Invasion of Privacy – California Laws
In the information-driven age we live in, privacy has recently become an issue of significant importance. Most still disregard it, be it a tech giant or a website owner. We must admit, almost all of us are guilty of clicking the "I agree" button after being asked to read the terms of agreement upon installing an app or visiting a website – even though we have no idea what these terms are about. Little did we know that doing so allows companies to use our data at no cost to them. Therefore, we have made ourselves vulnerable to personal security and safety risks.
In some cases, our information – such as court documents concerning a previous conviction or grant of a name change petition – is out in the open without knowing nor consenting to its publication on the internet.
With the alarming rise of cases involving robbery, burglary, and home invasion, we must be particularly conscious of the information about us made available to the public. Imagine information about you being passed from one company to another without concern for any moral or ethical considerations – all in the name of marketing and profits. Worst of all, information about you could be online without your knowledge or consent, or it may even be published against your will.
The question is: Do we have a recourse when our privacy has been invaded?
Recognizing Your Right to Privacy
Almost all too often, website owners will not provide an opt-out option to have your information taken down. They might even make it very difficult for you to have your information removed, leading you to suffer sleepless nights and anxiety.
In such cases, we can assist in asserting your right to privacy by filing an appropriate court action, such as a motion to conceal court records or demand for its removal by sending a cease-and-desist correspondence to these crooked website owners.
Luckily, in California, our right to privacy has been recognized as early as 1931 in the case of Melvin v. Reid (1931), 112 Cal. App. 285, 290. Since then, claims against those who have committed invasion of the right to privacy have been successfully pursued with the assistance of great attorneys.
Presently, privacy tort has been recognized as an integral part of common law that seeks to prevent others from intruding on your private life, publicly disclosing private information about you, or casting you in a false light. Today, California recognizes traditional sources of privacy tort, which has been codified in the civil code. With continuing pressure mounting upon government authorities to address the issues on privacy, California has enacted the California Consumer Privacy Act of 2018 (CCPA). It was later amended by the California Privacy Rights Act of 2020 (CPRA), providing consumers with a distinct set of rights, which may be invoked against businesses collecting personal information from consumers.
The Four Traditional Common Law Privacy Torts
The four traditional common law privacy torts are as follows:
Public Disclosure of Private Facts
This tort seeks to protect individuals against the publication of private personal information. Action arising from this tort may be had in cases when someone improperly shares private information about another person. This is especially true today, considering that we have the internet, making it easier to publicly disclose facts even if they are not ours.
In such cases, it is necessary to prove that publishing private information:
- Was not done out of a legitimate concern for the public,
- Was not highly offensive to a reasonable person, and
- Was a factor that caused harm to the plaintiff.
The tort usually applies when your information, photo, or any data has been published online without your knowledge or consent. In such cases, claims may be pursued against the person who made the undue public disclosure.
Relevant statutory law applicable in such cases is as follows:
"One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public."
(Rest.2d Torts, § 652D.)
To explain, the court in the case of Shulman v. Group W Productions citing Diaz v. Oakland Tribune, Inc. (1983), 139 Cal. App. 3d at page 126, discussed the following elements of public disclosure tort:
- Public disclosure
- of a private fact,
- which would be offensive and objectionable to the reasonable person and
- which is not of legitimate public concern.
However, an exception to the rule under California common law has also been established. Disseminating truthful, newsworthy material is not considered publishing private facts. (See Shulman v. Group W Productions, Kapellas v. Kofman (1969) 1 Cal. 3d at pp. 35-36; Diaz v. Oakland Tribune, Inc. (1983), 139 Cal. App. 3d at p. 126; Rest.2d Torts, § 652D.)
False Light
Actions arising from this tort may be had when one creates a false impression about another.
For the case to succeed, it must be proven that:
- The information published led to a false impression,
- A reasonable person would consider the false impression highly offensive,
- The defendant knew the information would create a false impression or was reckless in that regard, and
- The defendant's actions had a substantial role in causing the plaintiff harm.
The tort of false light is sought to protect individuals from unwanted publicity.
Relevant statutory law applicable in such cases is as follows:
"One who gives publicity to a matter concerning another that places the other before the public in a false light is subject to liability to the other for invasion of his privacy if (a) the false light in which the other was placed would be highly offensive to a reasonable person, and (b) the actor had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed" Restatement (Second) of Torts Sec. 652 E (1977)
Intrusion into Private Affairs
This tort refers to situations when a person's real or virtual private space is invaded.
For the claim to succeed, it must be proven that:
- An intentional intrusion occurred in a place where a person had a reasonable expectation of privacy,
- A reasonable person would have found the intrusion highly offensive, and
- The defendant's actions were a substantial factor in causing the plaintiff harm.
The tort covers unconsented physical intrusion into the home, hospital or other places, the privacy of which is legally recognized.
The scope of the tort even extends to unwarranted:
- Eavesdropping,
- Wiretapping, and
- Visual or photographic spying.
Relevant statutory law applicable in such cases is found in Restatement (Second) of Torts Sec. 652 B (1977):
"[O]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person."
In the case of Miller v. National Broad Co., 187 Cal. App. 3d 1463, 1482 (Cal. Ct. App. 1986) (Miller), the court has made an exhaustive discussion of the applicability of this tort. In Miller, a news organization videotaped the work of emergency medical personnel; hence, the court adopted the Restatement's formulation of the case of action quoted above (Miller, supra, 187 Cal. App. 3d at p. 1482).
For the intrusion to be considered an actionable claim, it must be proven that the defendant:
- Broke a physical or sensory privacy surrounding of the plaintiff, or
- Gained unauthorized access to data about the plaintiff.
Hence, it must be shown that "the plaintiff had an objectively reasonable expectation of seclusion or solitude in the place, conversation, or data source" (See, Rest.2d Torts § 652B, com. c., p. 379; see also, PETA v. Bobby Berosini, Ltd. (1995) 111 Nev. 615 [895 P.2d 1269, 1280-1281]).
Right to Publicity
Action arising from this type of tort may be had when an unauthorized appropriation of a person's identity occurs in connection with the sale, solicitation, or advertising of commercial products and services.
Relevant statutory law applicable in such cases is as follows:
"One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy" Restatement (Second) of Torts Sec. 652 C (1977)
Elements for a cause of action for misappropriation of name and likeness are as follows:
- The defendant used the plaintiff's identity,
- The defendant used the plaintiff's name or likeness for their own advantage – commercially or otherwise,
- The defendant did not have the plaintiff's consent, and
- The use of the plaintiff's identity resulted in injury.
Not all instances, however, require the consent of the plaintiff.
California Civil Code has provided some exceptions, such as:
- The use of a name, voice, signature, photograph, or likeness in connection with any news, public affairs, or sports broadcast or account, or any political campaign under Cal. Civ. Code § 3344 (d); and
- The use of a name, voice, signature, photograph, or likeness in a commercial medium solely because the material containing such use is commercially sponsored or contains paid advertising (rather it shall be a question of fact whether or not the use was "so directly connected with the commercial sponsorship or with the paid advertising as to constitute a use for which consent is required") under Cal. Civ. Code § 3344 (e).
Lastly, tort against unwanted publicity is available, not only to living persons but also to deceased individuals. Protections against commercial exploitation extend to a deceased personality's name, voice, signature, photograph, or likeness as provided under Cal. Civ. Code § 3344.1.
Negligence as a Cause of Action
Claims arising from this type of tort are appropriate in cases when the defendant's negligence placed the plaintiff in a position of foreseeable risk, causing the latter to suffer injuries. The premise of this claim is based on the failure to exercise reasonable care in the circumstances. For example, say the defendant posts videos showing the plaintiff's residence in detail. Despite notice of the risks, he refused to take the videos down. The refusal constitutes negligence. This action may hold him liable if the plaintiff suffers injury because the defendant's conduct put the plaintiff in foreseeable danger.
The relevant statute is found in Civil Code § 1714, which states:
(a) Everyone is responsible, not only for the result of his or her willful acts, but also for an injury occasioned to another by his or her want of ordinary care or skill in the management of his or her property or person, except so far as the latter has, willfully or by want of ordinary care, brought the injury upon himself or herself. The design, distribution, or marketing of firearms and ammunition is not exempt from the duty to use ordinary care and skill that is required by this section. The extent of liability in these cases is defined by the Title on Compensatory Relief.
In one of the cases decided by the Superior Court of California, Weirum v. RKO General, Inc. 15 Cal.3d 40 (1975), the court affirmed the award of damages to the plaintiff. In this case, a rock radio station (defendant) with an extensive teenage audience conducted a contest to locate a roaming disc jockey. During their pursuit, one of the minors – who participated in the contest and followed the disc jockey's automobile – negligently forced a car off the highway, killing its sole occupant.
The court supported the finding of foreseeable risk, stating that "It was foreseeable that defendant's youthful listeners, finding the prize had eluded them at one location, would race to arrive first at the next site and in their haste would disregard the demands of highway safety."
"[T]he concept of foreseeability of risk of harm in determining whether a duty should be imposed is to be distinguished from the concept of "foreseeability" in two more focused, fact-specific settings' to be resolved by a trier of fact. 'First, the [trier of fact] may consider the likelihood or foreseeability of injury in determining whether, in fact, the particular defendant's conduct was negligent in the first place. Second, foreseeability may be relevant to the [trier of fact's] determination of whether the defendant's negligence was a proximate or legal cause of the plaintiff's injury.'" (Burns v. Neiman Marcus Group, Inc. (2009) 173 Cal.App.4th 479, 488, fn. 8 [93 Cal.Rptr.3d 130], internal citation omitted.)
Consumers Right to Privacy in California
The California Consumer Privacy Act of 2018 (CCPA) is a statutory law specifically designed to increase consumers' control over the information businesses collect about them, providing new privacy rights for California consumers. In line with this, CCPA regulations offer guidance on how the law is carried out.
On November 3, 2020, California voters passed Proposition 24, a ballot initiative to amend and strengthen the CCPA. The passage of Prop 24 led to the enactment of the California Privacy Rights Act (CPRA) of 2020, which takes effect on January 1, 2023. The new law aims to provide new rights on privacy and expand those the CCPA established, such as allowing consumers to take legal action when a business does not safeguard their information and causes it to be exposed. Additionally, it creates the California Privacy Protection Agency.
Under the CCPA, consumers have the following rights:
-
Right to know: Consumers can ask businesses what information they have collected, used,
shared, or sold and why. Specifically, they can ask the following about
the personal information collected:
- The categories
- The specific pieces
- The purpose of using it
- The categories the business shared with third parties
- The categories the business sold or disclosed to third parties
The business must provide, without charge, data for the 12 months before the request was made.
- Right to delete: Consumers can request that businesses delete the information collected about them and have any third parties do the same. However, exceptions exist, allowing the business to keep the data.
- Right to opt-out: Consumers are now entitled to the right to request that businesses stop selling personal information ("opt-out"). With some exceptions, businesses cannot sell personal information after they receive an opt-out request from a consumer unless authorization is given again. A business cannot ask a consumer to opt back in until 12 months have passed since the opt-out request was made.
- Right to non-discrimination: Consumers who have exercised their rights under CCPA may not be discriminated against by businesses for that reason. Acts of discrimination by businesses may be in the form of denial of goods or services, charging a consumer a different price, or providing a different level or quality of goods or services.
However, the right does not apply when the consumer refuses to give personal information or opts out of selling personal information and such is necessary to provide goods or services, as the business would be unable to complete the transaction.
Under the CPRA, consumers have the following rights:
- Right to correct inaccurate information: Consumers may now request to have inaccurate information about them corrected, considering what the information is and how it's processed. When a business receives a verifiable consumer request, it must make reasonable efforts to correct the information (with some exceptions).
-
Right to have personal information collected subject to data minimization
and purpose limitations: Use of personal information by businesses is now limited to what is "reasonably
necessary and proportionate" to complete the transaction the information
was collected for or for a related purpose. Business purposes include:
- Counting and verifying the position and quality of ad impressions
- Ensuring security and integrity, provided the consumer's information is reasonably needed to do this
- Fixing errors
- Temporary use
- Performing services for the business
- Providing advertising and marketing services
- Conducting internal research to develop technology or for demonstration purposes
- Maintaining the quality or safety of a service or device
-
Right to receive notice from businesses planning on using sensitive personal
information and ask them to stop: If a business is going to collect and/or use consumers' personal information,
it should, before or when the information is being collected, let the
consumer know that such is happening. With this, consumers can request
that the business not sell, share, or use their information.
Such information includes:
- Social Security, driver's license, state ID, or passport numbers
- Account log-in, financial account, or debit card or credit card numbers along with the access code, password or credentials
- Precise geolocation
- Racial or ethnic origin, religious or philosophical beliefs, or union membership
- Contents of mail, email and text messages
- Genetic data
- Biometric information for the purpose of identifying someone
- Information collected and analyzed concerning a person's health, sex life, or sexual orientation
Rights expanded upon under the CPRA include:
- Right to access information: Consumers have the right to know what information was collected about them regardless of when it was collected unless it would be impossible or unreasonable to retrieve the data.
- Right to opt-out of sharing information with third parties: The CPRA addressed ambiguities surrounding the CPPA by clearly stating that consumers can opt-out of their information being shared with or sold to third parties.
- Right to sue businesses when they expose usernames and passwords: The CPPA has already given consumers the right to sue businesses when their information is exposed in a data breach because of lax security measures. The CPRA extends this right to include data breaches involving usernames and passwords.
Do you believe that your right to privacy has been invaded? Call Second Chances Law Group at (626) 827-7222 or contact us online today.