Roundtable #22 | Modern Challenges to Privacy Law

Section 1: Introduction to Privacy Law

Privacy law stands at the intersection of individual rights, government regulation, and societal norms, shaping the landscape of healthcare, reproductive rights, and personal freedoms. In today's world, where advancements in technology and shifts in political landscapes continuously redefine the boundaries of privacy, grasping the significance and dynamic applications of privacy law is growing increasingly crucial. This roundtable explores three distinct realms where privacy law exerts its influence: gender-affirming healthcare, abortion rights, and government surveillance.

Section 2: Gender Affirming Healthcare’s Future in The Wake of Health Privacy Law’s Trickle-Down Deterioration

In Florida, a perplexing legal paradox exists. Cisgender children are readily prescribed gender-affirming hormones identical to those used in transgender healthcare regimens. However, Florida’s Senate Bill 254 restricts transgender children from accessing the same gender-affirming healthcare available to cisgender children. While this paradox displays sex discrimination, courts currently struggle to assess the constitutionality of limiting gender-affirming healthcare. This struggle is influenced by privacy health laws and medical malpractice’s erosion. With narrow privacy health laws and limited federal care standards, arguments about restricting gender-affirming healthcare as sex discrimination become complex. And few have successfully used sex equality jurisprudence to address this challenge. In assessing gender-affirming healthcare, court decisions highlight the relation between health privacy law, medical malpractice, and sex equality jurisprudence.

Health privacy law maintains a deeply-seated influence on the foundation of medical malpractice. Medical malpractice is established by negligence of accepted standards of care, demonstrating failure to exhaust all medical interventions to save a patient's life. Before Dobbs v. Jackson Women’s Health Organization (2022), federal protection of health privacy simultaneously protected accepted standards of care. Roe v. Wade (1973) determined that the Fourteenth Amendment and due process clauses “protect against state action on the right to privacy.” Planned Parenthood v. Casey (1992) echoes this precedent as the majority decision states, “The fundamental right of privacy protects citizens against governmental intrusion.” This protection of privacy was incorporated into federally recognized accepted standards of care, directing physicians to adhere to abortion medical protocol. Abortion medical protocol broadened due to privacy protections, impacting a range of federally accepted healthcare standards. Without privacy health laws, accepted standards of care must prioritize adhering to state legislation instead of exhausting all medical interventions. Adhering to state legislation widens the possibility of negligence and patient injury. However, this negligence is protected under a limited standard of care. Meaning, accepted standards of care are not as extensively protective. Without privacy health laws, medical malpractice shifts its priority from protecting the patient to protecting state politics.

While limited standards of care prevent extensive healthcare, sex equality jurisprudence’s recognized constitutionality can protect gender-affirming healthcare. Sex equality jurisprudence refers to legal precedents and constitutional revisions that address equality. The principle gained constitutional recognition in Reed v. Reed (1971)–the first case where a court applied the Fourteenth Amendment to prohibit a law discriminating against women. Since, sex equality jurisprudence has expanded beyond gender equality. In a 6-3 decision, the Supreme Court ruled in Bostock v. Clayton County, Georgia (2020), that the Fourteenth Amendment and Title VII of the Civil Rights Act protect LGBTQ+ from workplace discrimination. Additionally, the majority opinion states, “It is impossible to discriminate against a person for being transgender without discriminating against that individual’s sex.” Multiple lower courts have applied Bostock’s (2020) precedent, like  Baker v. Aetna Life (2017), where a court ruled denying an employee’s insurance plan due to gender-transition surgery costs violates Title VII. Baker v. Aetna Life (2017) explicitly extended sex equality jurisprudence to include transgender people and their right to healthcare access. These cases showcase the development of sex equality jurisprudence and firmly establish that sex and gender discrimination is unconstitutional across various areas, including healthcare–an applicable argument to the constitutionality of gender-affirming healthcare bans.  

However, recent court rulings reveal this constitutional recognition as ambiguous. Brandt v. Rutledge(2023) follows a case where an Arkansinian federal district court judge found Act 626–a law banning gender-affirming healthcare for transgender youth–unconstitutional and prohibited its enactment. While Arkansa’s federal district court judge found Act 626 unconstitutional, citing sex discrimination, Tennessee Attorney General Jonathan Skrmetti views the same policy as “a big win for democracy.” Currently, Skrmetti is being sued for this policy by the ACLU. While Brandt(2023) had luck with sex equality jurisprudence’s constitutional recognition, the Tennessee district and appeals court do not reflect the same arguments. Instead, they state, “medical treatments that affect only one sex receive rational-basis review”, utilizing Dobbs’(2022) language to circumvent recognition of sex equality jurisprudence’s constitutionality. L.W. v. Skrmetti(2023) has submitted a petition for a writ of certiorari to the Supreme Court, presenting them with the question of whether Tennessee's SB1 “violates the Fourteenth Amendment.” If accepted, the decision will cement the future recognition of sex equality jurisprudence and gender-affirming health care.  

Florida is not the only state leveraging the fall of health privacy law and sex equality jurisprudence’s ambiguous constitutional recognition. Over 214 bills banning gender-affirming healthcare have been proposed in 2023. Health privacy law’s deterioration widens the possibility for standards of care to diminish. When standards of care are not federally protected, healthcare interventions rely on the state instead of prioritizing patient protection. Although this fosters discriminatory gender-affirming healthcare bans, arguments based on sex equality jurisprudence have diminished in power. This deteriorating nature of standards of care and sex equality jurisprudence’s constitutional recognition traces to the fall of privacy health law; with the end of Roe(1973) came the end of extensive standards of care and new language to circumvent recognition of sex equality jurisprudence’s constitutionality. As L.W. v. Skrmetti (2023) potentially heads to the Supreme Court, the future of gender-affirming healthcare access remains obscure.

by Gabriela Diaz-Vendrell

Section 3: Abortion and Data Privacy Rights

Since the recent overturning of Roe v. Wade (1973) in Dobbs v. Jackson Women’s Health Organization (2022), abortion accessibility and incrimination has become a pertinent issue. What makes the debate extraordinarily confusing is the high level of discretion left to state governments on ruling the constitutionality of abortion. In states where reproduction services are compromised, women seeking an abortion are forced to travel to another state or seek alternative methods such as purchasing abortion pills. This crisis ushers in a new era of concern for data privacy: health records, financial records, geolocation information, and electronic communication are put at risk for criminal investigations without the medical patients’ disclosure or awareness. Protecting these privacy rights are absolutely essential in freeing access to reproductive care and promoting women’s bodily autonomy.

Furthermore, the decline of women’s reproductive services has spiraled into an expansive struggle for freedom and equality. The threat against women’s autonomy is exacerbated through the closing of women’s health clinics that offer preventive healthcare, such as contraceptives, alongside abortion centers. Women in low-income, rural, and underserved communities bear the brunt of this outcome as they face travel and cost barriers to access healthcare services in states where abortion remains legal. Guaranteeing women abortion rights involves not only protecting the reproductive autonomy of half the U.S.’s population, but a universal concern for healthcare equity.

Court precedents, executive orders, and current laws regarding health records are demonstrations of the tedious balance between individual privacy rights and government interference. The Health Information Portability and Accountability Act (HIPAA) was enacted in 1996 by the U.S. Congress to safeguard the privacy and security of individuals’ health information. Healthcare providers must comply with HIPAA regulations to ensure the confidentiality of patient information, including reproductive health and abortion services.

HIPAA protects patients’ health records by requiring explicit authorization for use and disclosure of protected health information (PHI). Healthcare providers must obtain a patient's written consent before disclosing PHI, clarifying the circumstances and purposes for authorization, stating an expiration date for the authorization and allowing the individual to revoke the authorization. On a broader scale, the security standards for HIPAA ensure that PHI is secure from unauthorized access, disclosure, alteration, and destruction during electronic exchange.

Since 1996, Executive Orders have strengthened individuals’ privacy rights and clarified the role of law enforcement when acquiring potentially incriminating health information. Under Clinton’s Administration in December of 2000, Executive Order 13181 was enacted, entitled “To Protect the Privacy of Protected Health Information in Oversight Investigations.” This order restricted law enforcement from using PHI for criminal investigations. Noting the factors at stake - physician-patient relationship, treatment services, disclosure to patient about potential injury - Clinton’s Executive Order established the protection of medical information from law enforcement except in dire circumstances.

Following Dobbs v. Jackson Women’s Health Organization (2022), the Biden Administration also issued the “Executive Order on Protecting Access to Reproductive Healthcare Services” (2022). This Executive Order outlined numerous concerns following the restriction on abortion rights, such as the closing of women's health clinics and decrease in preventive healthcare services such as contraception and disproportionate impact on women in low-income, rural, and underserved communities in accessing reproductive services. President Biden directed the Secretary of HHS to consider “providing guidance under HIPAA,” “strengthen the protection of sensitive information related to reproductive healthcare services,” and “address the potential threat to patient privacy” caused by the “transfer,” “sale,” and “digital surveillance related to reproductive healthcare services.”

Since then, the Health and Human Services Department published a proposal to amend existing standards permitting disclosures of PHI related to reproductive health care on April 17th, 2023. The proposal pushed for “prohibiting uses and disclosures of PHI for criminal, civil, or administrative investigations or proceedings against individuals, covered entities or their business associates (collectively, “regulated entities”), or other persons for seeking, obtaining, providing, or facilitating reproductive health care that is lawful under the circumstances in which it is provided.”

The fundamental right of privacy guarantees each individual the right to make medical judgments affecting their body in partnership with a chosen health care provider free from government interference. This right was challenged in Montana in 1995 when the state legislature introduced a law that prohibited certified physician assistants from offering abortion services, a practice they had been permitted to engage under a physician’s supervision. In Mazurek v. Armstrong (1997), a group of licensed physicians challenged this law on the basis that it posed a substantial obstacle to a woman seeking an abortion. The District Court denied the practitioners' motion for a preliminary injunction, finding that there was not enough evidence that the law was putting an undue burden on women seeking abortion rights. This decision was vacated by the Court of Appeals, and later reversed again by the SCOTUS, which upheld the Montana state legislature. The Supreme Court tightened women’s procreative freedom by restricting the healthcare provider women could choose to attain abortion services from.

The right to privacy endorses minors to get an abortion without parental restraint. In 1999, the Florida state legislature passed the Parental Notice Act which required parental notice before minors could obtain an abortion. In response, the North Florida Women’s Health and Counseling Services sued the Act for being unconstitutional. The trial court ruled the act as unconstitutional, and this decision was reversed by the district court. Finally, the Florida Supreme Court quashed the district court decision again in North Florida Women's Health Services v. State (2003) because it significantly restricted a minor’s right to privacy and failed to further the state interest. Because other major decisions surrounding pregnancy such as adoption and giving birth did not require parental consent, the court held that making a distinction for an abortion did not qualify as a compelling state interest. Unique among other states, Florida's fundamental right to make personal decisions without government interference stems from a privacy clause embedded in its state constitution. This precedent case demonstrates an individual’s right to privacy from influence and knowledge of outside parties when obtaining an abortion.

Protecting data privacy rights is crucial to safeguard women’s access to obtaining abortions. The above considerations are just a few of the numerous ways that data privacy can affect women’s abilities to seek reproductive healthcare. Laws, such as HIPAA, are constantly being modified to accord with modern day healthcare research techniques and data collection types. Through Executive Orders and recommendations from the Department of Health and Human Services, the executive branch of the U.S. government seeks creative courses of action to protect privacy rights despite the SCOTUS decision. Finally, distinct state constitutions and varying interpretations of privacy rights reflect regional ideology on the balance between government interference and individual rights to healthcare. Different facets of the law combine to structure women’s access to abortion, and this must be critically explored to prevent indemnifying women for seeking reproductive healthcare, and fight for general healthcare equity.

 by Yunah Kwon

Section 4: Government Surveillance and Internet Privacy

For as long as the United States has existed, Americans appear to have prided themselves on individual rights that the government cannot infringe upon. However, since the events on September 11th, 2001, the individual rights that Americans have heralded for so long seem to have evaporated through the proliferation of the so-called “security state” that our federal government has established under the pretense of stopping terrorism.

With the development of the internet, and its lack of regulation, the government has gained easy access to our private data. Thus, it is imperative to consider how far the federal government of the United States should be allowed to access private information through social media.

The United States isn’t the only governmental body that has established privacy rights for its citizens. The United Nations has put forth several laws that are meant to be followed by member countries. In the United Nations’ Universal Declaration of Human Rights, article 12 states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.

In other words, a government should not interfere with an individual’s right to privacy when there is no due process to do so. Thus, there is an internationally established standard for the right of privacy.

America, however, seems to have found several loopholes in order to establish its “security state” in the past twenty years. In the aftermath of 9/11, Congress passed the USA PATRIOT Act, which made critical changes to federal statutory law. These laws have repeatedly been renewed, in 2007 and in 2015, a sign of continual support. Section 215, for example, permits agencies to collect “tangible” objects (including books, records, and papers) for an investigation to protect against international terrorism or for clandestine intelligence activities. This section has largely been interpreted to allow for the bulk collection of telephony data, including phone logs, indiscriminately of citizenship status and First Amendment rights.

In addition, the government only needs to show evidence of a terrorist investigation into any person, including a citizen, to authorize a warrant and collect more data. This low standard has been widely utilized, with the government even collecting data on website logs, all under the guise of fighting terrorism. Laws like these have largely eroded privacy rights, in the name of “safety”. However, the risks of these laws dig further away from terrorism and into violation of a citizen’s First and Fifth Amendment rights under the Constitution.

The individual rights of citizens in the United States are at a high level of risk, and they have shrunk significantly as a result of this federal invasion of privacy. One primary risk is that the constant monitoring of social media by law enforcement can wrongly implicate a person by misinterpreting social media activity and assuming criminality, as noted in the case of Jelani Henry. In 2012, Henry was arrested and convicted on two counts of attempted murder, and subsequently incarcerated for 19 months with no bail. The evidence against him was thin; however, the Manhattan District Attorney argued that his ‘likes’ of social media posts by ‘crews’ were incriminating evidence of his support of gangs. Eventually, the case against him was dropped, but his story serves as a reminder of the lengths in which law enforcement has gone to spy on its own citizens. Under the guise of taking down a terrorist organization, the New York Police Department spied on Henry and drew sweeping generalizations based simply on his online interactions.

These loose criteria can lead to the implication of innocent individuals simply because of their freely-exercised right to speech online, and it assumes a level of criminality. The 5th Amendment of the Constitution includes a clause that has largely been interpreted to protect people accused of a crime by assuming innocence before guilt. However, as stated in the Supreme Court decision Packingham v. North Carolina (2017), social media presences are considered “public spaces,” available for investigation by any law enforcement agency. Further, the FBI’s Domestic Investigations and Operations Guide from 2021 states that they can review publicly available social media info, in accordance with the “public space” interpretation, but, more dangerously, they can use false social media identities to further investigate a person by finding information only available to an account’s followers. This compilation of information about a person, and, in most cases, with a warrant allowed under the Patriot Act or without one at all, dramatically risks the invasion of privacy for countless citizens.

Even more dangerously, however, is that this invasion of privacy and heightened risk of wrongful detainment instills a sense of fear into Americans from freely speaking online. One case, Doc Society et al. v. Antony J. Blinken (2023), attacked the State Department’s attempt to make visa applicants list social media identifiers. In doing so, the State Department was able to match social media accounts to individuals and retain that data indefinitely. Most applicants have no criminal wrongdoing; thus, the program lacks any reasonable justification. The court threw out the lawsuit, stating that applicants already voluntarily submit their information with a visa application. However, the argument made by the plaintiffs still stands: having the federal government watch social media engagement instills a fear of being watched, and thus, implicitly restricts a person’s freedom of expression online as given under the 1st Amendment. In another case, ACLU v. Clapper (2014), judges ruled that the government cannot legally collect telephone metadata without a proper warrant, constituting an unreasonable search under the 4th Amendment, and more importantly, highlights that constant watch by the government is a form of restriction of the freedom of speech.

Overall, this contradiction on what the government is and is not permitted to collect from its people reflects the ever-changing circumstances on the right to privacy and its conflict with government operations. The government has a responsibility to keep the public safe, however, the  attempt to reestablish safety developed a more restrictive environment in the United States. The right to free speech and freedom from unreasonable searches gives an implicit idea of a right to privacy. Thus, the government today can still access public information on social media as it is considered a “public space.” However, some of its more covert operations need further review as to the value it provides the government, and evermore, whether or not it infringes upon the rights of its people as well. As technology and the proliferation of public security cameras, cell phones, and social media continues to spread, the borders of privacy law are continually shifting and expanding, and the government will be at the frontier of these changes, while the law and civil liberties groups will be working to keep up with these changes.

by Andrew Chung

This Roundtable was edited by Simon Panfilio.