State Privacy Law Tracker: Georgia

Georgia Data Privacy Law

History of Privacy Rights in Georgia

The right to privacy was first recognized by the Supreme Court of Georgia in 1905 when it ruled that an individual’s likeness could not be used without their consent in advertising.

The Case Behind Georgia’s Privacy Rights

Paolo Pavesich filed a lawsuit for libel and invasion of privacy against the New England Mutual Life Insurance Company (NEMLIC). Pavesich alleged that NEMLIC inappropriately used a photograph of his likeness in a newspaper ad for life insurance. Pavesich added that the caption of the photo was defamatory and slanderous. NEMLIC raised a general demurrer, and the city court upheld it. The city court’s ruling was appealed by Pavesich to the Georgia Supreme Court.

In the ruling, the court recognized privacy as a legal right. Based on this, the court held that the publication of Pavesich’s picture without his consent by NEMLIC as an advertisement, for the purpose of increasing the profits and gains of NEMLIC, was an invasion of such right and was actionable under the law.

The ruling established that the right to privacy can be waived by the individual’s consent, by anyone he or she has authorized to act on his or her behalf, or by anyone the law allows to act on his or her behalf, just like all other rights. However, the waiver must not have the effect of exposing to public matters of a purely private nature that express law or public policy requires to be kept private. This waiver may be explicit or implied, but it only gives rise to the right to an invasion of privacy to the extent that it is actually required and appropriate to address the issue that gave rise to the waiver.

No Comprehensive Data Privacy Law Yet

Although a forerunner in granting the right of privacy to its citizens, there are no effective Georgia privacy laws in place; nor has a comprehensive bill been introduced in this year’s state legislature. Georgia did, however, attempt to pass a comprehensive Georgia data privacy law, the GCDPA, in 2022. The bill failed to pass.

Georgia’s Failed GCDPA

The Georgia Computer Data Privacy Act (“GCDPA”), a comprehensive privacy law, was sponsored by the Georgia Senate in 2022. It was modeled after (but substantially broader than) California’s Consumer Privacy Act (“CCPA”).  The Georgia privacy act’s introduction was unexpected in a number of ways, including the fact that it was introduced by the Republican leadership.  Furthermore, it was noteworthy for the obligations it attempted to place on businesses, which go beyond those of the CCPA and other recently passed state privacy laws.  It failed to get passed into law.

Some of the GCDPA’s most important elements included:

  •  the requirement that consumers consent before personal information is collected.
  • Personal information “sales” require consumer consent. 
  • very good private right of action for plaintiffs.
  • There is no exception for contact details of employees or businesses. 

Other Georgia Privacy Laws in Effect

Georgia Employee Privacy Laws

Georgia employees are granted certain rights based on the four common-law invasions of privacy claims. An employee can sue an employer if one of these rights is violated: 

The four torts of privacy invasion are as follows:

  1. Intrusion upon seclusion: This tort occurs when someone intentionally intrudes upon the private affairs or seclusion of another person in a manner that would be highly offensive to a reasonable person. It involves invading someone’s physical or personal space without their consent, such as through unauthorized surveillance or trespassing.
  2. Appropriation of likeness or identity: This tort, also known as the right of publicity, involves the unauthorized use of someone’s name, image, or likeness for commercial purposes. It generally applies to situations where a person’s image or identity is used without their consent in advertising, endorsements, or other promotional activities.
  3. Public disclosure of private facts: This tort occurs when private, non-public information about an individual is disclosed to the public without their consent, and the disclosure would be highly offensive to a reasonable person. It typically involves the public dissemination of personal details, such as private medical information, financial records, or intimate details of a person’s personal life.
  4. False light: False light is a tort that involves the publication or dissemination of false or misleading information about an individual that places them in a false or distorted light and is highly offensive to a reasonable person. It differs from defamation in that it does not necessarily involve making false statements about someone but rather presenting true information in a way that creates a false impression or conveys a false meaning.

Centraleyes continues to monitor Georgia, as well as other state legislative developments this year.  Stay tuned and follow us as we bring you the latest updates in the privacy sector.

Sign up for our Data Privacy Tracker with monthly updates on the latest news and developments

Skip to content