This is page 3 of:
Supreme Court Casts Doubt On Whether Privacy Laws Control Retailers
So what the Court found was this:
1. Collecting personal information about doctors is “speech.”
2. That “speech” is protected under the Constitution.
3. The information collected belongs to the collector.
4. Restricting the use of that information for marketing purposes is a “content-based” ban.
5. Such a ban is subject to “strict scrutiny.”
6. The government’s interest in protecting privacy is not sufficient if it allows other uses of the information apart from marketing.
What does it all mean? The Court seemed most concerned about the fact that the statute was aimed only at marketers and only at their use of this information for targeted marketing. The government, the six Justices in the majority felt, was trying to favor doctors over pharmaceutical manufacturers. The Court noted:
“The capacity of technology to find and publish personal information, including records required by the government, presents serious and unresolved issues with respect to personal privacy and the dignity it seeks to secure. In considering how to protect those interests, however, the State cannot engage in content-based discrimination to advance its own side of a debate.
“If Vermont’s statute provided that prescriber-identifying information could not be sold or disclosed except in narrow circumstances then the State might have a stronger position. Here, however, the State gives possessors of the information broad discretion and wide latitude in disclosing the information, while at the same time restricting the information’s use by some speakers and for some purposes, even while the State itself can use the information to counter the speech it seeks to suppress. Privacy is a concept too integral to the person and a right too essential to freedom to allow its manipulation to support just those ideas the government prefers.”
All privacy laws, the Vermont statute included, attempt to restrict the collection and use of information. Like the Vermont law struck down, the government “favors” one use of personal information (say, for the purpose for which it was collected) and disfavors another (say, marketing or defamation.) Privacy law begins with the assumption that the data subject retains some rights or interests in their information. The U.S. Supreme Court appears to reject that assumption—at least for information about professionals.
So how far does this decision go? The three dissenting Justices—Breyer, Ginsburg and Kagan—point out that the many laws that restrict the use of personal information collected for one purpose to be used for another are called into question, such as laws that restrict the use of credit scores for finding new customers or the use of medical records to identify new patients. These laws are potentially unconstitutional.
For example, the Song-Beverly Act, which restricts the use of personal information in California for marketing, may suffer the same infirmities as the Vermont statute. In fact, if marketing to people based upon information you have collected (or purchased) is constitutionally protected speech, then restrictions like “opt in” must be the least burdensome, so “opt out” may become the norm if permitted.
Is that what the Court meant to do? In the end, we don’t know.
My advice here would be the same as if you were attacked by a bear: Stand very still and don’t make any sudden movements. Keep protecting and respecting privacy and adhering to privacy laws.
But if you are sued, this decision may present you with a substantial legal defense on constitutional grounds.
If you disagree with me, I’ll see you in court, buddy. If you agree with me, however, I would love to hear from you.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
