pierce v. Society of Sisters]]'', which invalidated a successful 1922 [[Oregon]] [[Popular initiative|initiative]] requiring compulsory [[State school|public education]]; ''[[Roe v. Wade]]'', which struck down an abortion law from [[Texas]], and thus restricted state powers to enforce laws against abortion; and ''[[Lawrence v. Texas]]'', which struck down a Texas [[sodomy law]], and thus eliminated state powers to enforce laws against [[sodomy]]. ''[[Dobbs v. Jackson Women's Health Organization]]'' later overruled ''Roe v. Wade'', in part due to the [[Supreme Court of the United States|Supreme Court]] finding that the right to privacy was not mentioned in the constitution,<ref>{{Cite news |title=Supreme Court overturns Roe v. Wade, ending right to abortion upheld for decades |language=en |work=NPR.org |url=https://www.npr.org/2022/06/24/1102305878/supreme-court-abortion-roe-v-wade-decision-overturn |access-date=2022-06-25}}</ref> leaving the future validity of these decisions uncertain.<ref>{{Cite web |last=Frias |first=Lauren |title=What is Griswold v. Connecticut? How access to contraception and other privacy rights could be at risk after SCOTUS overturned Roe v. Wade |url=https://www.businessinsider.com/contraception-access-privacy-rights-at-risk-overturned-roe-v-wade-2022-6 |access-date=2022-06-25 |website=Business Insider |language=en-US}}</ref>

Legally, the right of privacy is a basic law<ref>{{Cite web|title=The Legal Right to Privacy {{!}} Stimmel Law|url=https://www.stimmel-law.com/en/articles/legal-right-privacy|access-date=25 June 2021|website=www.stimmel-law.com}}</ref> which includes:

# The right of persons to be free from unwarranted publicity
# Unwarranted appropriation of one's personality
# Publicizing one's private affairs without a legitimate public concern
# Wrongful intrusion into one's private activities

However, outside of recognized private locations, American law, for the most part, grants next to no privacy for those in public areas. In other words, no verbal or written consent is needed to take photos or videos of those in public areas.<ref name="krages_photo_rights">{{cite web |url=http://www.krages.com/ThePhotographersRight.pdf |title=The Photographer's Right |author=Krages II, Bert P |access-date=2009-06-17 |archive-date=2020-12-10 |archive-url=https://web.archive.org/web/20201210233720/http://www.krages.com/ThePhotographersRight.pdf |url-status=live }}</ref> This laxness extends to potentially embarrassing situations such as when actress [[Jennifer Garner]] bent over to retrieve something from her car and revealed her [[thong underwear]] to create a [[whale tail]]. Because the photographer took the photo in a public location, in this case a pumpkin patch, circulating the photo online was a legal act.<ref>{{cite web |url= https://radaronline.com/photos/jennifer-garner-underwear-pumpkin-patch-photos/|title= Jennifer Garner Suffers Another Wardrobe Malfunction At Pumpkin Patch – See The Photos!|publisher=Radar Online |date=2014-10-30 |access-date=2024-10-12 }}</ref>

For the health care sector where medical records are part of an individual's privacy, The Privacy Rule of the Health Insurance Portability and Accountability Act was passed in 1996. This act safeguards medical data of the patient which also includes giving individuals rights over their health information, like getting a copy of their records and seeking correction.<ref>{{Cite web |title=Health Insurance Portability and Accountability Act of 1996 {{!}} CMS |url=https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/Privacy/Health%20_Insurance_Portability_and_Accountability_Act_of_1996 |access-date=2022-09-21 |website=www.cms.gov}}</ref> Medical anthropologist [[Khiara Bridges]] has argued that the [[Medicare (United States)|US Medicare]] system requires so much personal disclosure from pregnant women that they effectively do not have privacy rights.<ref>{{cite book |last1=Bridges |first1=Khiara M. |title=The poverty of privacy rights |date=2017 |isbn=978-0-8047-9545-6 |location=Stanford, California}}</ref>

==== CCPA ====
In 2018, California set out to create a policy promoting data protection, the first state in the United States to pursue such protection. The resulting effort is the [[California Consumer Privacy Act]] (CCPA), reviewed as a critical juncture where the legal definition of what privacy entails from California lawmakers' perspective. The California Consumer Protection Act is a privacy law protecting the residents of California and their [[Personal identifying information]]. The law enacts regulation over all companies regardless of operational geography protecting the six Intentional Acts included in the law.<ref>{{Cite web |date=2018-10-15 |title=California Consumer Privacy Act (CCPA) |url=https://oag.ca.gov/privacy/ccpa |access-date=2022-09-24 |website=State of California - Department of Justice - Office of the Attorney General |language=en}}</ref>

The intentions included in the Act provide California residents with the right to:

# Know what personal data is being collected about them.
# Know whether their personal data is sold or disclosed and to whom.
# Say no to the sale of personal data.
# Access their personal data.
# Request a business to delete any personal information about a consumer collected from that consumer.
# Not be discriminated against for exercising their privacy rights.