“I think that email addresses aren’t really private, like a phone number or postal address. My partner thinks they are. Can you be the oracle for us?!”
This is the question I received, from someone who’s friend was offered five cases of carbonated, aspartame filled drink, if he signs away his right to sue the manufacturer of said beverage for “accidentally” giving out his email address. I don’t know who’s used the word accidentally; the question submitter, their friend, or the beverage company, but let me say first, whether or not it was accidental makes no difference except perhaps the severity of any punishment. If I accidentally break your cup, or do it on purpose, the cup is still broken, and it cannot be undone.
My Short Answer
In this situation, they are private.
The Longer Version
Let’s make this easier and say the question came from Jane, her partner is John, their friend is Fred and the beverage company is the called SomeColaCo. Part 1 - It Depends
Jane is quite right, an email address is just like a phone number or a postal address, but that in itself doesn’t automatically mean that privacy hasn’t been breached here.
I could look up your phone number in the online phone directory. I just need your name and possibly suburb. Unless you’re ex-directory.
I could find your address in the same way, if I knew roughly where you lived. Unless you’re ex-directory.
There are other ways to get this information, but by and large, without riffling through your trash bin (for your phone number, because I’d already have your address), it’s not that easy online, unless you’ve shared it publicly (on your CV, in a classified listing, etc).
If you don’t have any qualms about making your email address public, that’s fine, but that doesn’t mean that others don’t want theirs public. So in that respect, in the purest form, the answer is “email addresses are private if you don’t consider them public”.
Part 2 - In This Situation
So I’ve not made a solid case for my short answer; that in this situation, email addresses are private.
In this situation, we need to look at the value of the email address in question. When Fred’s email address was given away by SomeColaCo, the entity that received the email address immediately knew these things about him:
- He had given his email address to SomeColaCo,
- He probably likes sweet, carbonated beverages,
- He is likely to enter competitions,
- Depending on how the list was leaked, they might also know he prefers aspartame to sugar.
This makes the list of email addresses that were given out very valuable; they’ve been pre-screened and contain a high percentage of people who are the target market for many products, services and offers. SomeColaCo didn’t just give away Fred’s email address, they profiled him and sold/gave that data to another entity. That violates privacy. Imagine, in comparison, if rather than looking up your phone number in the phone book, I got my hands on a list of phone numbers from one of these sites that sell products for 24 hours, and it contains your number even though you didn’t give permission for it to be shared. If I call you, I already know you’re more likely than the average caller to make an impulse purchase if there’s a significant, time-based discount.
By giving Fred’s email address to another entity, they added him to the targeted advertising machine that now has extra data and a fuller profile of him, without his express consent. And, who’s to say the entity that got his email address won’t pass it on now too?
Nail in the Coffin
To me, the most damning bit of proof that this was a violation of privacy is that SomeColaCo will give away product for free in exchange for signing away the right to sue. They’re not saying sorry for something that was a bit wrong, and giving some product as compensation. They are essentially paying Fred to sign a legally binding contract. This, to me, shouts “WE FUCKED UP! MAKE THIS PROBLEM GO AWAY!”
It’s never black and white but, while I agree with Jane that it’s just an identifier for a method of communication, the potential effect of this situation, and SomeColaCo’s response, clearly point to a breach in privacy having occurred.
My views are based on my understanding of a vague story. I don’t know how Fred’s email address was given away, whether he had opted out of anything, whether he entered a competition, whether SomeColaCo gave away just his address or a whole list, or if the benefactor of the address(es) knew where the list had come from or benefited from profiling. That said, given the scenario, I firmly believe that privacy was breached. If Fred agrees, I’d say sue the bastards, subject to seeking his own professional legal advice.