Over on Concurring Opinions, Dan Solove provides some thoughts on the different claims made in the case where a judge is suing the Cleveland Plain Dealer. One of the points Dan raises is that the plaintiffs did not claim breach of confidentiality, which may be a missed opportunity for us all. In an article in Columbia Law Review last year, Rethinking Free Speech and Civil Liability, Solove and Neil Richards wrote (footnotes omitted):
Although breach of confidence has long been neglected in American law, it is increasing in importance. The breach of confidentiality tort has been the primary tort protecting privacy in England, and it has its foundations in the same cases as the American version of the tort. The English tort is quite robust in its application—friends, spouses, lovers, and nearly anybody else can be liable for breaching a duty of confidentiality. In the United States, the breach of confidentiality tort has developed more slowly and narrowly than the English version, and it applies primarily to certain professionals such as attorneys and doctors, and to institutions like banks and hospitals. During the past few decades, however, the breach of confidentiality tort has undergone a tremendous expansion in America, and it continues to grow. If the American tort develops to resemble its English cousin, then it could play a potent role in the protection of information privacy.
At the doctrinal level, the breach of confidentiality tort lacks many of the limitations of the public disclosure of private facts tort. The public disclosure tort creates liability when a person widely discloses “a matter concerning the private life of another” that is “highly offensive to a reasonable person” and “not of legitimate concern to the public.” In contrast, the breach of confidentiality tort contains no requirement that the information disclosed be “highly offensive” or not of legitimate public concern. Under the breach of confidence tort, a “defendant is not released from an obligation of confidentiality merely because the information learned constitutes a matter of legitimate public interest.” Although much information gleaned in connection with a person’s relationships with lawyers, doctors, bankers, or others might be of legitimate public concern, the breach of confidentiality tort lacks a newsworthiness requirement because the law recognizes the importance of ensuring trust and candor in these relationships.
It would be great if litigators were incorporating some of the strategies and arguments that law profs such as Solove and Richards have articulated. But how would a duty of confidentiality play out in terms of web sites? What does a privacy policy or terms of use statement have to explicitly say that would convey or trigger a duty of confidentiality? If a privacy policy is simply that — a policy, but not a contract — where is the basis for claiming that the site has a duty to keep information confidential?
Over on MediaPost, Wendy Davis got some reactions from some other attorneys:
Sam Bayard, assistant director of the Citizen Media Law Project, says it’s hard to predict how a court will view the paper’s decision. “I certainly think it broke expectations,” he says. “Whether it breached the contract is another question.”
Media law expert Marc Randazza says the language in the paper’s privacy policy appears “loose enough that they’ll be able to wriggle their way out of it.”
Nonetheless, he says, the paper’s actions were questionable. “If you create a system where you can post under a pseudonym, and you do have a privacy policy that leads people to believe you’re going to protect people’s identity, that’s something you should do,” he says.
Indeed. And I still think that maybe we need to ask the FTC to look at this issue. Is it an unfair business practice for an entity to post a privacy policy that is so full of holes that they can pretty much get away with disclosing your identity just because they don’t like something you said?