Document Type


Publication Date


Publication Citation

32 Connecticut Law Review 877 (2000)


The definition of privacy developed by Brandeis and Warren and Prosser, and effectively codified by Alan Westin in 1967 - the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others - worked well in a world in which most privacy concerns involved physical intrusions (usually by the government) or public disclosures (usually by the media), which, by their very nature, were comparatively rare and usually discovered.

But that definition's exclusive focus on individual control has grown incomplete in a world in which most privacy concerns involve data which we inevitably generate in torrents as go through our lives in an increasingly computerized, networked environment, and which can be collected and used by virtually anyone, usually without us knowing anything about it. Few of us have the awareness and expertise to consider trying to control all of the data we generate, few of us have the time or, frankly, even the incentive to attempt to do so, and the sheer volume of data, variety of sites where they are collected and used, and economic incentive for doing so would make the attempt laughably futile.

This is not to suggest that individual control should not be part of our understanding of privacy, but rather that it can no longer reasonably be considered the only part. This article identifies principles that should undergird the government's efforts to protect privacy and craft privacy norms, and then contrast the application of those principles in particular settings identified by Professor Paul Schwartz in his article Internet Privacy and the State.