In order to comprehend the American exceptionalism in the area of employees’ privacy rights, but also to capture the gravity of the initial choices and certain path dependency in the American legal system, I commence with a rudimentary examination of the historical trajectory of the extant American privacy framework. In the subsequent sections, I will take a closer look at the jurisprudence, and the discourse on privacy rights in employment that has surfaced in the privacy legal landscape in the United States and which, since the early decisions rendered in the 1980s, have crystallized into what is now often referred to as ‘the American model’.² The conceptual and normative parameters of this ‘American model’, will be presented in the last section of this Chapter.

In 1960, William Prosser, a leading tort expert, having studied the privacy case law generated by the Warren and Brandeis article, argued that ‘the law of privacy comprises four different interests, which otherwise have almost nothing in common except that each represents an interference with the plaintiff’s “right to be let alone”’. Accordingly, he distilled privacy invasions into four different types of infringement:

Five years after, in 1965, in Griswold v Connecticut, the Supreme Court eventually found that the Constitution holds an implicit right to privacy which is guaranteed to American citizens through the First, Fourth, Fifth, and Ninth Amendments, covering freedom of speech, religion, association; freedom from unreasonable searches and seizures; right to due process; and non-enumerated rights, respectively. The Court’s analysis, commonly referred to as the ‘penumbra theory’, rested upon the assumption that ‘specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance. Various guarantees create zones of privacy’.⁸

Meanwhile, as case law developed in this area and new technological advances came to light elevating the level of public concern about the possible abuses of wiretapping powers, federal legislation sprang up providing for fragmentary privacy protection inter alia with regard to the interception of wire and oral communication (Wiretap Act)⁹ or the use of information regarding credit worthiness or credit standing.¹⁰

In 1973, the Secretary’s Advisory Committee on Automated Personal Data Systems released a comprehensive report, ‘Records, Computers, and the Rights of Citizens’, which advocated the introduction of legislation establishing a code of fair information practices for all automated personal data systems, essentially centered on: (1) the general prohibition of secret personal data record-keeping systems; (2) a public notification requirement concerning the existence of automated personal data system; (3) the prohibition of non-consensual disclosure of personal data; (4) individuals’ right to obtain information concerning the data pertaining to them and their usage, and to correct or amend such data; (5) the accountability of the organization for establishing proper organizational and technical safeguards against the misuse of data systems.¹¹ Interestingly, as some commentators have noted, the Code played a significant role in formulating information privacy standards, not only in the United States,¹² but also on an international level.¹³ Initially, the code of fair information practices was fully implemented by Bill 3418 (‘Information Bill of Rights’), a draft of an omnibus law for both private and public sector, which also introduced the Privacy Protection Commission, a supervisory authority, with a wide range of powers (including the authority to hold hearings regarding violations; to enter premises where data is held; to compel the production of documents; and to order organizations to cease unauthorized information practices).¹⁴ Ultimately, however, as Purtova explains, ‘under pressure from both public and private sector organizations, this legislative initiative ended with the passage of a weakened legislation’, which focused on regulation of the public sector and abandoned the idea of establishing a distinct supervisory agency (Privacy Act 1974).¹⁵

In the mid 1980s, it became increasingly apparent that further amendments to the current framework were needed in order to adjust the federal privacy protection standards to the increasing technologization of life. The enactment of the Electronic Communication Privacy Act 1986 (ECPA)¹⁶ extended the restrictions on wiretapping introduced by the Wiretap Act to electronic communications and added new provisions that prohibited accessing stored electronic communications (Stored Communications Act).¹⁷

The ‘final’ modification of the federal framework, took place in the aftermath of 11 September 2001, along with the passage of the hugely controversial USA PATRIOT Act,¹⁸ which directed privacy policy towards more security-centric goals and considerably broadened governmental surveillance prerogatives.¹⁹

To summarize, the evolution of privacy law in the USA proves its malleability amid changing social and political contexts. The social context has been a major force behind transferring the ‘out of law’ concept into an implicit constitutional right that opened up the law’s vision for the various interests that are at stake in the ‘privacy’ domain, and that prompted the legislature to give some of these interests distinctive legal coloration. The political context, on the other hand, has considerably affected the scope of legislative measures by preventing the introduction of comprehensive privacy norms in the private sector.²⁰