1.  Since there is no theoretical or legal universally applicable umbrella concept of the right to privacy it is important how we structure our thinking around this particular right. There is no scholarly consensus on whether it is possible or even desirable to define a universal right to privacy. National differences as regards legal traditions together with political and cultural pluralism make such an endeavour difficult. Nevertheless, Krotoszynski makes a compelling argument for the construction of a global understanding of privacy from the bottom up (2016).

2.  The right to privacy can be both negatively and positively defined. The negative right to privacy entails that individuals are protected from unwanted intrusion by both the state and private actors into their private life, especially features that define their personal identity such as sexuality, religion, and political affiliation, ie the inner core of a person’s private life (LGBTI rights; freedom of conscience and religion or belief). The positive right to privacy entails an obligation of states to remove obstacles for an autonomous shaping of individual identities (Espinosa 970).

3.  The right to be left alone is a crucial aspect of the right to privacy. Historically, when referring to privacy and the respect for private life one has primarily referred to the sanctity of home, correspondence, bodily integrity and family (Schulhofer; right to a family life). Expectations of privacy are in general high in this particular context hence the laws that regulate seizures and searches. In comparative constitutional law there is also a right to privacy in public places—the scope of which varies considerably between different constitutional systems. The constitutional protection of privacy in public spaces in several European states is more generous than in US constitutional law, while Canada is to be found somewhere in between.

4.  Privacy as autonomy takes its starting point in and presupposes territorial- and bodily integrity. It is however broader and rests on the idea of privacy as necessary for individuals to be able to develop their own persona in order for them to free and well-functioning members of society and in order to achieve self-government. Therefore, within the private sphere individuals should be free to seek information and make intimate and private decisions related to for example religion, ethnic identity (ethnicity), sexuality, family life, etc. In several jurisdictions these questions are dealt with under the auspices of security of the person (Canada), human dignity (Germany, South-Africa), and equality (right to security; dignity and autonomy of individuals).

5.  The third stepping-stone to achieve privacy is control of personal data, the main question being what personal data do we own and what constitutional protection do personal data have? Data protection regimes focus on and regulate the content of the data, for what purpose it has been collected, how the data can be used, and under what legal conditions it can be shared between different parties. Several qualifications should be fulfilled in order for the collection, storage and use of personal data to be in congruence with the right to privacy, for ex content (certain data may not be collected and registered), processing (by whom and how, for what purpose and for how long), and control (external and internal control), and the right to access to information for the person who the data concerns. Data protection is especially important within the area of law enforcement cooperation and medical law.

6.  Internet and the digital era have introduced a new space within which privacy rights must be considered. This question arose in the aftermath of the Snowden revelations and UN Resolutions 68/167 and 69/166 on the right to privacy in the digital age. Clearly the issue of mass surveillance will continue to be of great concern as will be the increasing difficulty to uphold a clear line between public and private actors in this context. This development creates new challenges due to surveillance, data mining, and transborder flow of data, speech and information in general in combination with the lack of a transnational definition or even common understanding of privacy (Cornell). It also introduces new public and private actors: for example law enforcement bodies and service providers such as Google, Apple etc. The global flow of information for various purposes—trade, law enforcement, national security —together with an increasingly important role for transnational private actors in for example the controlling of data creates the need for a minimum definition of the right to privacy, see for example the Safe Harbour Decision (Case C-362/14 Maximillian Schrems v Data Protection Commissioner). There is also the question of how the increased access to data impacts on our expectation of privacy. The Canadian Supreme Court has held that privacy is a normative, rather than descriptive, standard (Tessling) and that access to data per se do not repeal the protection.

7.  The right to privacy had its upswing in constitutional law in the second half of the 20th Century and was first judicially protected as an autonomous constitutional right in the 1960s (Espinosa 967). It was recognized as an international human right before it started to play a more important part in national constitutional law. Prior to the adoption of the Universal Declaration of Human Rights (1948) (UDHR) in 1948 the main focus in national constitutions was on the sanctity of the home and correspondence (Diggelmann and Cleis 441-448), ie on what has been termed the territorial aspects of privacy. In international instruments such as UDHR, International Covenant on Civil and Political Rights (1966) (ICCPR), and European Convention for the Protection of Human Rights and Fundamental Freedoms (1950) (ECHR) the right to privacy and private life is followed by an enumeration of protected rights, such as the right to correspondence, the protection of the home and family etc. Still, mostly due to the subsidiarity principle in international law the definition and hence scope of the right to privacy is primarily determined by national constitutional law, which in its turn is a product of national legal and political culture. Therefore, the interplay between international- and European law, on the one hand, and national law on the other, is of great importance for the definition and scope of the right to privacy. For example, the question of surveillance has been dealt with by several European courts—both national and regional—and currently there is a consensus that targeted surveillance is allowed in democratic and rule of law states under certain conditions, it is for example required that a certain set of procedural safe guards are put in place and enforced (see for example Uzun v Germany; Digital Rights Ireland; see also Podkowik).

8.  The right to privacy is a difficult right to define and conceptualize both legally and theoretically. There have been many attempts to define the conceptual, or rather the ideological, basis of the concept of privacy. Two examples could be mentioned here: privacy as a freedom from society, and privacy as dignity (Diggelmann and Cleis 442; Whitman). Taking his starting point in US constitutional law, Schulhofer identifies the protection of personal autonomy as the core of privacy protected by the Fourth Amendment, thereby potentially adding a third conceptual basis. A fourth approach takes it starting point in the following question: What underlying interests do the right to privacy protect? This question was asked and answered by Andrei Marmor recently. Marmor argues that the right to privacy rests on people’s legitimate interest in being able to control the way in which they can present themselves to others (Marmor 3-4, 7). His argument builds on the differences in social patterns that is determined by the character of the relationship in question, be it between spouses, colleagues, or close friends. In order to obtain differences in these social interactions and contexts we have a legitimate interest of being able to control the way in which we present ourselves. This approach towards privacy is close to, but separate from, the personal autonomy perspective. The legitimate interest of controlling how you are presented can only be secured if the flow of information is predictable and not manipulated (Marmor 12) and this is where the legislative framework guaranteeing the right to privacy comes in. From a legal point of view, this is also when the concept of a right to privacy becomes actionable and concrete. If one adopts this point of view, the main question is how personal information has come to be known, not necessarily the actual content of that information. This approach clearly has its appeal in a time of mass- and secret surveillance. Clearly, the scope of the legitimate expectations depends on your role and position in any given context. Politicians, decision-makers, justices etc. all have a more limited sphere of legitimate expectations. A fifth argument connects privacy rights with self-governance. From this point of view, privacy is necessary for all intellectual exercises and if privacy cannot be protected we will be restricted in our intellectual quest for knowledge and information, and that would severely restrict our ability to self-governance and hence democracy (Krotoszynski 2016).

9.  The right to privacy was first laid down in Art. 12 of the Universal Declaration of Human Rights (UDHR). (See also ICCPR Art. 17.) When Art. 8 of the ECHR was drafted Art. 12 of the UDHR was seminal. Still, Art. 8 ECHR does not explicitly refer to privacy. However, the meaning of this should not be exaggerated since it is likely that the respect for private life and privacy was considered synonymous (Diggelmann and Cleis 457). Art. 8 ECHR protects the right to respect for private life, family life, home and correspondence. The right to private life includes a right to establish and develop relations with other people, including professional and business relations (Niemietz v Germany). Interactions with others taking place in public can fall under the protection of Art. 8 ECHR (PG and HG v UK). Someone’s psychological and physical integrity is protected, as well as the overall development of a personality in relation with other individuals without outside interference (Botta v Italy). Art. 8 ECHR imposes both negative and positive obligations on the signatory states (Söderman v Sweden).

10.  Whether there is a reasonable expectation of privacy is of importance when determining the scope of Art. 8 ECHR. Such expectations are lower if the individual in question is a public figure (Bohlen v Germany), but public individuals do have privacy rights (see von Hannover v Germany and Editions Plon v France). Moreover, privacy rights under Art. 8 ECHR are not lost just because someone is positioned in a public space (Peck v United Kingdom). Other aspects of the individual’s life that are deemed to be part of private life are for instance personal identity, including name, sexual activities, religion, ethnic identity (RB v Hungary), and collection and use of personal data by the state (Zakharov v Russia), including medical records.

11.  As regards the right to family life the European Court of Human Rights (ECtHR) has in its recent case law (Nazarenko v Russia) extended the right to family life to persons who are not biologically related, in this case a father and daughter. In a not yet final decision the Court ruled on religious marriage in which one of the parties was a minor (ZH and RH v Switzerland). The ECtHR found that national courts are more apt to address and rule on issues of religious marriage involving minors for the purpose of Art. 8. The right to respect for home refers to the concrete, physically defined, place of residence where the private and family life can develop. The right to respect for one’s correspondence contains the right to communicate with others without interruptions or censorship. According to the ECtHR the sender’s right to respect for correspondence, and thus for the confidentiality of information, ends when the message leaves him (AD v the Netherlands). In sum, the scope of Art. 8 is broad and constantly in motion.

12.  Art 7 of the EU Charter builds on Art. 8 ECHR but Art. 7 refers to communications instead of correspondence. This change aims to catch the expansion of the right to privacy as established by the case law of the ECtHR. The travaux preparatoires to the EU Charter clearly states that the two articles mirror each other and that the limitations that can be imposed on them are the same (Gonzales Fuster 202). The right to private life in Art. 7 of the Charter includes the protection of privacy in relation to any information about a person. Personal data protection is further regulated in Art. 8 of the Charter. In Digital Rights Ireland and Seitlinger and Others the ECJ stated: ‘The retention of data for the purpose of possible access to them by the competent national authorities, as provided for by Directive 2006/24, directly and specifically affects private life and, consequently, the rights guaranteed by Art. 7 of the Charter.’ The Court held that retention of private data in itself violated Art. 7 of the Charter, and that access of competent national authorities to such data constitute a ‘further interference with that fundamental right’, with references to the case law of the ECtHR. In Google v Spain the ECJ held that Google, as a data controller established in the EU, is responsible for the processing of personal data that it carries out and which appear on web pages published by third parties. Consequently Google is obliged to respect EU data protection laws (Arts 7 and 8 of the Charter) and therefore to comply with requests to remove links to certain personal data, under certain circumstances (the right to be forgotten). In A, B, C v Staatssecretaris van Veiligheid en Justitie the national court asked the ECJ whether there are any limits imposed by EU law as regards the verification of the sexual orientation of applicants for asylum. According to the ECJ, Member States are entitled to assess the credibility of the statements of an applicant regarding his/her sexual orientation. However, the methods used by the competent national authorities to assess the credibility of those statements must ensure the respect of fundamental rights, including the right to respect for private and family life.

13.  The theoretical and legal underpinning of the right to privacy differs between different constitutional orders. In some legal orders the right to privacy is laid down explicitly in the constitution, for example, the Israeli Basic Law, Art. 7a, the Constitution of Costa Rica Art. 24, and the Spanish Constitution Art. 18.1. In other legal orders the right to privacy is recognised as a general principle but it is not laid down as such in the constitution. Rather it is achieved indirectly through the protection of other rights, for example the right to private life, family life, etc. see the Icelandic Constitution Art. 71, the Latvian Constitution Art. 96, and the Constitution of Georgia Art. 20.1. Another example is the German Basic Law, which does not mention the right to privacy explicitly. In German constitutional law the right to privacy, which forms part of the general personality right, is deduced from Art. 1(1) (human dignity) and 2 (1) (freedom of personality) of the Basic Law. However, Art. 2(1) is subsidiary in relation to other basic rights explicitly laid down in the Basic law. Art. 10 protects the integrity of correspondence and Art. 13 the integrity of the home just to mention two examples. Arts 1 (1) and 2 (1), as the Federal German Constitutional Court has interpreted them, lay the foundation for a general freedom of action, the right to free self-determination, and the right to a private sphere. The German Constitutional Court has developed a three-tier constitutional protection of privacy based on the subject matter of the information; the intimate sphere which enjoys absolute protection (Microcensus Case), the private sphere in which privacy is balanced against public interest concerns, if the information is occurring in a secluded space (Secret Recording Case), and the public sphere where information is not protected since it is neither private nor provided on the basis of confidentiality (Microcensus Case).

14.  During the 1990s the Hungarian Constitutional Law borrowed heavily from German constitutional doctrine on the concept of human dignity with the result that although Art. 59 of the Hungarian Constitution protects privacy the Court relied on German case law on human dignity (Dupré). Likewise, in the French Constitution there is no explicit right to privacy. It is said to follow from Art. 2 of the Constitution (liberty, equality and fraternity), the principle of individual freedom as laid down in Art. 2 of the Declaration of 1789, as well as from Art. 66 of the Constitution. In 2008 a Committee came to the conclusion that there is no need to revise the preamble of the Constitution in order to include an express provision protecting right to privacy (Bioy 133). Hence, the right to privacy continues have its constitutional impact through the protection of individual freedom. The Polish Constitution holds two article of relevance for the right to privacy, Arts 47 and 49. According to Art. 47 ‘everyone has the right to legal protection of his private and family life, of his honour and good reputation and to make decisions about his personal life.’ Art. 49 stipulates the right to privacy and freedom of communications. Both articles take their starting point in Art. 30, human dignity (compare Germany and Hungary). In a decisions from 30 July 2014 the Polish Tribunal found that the state not only has an obligation not to infringe on the right to privacy and communication but also to ensure that individuals are protected from violations of these rights by foreign intelligence bodies (30 July 2014, K23/11). These constitutional orders are just some examples illustrating how the right to privacy can exist and be described as an umbrella concept even if not explicitly mentioned in a constitution.

15.  The Swedish Constitution stipulates the right to privacy explicitly in Art. 2(6). In the 2010 reform of the Swedish Constitution a new paragraph was added in which it is stated that ‘everyone shall be protected in their relations with the public institutions against significant invasions of their personal privacy, if these occur without their consent and involve the surveillance or systematic monitoring of the individual’s personal circumstances.’ Also the Norwegian Constitution (2014) explicitly refers to the right to privacy, Art. 102, as do the Finnish Constitution (2010) in Section 10. The Danish Constitution (1953) on the other hand, which is older than the Finnish, Swedish and Norwegian, does not mention privacy explicitly. Art. 72 states that dwelling is inviolable and that searches, seizures and examination of any correspondence require a judicial decision unless otherwise are stipulated by law. A comparison between these Nordic constitutional orders illustrates the development of the right to privacy over time, from a territorial right to a broader definition of the concept that also includes surveillance in the modern day and age.

16.  The South African Constitution (as amended 2009) Art. 14 states that everyone has a right to privacy which includes a right not have one’s home, person or property searched, possessions seized and privacy of communications infringed. Art. 14 obliges the state to enforce privacy rights in relations between private parties (NM v Smith). In addition, Art. 9 on the right to equality, Art. 10 on human dignity and Art. 12 on the freedom and security of the person are seminal for the protection of privacy as they have been interpreted and enforced by the South-African Constitutional Court (see Minister of Home Affairs v Fourie on same sex marriage). Brazil took the lead concerning the right to privacy in 1988 when it laid down the principle of habeas data in its constitution, Art. 5 LXIX. Subsequently several countries in the region have followed suit, for example Paraguay, Peru and Argentine. Moreover, personal intimacy, private life, honour and reputation are inviolable; guaranteeing the right to compensation for pecuniary or moral damages resulting from the violation thereof according to Art. 5 X.

17.  In US constitutional law privacy is protected primarily through the Fourth Amendment, which is limited to governmental action. Private actions, which pose considerable threats to privacy in the digital era, are not included in the Fourth Amendment. In Katz v United States the US Supreme Court laid down the ‘expectation of privacy test’ that has been said to expand the right to privacy outside of the home/property thus adding to the trespass rule and hence expanding the right to privacy under the Fourth Amendment: ‘What a person knowingly exposes to the public, even in his own home or office, is not subject to Forth Amendment protection. But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.’ In the Jones case the Supreme Court held that putting a GPS on a car without a warrant constitutes a violation of the Fourth Amendment in that Jones’ property was trespassed and the action on behalf of the police was to be considered a search within the meaning of the Fourth Amendment (the trespass test). In the wake of Snowden’s revelations the question of whether individuals have an expectation of privacy under the Fourth Amendment concerning the bulk collection of metadata in the absence of a search warrant based on probable cause begs an answer. One complicating factor is the third-party doctrine saying that individuals have no legitimate expectation of privacy in information that they voluntarily turn over to third parties (Smith v Maryland). In the on-going NSA-cases the US government relies on the Smith-rule, while the appellants argue that the there is a legitimate expectation of privacy. The question still outstanding is to what extent modern technology alters the traditional expectations of privacy and what its impact might be on the right to privacy under the Fourth Amendment. Privacy rights are further restricted by the First Amendment as interpreted by the US Supreme Court in Snyder v Phelps. In this case the plaintiff was not a public person but the contested speech was made in a public space and the matter was of public concern. Hence the speech was protected under the First Amendment and the plaintiff’s privacy, while burying his son killed in war, was limited.

18.  For common law countries that do not have a Bill of Rights like the US or a statutory Privacy Act like in Australia, privacy rights are developed within for example tort law. In March 2014 the amendments to the Australian 1988 Privacy Act entered into force. The Australian Privacy Act builds on a human rights approach to privacy and regulates how private information can be handled. For the purpose of the Act private information is defined as ‘information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable’. This includes for example an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person. In the UK, the adoption of the Human Rights Act (HRA) in 1998 meant that British Courts had to ensure the enforcement of Art. 8 of the ECHR. Besides from this there is no Privacy Act. Some common law countries, besides the US, do have Bill of Rights, for example Canada, New Zealand and Hong Kong. However, of these three only the Basic Law of Hong Kong explicitly refers to privacy, see Art. 30 in the Bill of Rights. Art. 30 stipulates that the freedom and privacy of correspondence of Hong Kong residents shall be protected by law, and that relevant authorities may inspect communication only in accordance with legal procedures to meet the needs of public security or of investigation into criminal offences. The Canadian Charter of Rights and Freedoms does not mention the right to privacy explicitly. Privacy rights are enforced primarily through Arts 7-14, which deals with criminal law trials and criminal law investigations. Prior authorization, where feasible, is a precondition for a valid search and seizure (Hunter v Southam Inc). According to the case law of the Canadian Supreme Court Arts 7 (security of the person) and 8 (informational privacy) create the foundation for a constitutional privacy right in Canada. The Court uses three categories of privacy; personal, territorial and informational.

19.  There is no general right to privacy in Chinese law. However, important rights that indirectly relates to privacy are Arts 37 (physical), 38 (human dignity) and 39 (territorial). The Chinese constitution aims to guarantee personal dignity, Art. 39, and the right to privacy is considered to fall within that sphere. Still, protection of privacy in China is sporadic and fragmented. For both political and legal reasons the constitutional protection for privacy in China is inadequate. The same could be said concerning the protection of privacy in Russian constitutional law. The Russian Federal Constitution has three articles of direct relevance to the right to privacy, Arts 23-25. Art. 23 refers to the traditional aspects of the right to privacy, for example the inviolability of private and family life, protection of honour and name, and privacy of correspondence. According to the Constitution the latter can be restricted only by a court decision. Art. 24 stipulates protection for personal information in that it must not be collected, stored and disseminated without consent. It also lays down the right to access to information that affects someone’s rights or freedoms. And according to Art. 25 the home shall be inviolable, and all restrictions to that right must be laid down in law or by a court of justice. China and Russia share a common trait of an authoritarian political system with a legal system that is controlled and manipulated by political elites, and with strong repressive traits. One must therefore be careful and not rely extensively on the letter or the law.

20.  In general privacy is not an absolute right and hence can be limited by the law. A general critique against constitutional orders that do not have a Bill of Rights or a specific Privacy Act is that the right to privacy and its implementation is inefficient and fragmented. Concepts such as digital privacy and habeas data capture well some of the currently largest challenges to the right to privacy. More modern constitutions tend to contain articles stipulating habeas data and the right to privacy and freedom of communications. This trend captures the changes of the understanding of and legislative framework for the protection of the right to privacy over time. The European Union has taken the global lead in trying to improve the regulatory framework for protection of personal data.

21.  There is a substantial difference between how privacy is regulated and protected in common law and civil law countries. In US constitutional law, protection is only granted in relation to the state and state actions (state action doctrine). Actions of private parties are regulated primarily by tort law. The US stands out for its far-reaching protection of freedom of speech to the detriment of privacy rights. In European law, privacy rights are protected both in relation to state and private actors. Moreover, the question of ownership of personal data is more regulated in European law and European law stretches the right to privacy to include also public spaces—quite opposite to US law where a reasonable expectation of privacy is more or less gone when a person enters a public space. European law also provides a stronger protection of privacy rights in public places than what for example is the case in US and Canadian constitutional law. As pointed out by Krotoszynski, privacy rights (being a positive and a negative right) are broader in Europe than in the US. Within the context of judicial enforcement Krotoszynski points out a methodological difference between the US and Europe—he argues that in Europe the principle of proportionality has a larger impact on the balancing test conducted by the courts than in the US.