Professional Documents
Culture Documents
Rostow-What Happens When An AcquaintanceBuys - U - Data-2017 PDF
Rostow-What Happens When An AcquaintanceBuys - U - Data-2017 PDF
Theodore Rostow t
Introduction....................................................................................................
lntrod uction ....................... ........... .............................................................. 668
ConsideringaaNew
A. Considering NewPrivacy
PrivacyHarm Harm.....................................................670
...... ......................... ........ 670
l.I. The Data
Data Broker
Broker Ind
Industry
ustry and the Market Market for Buying Peop People’s Data ....673
le's Data .... 673
Expansive U.S.
A. An Expansive U.S. Broker
Broker lndustry .............................................
Industry ........... ...... ....... .......... .......... 674
674
Data Sales
B. Data Sales to Individual
Individual Consum Consumers ers ...........................................
........ ............. ..................... 675
675
II. Gaps in U.S. Commercial
IJ. Commercia l Privacy Law L aw ...............
.................................................
........... ...................... 676
676
A.. Statutory
A Statutory Privacy
Privacy Protections
Protections in the Commerc Commercial ......... 676
Sphere ..........
ial Sphere 676
Limitations on Privacy
Judicial Limitations
B. Judicial ........ ........ .......... ...... 679
Protection .................................679
Privacy Protection
C.
C. Agency
Agency Regu
Regulation
lation oo/Data Transactions ....................................
f Data Transactions ................. ......... ....... ..680
D. Contractual Restrictions on the Sale ooff Digital
Contractual Restrictions Information ..... 682
Digital lnformation
III. The Threat
Threat ofof Relationa
Relationall Control...........................................................
Control... ............................ ....... ........ ...........682
A. lnformationa
Informationall Asymmetries
Asymmetries as Toolsfor Tools fo r Social Influence .........
Social ln.fluence .......... 683
683
B. Factors
Factors that Suggest
Suggest PrivatePrivate Consumer Information Will Be
Consumer lnformation
Available for Individua
Ava ilab lefor Individuall Purchase
Purchase ....... ...............................................685
.................................... ..685
IV. Existing Proposals Fai
Existing Proposals Faill To Remedy
Remedy Re Relational Control......................
lationa l Contro l .................. ....690
690
Broker lndustry
A. Broker Reforms ................................................................691
Industry Reforms ................... ..... ..... ..... ......... .................. 691
Reforms
B. R fo r Information
eforms for lnjorma tion Services Services .................................................692
............................................... 692
+t Special
Special thanks
thanks are owed
owed to Amy Chua, Frank Pasquale,
Clrna , Frank Joseph Falvey,
Pasqua le, Joseph Falvey, Christopher
Christopher
Pagliarella,
Paglia rella, Paul Henderson,, Mik
Pau l Henderson Mikhail
hail Guttentag,
Guttentag, Matthew
Matthew Mi Milano,
lano , Daniel
Daniel Read.
Read, Muira McCammo n, and
Mu ira McCammon,
Rebecca
Rebecca Crootof
Crootof and the YaleYate Information
lnformation Society
Society Project,
Project , as well as to co Inho
lnho Andrew Mun,, Jenna
Andrew Mun Jenna
Pavelec,
Pavelec , Richard
Richard Frolichstein.
Frolic hstein, Lauren
Lauren Hobby,
Hobby , and the
che intrepid editors of
intrepid editors Journal on Regu
the Yale Journal
ofthe lation .
Regulation.
667
Y ale Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
C. Privacy-Enhancing
C. Privacy-Enhancing Consumer Consumer TechnologiesTechnologies ...............................
............................. 694
V. “Information
"lnformation Fiduciaries"
Fiduciaries” and and “Sensitive
"Sensitive Data": Data” : Promises
Promises and
Limits
L ...............................................
im its.............................................................................................................
.... ............. .................................... 695
A. Two Approaches
Approaches to Consumer Consumer Protection Protection ....................................
.................................. 695695
Sensitive Data and Relational
B. Sensitive Relational Control: Novel Novel Protections
Protections
Conceptual Gaps.......................................................................
and Conceptual ......... ..................... .............. ..................... 696
C. lnformation
C. Information FiduciariesFiduciaries and Relational Relational Control: A
Theoretical
Theoretical Path To Improve lmprove Sale and Storage Practices Practices.........698
......... 698
VI. Doctrinal Recornmendations
Doctrinal Recommendations in Light Light o off Relational
Relational Control................700
Control. .............. 700
A. Congressional
Congressional Privacy Privacy ReformsReforms .....................................................
................................................. 701
B. Privacy Torts Reconsidered Reconsidered .............................................................
.............. .......................................... 702
C. Balkin and Ohm Frameworks
C. Frameworks as Ex Post Protections Protections ................
............... 705
D. Privacy
Privacy Opt-ins fo forr Data Sale Sale .........................................................706
.................................................... 706
Conclusion
C .................................................................................................
onclusion..........................................................................................................706 706
Introduction
lntroduction
lt has become
It become easy to purchase
purchase data on those those in one’s
one's social
social or
professional networks.
professional networks. For For example,
example, $23 can buy a person’s person's contact
contact
information and age,
information agc, organizational
organizational memberships,
mcmbcrships, links to social social media
media
1
accounts, business
accounts, bu iness interests,
interests, and known
known associates.1
associates. While
While at first glance
glance these
types may not appear
data types appear dangerous,
dangerous, consumer
consumcr privacy
privacy law offers
offers remarkably
remarkably
restrictions on what
few restrictions what data can be sold to consumers.
consumcrs. Where
Wherc profit
profit can be
1-.ad, a market
had, market is likcly
likely to follow,
follow, expanding the types
expanding typcs of data available
availablc and
creating new avenues
creating avenues for privacy
privacy abuse.
abuse.
***
* * *
l.
1. example, a premium search from eVerify’s
For example, cVerify's people search
scarch costs $19.95 after a
$2.95 charge for a five-day trial. e.g .. Report Summary,
tria!. See, e.g.. S11111111ary,
EVERIFY(last
EVERIFY (la~t visited May 5,5 , 2017),
2017).
hup: //www .everi fy .com/sclection .php?searchType=name&fi rstname= Theodorc&lastname=Rm,tow&sta
http://www.everify.com/selection.php?searchType=name&firstname=Theodore&lastname=Rostow&sta
te=CT. This Note
te=CT. ote does
<loes not endorse this (or any other)
othcr) service
servicc as an effective
cffective way to purchase
purchase consumer
consumer
da :a.
data.
668
668
A New
New Privacy
Privacy Harm
Harm
Consumers’ access
Consumers' access to the private prívate online
online activity
activity of their pcers may seem
their peers
far-fetched, but it is an increasingly
far-fetcbed, increasingly comrnoncommon problem.
problem. In India,, for example,
ln India example,
consumers can
consumers can buy a person
person’s purchase history
's purchase from websites
history from websites like eBay eBay and
Amazon." In China,
Amazon.2 China, joumalists
journalists have have reported
reported buying
buying individuals’
individuals' GPS data, data ,
bank balances,
bank balances, hotel and room information
hotel and information (with
(with screenshots
screenshots of the room),
room), and
3
internet activity
internet activity for roughly
roughly 700 yuan, yuan, or $101 While there are no
USD.' While
$1 O1 USD.
reports of
reports of these data types
these data types being available for purchase
being available purchase in the United
United States,
States, the
U.S. economy
U.S. economy includes
includes thousands
thousands of of data brokers—companies
brokers - companies “whose primary
"whose primary
business
business is collecting personal information
collecting personal information about
about consumers
consumcrs from a varietyvariety of
sources
sources and aggregating,
aggregating, analyzing,
analyzing, and sharing sharing that information,
information, or
4
information
information derived
derived fromfrom it”2
it" 3
4-t
56— that sell personal
hat sel! personal data to a diverse array of
diverse array
actors.
actors.
2014, the Federal
In 2014, Federal Trade
Trade Commission
Commission (FTC)(FTC) published
published a study
study of the
commercial practices
commercial practices of of nine data data brokers
brokers documenting
documenting the breadth
breadth of theirtheir
data collection.
data collection. Acxiom,
Acxiom, one of of the largest
largest data brokers,
brokers , acknowledges
acknowledges that it
6
average of
has an average of over
over 3000
3000 data segments"5 on every
data segments every U.S. consumer/’
consumer.
Datalogix,, a broker
Datalogix broker that provides
provides data data to businesses spending of nearly
businesses on the spending nearly
every U.S. household,
every U.S. household, has collected
collected data on more than one trillion trillion dollars
dollars in
7
consumer spending.
consumer spending.7 8In the aftermath
aftermath of of the FTC
FTC report,
report, several
severa! journalists
journalists
have explored this
have explored this self-regulated industry, 8 finding
self-regulated industry,*' finding it expansive profitable. 9
expansive and profitable.1
669
669
Y ale Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
670
670
A New Privacy Harm
15
to devote considerable encrgy
energy to idcntifying
identifying (or dismissing)) 15 the harms that a
(or dismissing
16
violation of privacy can cause.
cause.1'’
17
17
Scholars have mapped privacy harms that flow from the collection,
aggregation
aggregat1on, 1suse
. , 18 19and
use,, 14 .
d.1ssemmation
and dissemination . 20 f
20 of
d. . ¡ . e
1g1ta mtonnat10n.
o digital · 21 Th
information/ 1 These b arms
ese harms
671
671
Journal on Regulation
Yale Journal Regulation Vol. 34, 2017
22 22
range from less tangible—
range""’ tangible-including
including ill easecase or anxiety
anxiety at the prospect
prospcct of
being constantly monitored 23 (which
constantly monitored23 (which can also lead sel f-censorship 24),
lcad to self-censorship24),
consumer manipulation
consumer manipulation companies, 25 and voter
by companies,25 votcr manipulation
manipulation by
26 27
campaigns -toto more tangible
campaigns20— tangible harms,
harms , such
sucb as blackmail27
blackmail stalking. 28
and stalking.2*
Idcntified harms also manifest
Identified harms manifest in social sorting discrimination, 29 an
sorting and discrimination,29
30 31
incrcascd vulnerability
increased vulncrability to cyber attacks,30 and identity
cyber attacks, idcntity theft.3
theft. 1
Scholarship that has analyzed
Scholarship analyzed the
thc privacy
privacy implications
implications of the data broker broker
industry discuss
industry discuss harms
harms parallel
parallel to those that Daniel
Daniel Solove
Solove and others
othcrs have
previously identified.
previously identified. David Vladeck’s
Vladeck's analysis
analysis of the broker broker industry
industry
highligbts three
highlights thrcc privacy
privacy harms—
harms-identity
identity theft
thcft (the most urgent),
urgent), data breaches,
breache ,
and the
thc unrestrained
unrestrained collection
collcction of sensitive,
scnsitivc, personal data. 32 Rebecca
personal data.32 Lipman’s
Rebccca Lipman's
work underscores
work underscores both how data brokers brokers provide
provide capacity
capacity for third parties
parties to
delivcr targeted
deliver advertising, 33 as well as how these
targetcd advertising,33 thesc datasets
datascts can facilitate
facilitate
34
harmful social sorting.'4
harmful social sorting. Amy Amy Schmitz
Schmitz argues
argues that data sales can encouragecncourage
22. See M. Ryan Cato. Calo. The Boundaries ooff Privacy Harm. 1/arm. 86 IND.IND. L. J. 11311131 (2011)
(describing the boundaries
(describing boundaries of “objective”
"objcctive .. harms—involving
harms-involving financial,
financia!, dignitary,
dignitary, or other
othe r tangible
tangible loss—
loss-
.md “subjective”
and "subjective" harms—involving
harms - involving psychological
psychological ill-ease or distress).
distress).
23 .
23. e.g ., Solove,
See, e.g., Solove, supra note 16, at 493 (“fDjirect
("fDjirect awareness
awareness of surveillance
surveillance [can]
fcan]
:11ake
make a person feel fecl extremely
extremely uncomfortable
uncomfortable ...... . "); see alsoa/so Tatiana
Tatiana Siegel.
Siegel , Sony Hack 1/ack Fallow:
Fa/10111:
Exernlives Now "Afraid"
Executives "A/raid" To To Send Emails, Emails, HOLLYWOOD
HOLLYWOOD RREP. ep . (Dec.
(Dec. 17. 17, 2014),
http:// www.hol lywoodreporter .com/news/son y-hack-fal lout-executivcs-afraid- 7 58506.
http://www.hollywoodreporter.com/news/sony-hack-fallout-executives-afraid-758506.
24. See, e.g., Cohen,
Cohen. supra note 17, at 1426 (“[P]ervasive
("'[P]ervas ive monitoring
monitoring of every first
move or false start will, will, at
al the margin,
margin, incline choices
choices toward the bland and the mainstream.”);
mainstream."); Shwartz.
Shwaitz ,
supra note 17, 17. at 1656 (arguing
(arguing that the internet’s
internet's constant
constant surveillance
surveillancc of the "naked "naked thought’s
thought's digital
expression short-circuits
expression short-circuits the individual’s
individual 's own process of decisionmaking”).
decisionmaking").
25. See. ee.g
See, g .,.. sources
sources cited in supra note 12; 12; Andrew Hasty, Hasty. Note, Treating Consumer
Note , Trealing Co11s11111er
Da1a Like OH:
Data Oil: HowHoll' Re-framing Digital Digi1al Interactions
!11teractio11s Might Bolster the the Federal Trade Commission’s
Commission 's
New Privacy Framework, 67 FED. COMM. COMM.L.J.L.J. 293, 300 (2015).
300(2015).
26. See, ee.g.,
g ., Bruce Schneier, Candida1es Won’t
Schneicr, Candidates Wan't Hesitate
ll esitcue To Use Use Manipulative
Ma11ip11/a1ive
Advertising To Score Votes,
Votes, GUARDIAN
GUARDIAN (Feb. 4, 2016, 6:45 AM),
AM).
http://www.theguard ian .com/commentisfree/2O l 6/feb/O4/presidenti al-elect ion-voter-data-mani pulati ve-
http://www.theguardian.com/commentisfree/2016/feb/04/presidential-election-voter-data-manipulative-
ad vertisi ng-pri vacy.
advertising-privacy.
27. Balkin, supra note 19, at 1187-94 (describing
See, e.g., Balkin, (describing Uber’s
Uber"s attempt
attempt to find
embarrassing information
embarrassing infonnation on a reporter rcporter to dissuade
dissuade her from continuing
continuing to write negativenegative stories about
compa.ny); Segall,
the company); Segall. supra note 20.
28. See, ee.g.,
See. Rcmsburg v. Docusearch,
g .. Remsburg Docusearch, Inc.,
lnc., 816 A.2d 1001 1001 (N.H. 2003) (describing
(N .H. 2003) (clescribing a
New Hampshire
Hampshire resident’s
resident's purchase
purchase of an acquaintance’s
acquaintance's personal information
information from an information
information
broker in order to stalk and ultimately
broker ultimately murder
murder her).
29. See, ee.g., Frederik Zuiderveen
g ., Frederik Zuiderveen Borgesius
Borgesius et al„ Open Data,
al., Open Daw, Privacy,
Pri1•acy. and FairFair
Infor111lltio11
Information Principies: To11•ard.1·
Principles: Bala11ci11g
Towards a Balancing Framewor/.., 30 BERKELEY
Framework, BERKELEYTECH. TECII. L.J. 2073,
2073, 2091-93
(describing the
(2015) (describing thc privacy
privacy interest
intcrest in avoiding
avoiding social
soc ial sorting,
sorting, which involves
involves “obtain[ing]
"obtain[ing] personal
a,d group data in order
and order to classify
classify people and populations
popularions according
according to varying varying criteria”
criteria"' and
discrimination); Margaret
discrimination); Margaret Hu, Big Data Blacklisting,
Blacklis1i11g.67 FFLA.
la . L. R ev . 1735
REY. (2015).
1735(2015).
30. Alexander Tsesis,
Alexander Tsesis, The Right to Erasure: Privacy,
Pril'acy, Data Brokers,
Brokers. and the Indefinite
/11defi11ite
Re1entio11ooff Data, 49 WAKE
Retention WAKE FORESTFORESTL. R REY. 433. 454-59
ev . 433, 454-59 (2014) (describing
(describing how the prominence
prominence of
delta sale and bulk data brokers
data brokers exacerbates
exacerba.tes data vulnerability).
vulnerability).
331.
1. Daniel J.J . Solove, ldentity Thei,
Sol ove, Identity Privllcy, and the
Theft, Privacy, tite Architecture
Architeclure ooff Vulnerability,
Vulnerability, 54
f-lASTINGS
H astings L L.J.
.J. 121227,
2 7 ,1229
1229 (2003).
(2003).
32. Vladeck, supra note 12, at 501-12.
Vladeck, 501-12.
33. Cf. Slade Bond, Bond , Doctor Zuckerberg: Or, Or, How
11011·I Learned
Leamed To Stop Worrying Worrying and
Lv1•eBehavioral
Love Behuvioral Advertising,
Ad\'enising. 20KAN.J.L.
20 KAN. J.L. & & PUB.POL’Y
PUB. PoL·Y 129 (2010).
129(2010).
34. Lipman.s11prn
Lipman, supra note 12, 12,at781-82.
at 781-82.
672
672
New Privacy
A New Privacy Harm
Harm
discrimination
discrimination and reinforce preexisting power
reinforce preexisting power imbalances through the secret
imbalances through
35
scoring segmenting of consumers
scoring and segmenting consumers’' economic
economic value However,, these
value.. ' 5 However
important concerns
irnportant concems do not contemplate
contemplate distinct, harms that may stem from
distinct , new harms
information.
the sale of digital information.
This Note
Note adds to the scholarship
scholarship on data sales by arguing arguing that the
creation of a mark
creation market individuals to buy data on their peers enables
et for individuals enables a new
privacy
privacy harm: “relational control.” Relational
"relational control." Relational control occms when
control occurs individuals
when individuals
acquire
acquire the private
prívate data of those in their their social or professional networks. When
professional networks. When
data brokers
brokcrs sell consumer individuals, they allow
consumer data to individuals, buyers to learn about
allow buyers
the behavior
behavior and motivations
motivations of those whose whose data they purchase. insights
These insights
purchase . These
allow the buyers to influenceinfluence the decisions around them,
thosc around
decisions of those leading to
them , leading
potential harms unrecognized
potential unrecognized by privacy
privacy scholarship date .
scholarship to date.
This Note
Note proceeds
proceeds in six parts. Part I surveyssurveys the data broker industry and
broker industry
the market
markct for data that is sold to individuals.individuals. Part II reviews existing U.S.
reviews existing
commercial
commercial privacy explores how the law fails to protect
privacy law and explores consumers
protect consumers
from or provide
provide remedies
remedies for most rclational
relational control harms . Part
control harms. IU elaborates
Part III elaborates
on the theoretical
theorctical premises
premises of the relational outlines why this
control harm and outlines
relational control
threat is likely
likely to grow.
Part IV assesses
asse sses the interventions
intervention s that scholars technologi sts have
scholars and technologists
offered
offered to combat commercial
combat commercial privacy
privacy threats
threats and explains
explains why these reforms
reforms
fail to remedy
remedy consumer
consumer exposure
exposure to relational explains why
control. Part V explains
relational control.
two recent
rccent frameworks—Paul
frameworks - Paul Ohm’s Ohm ' s “sensitive
"sensitive data” theory and Jack Balkin's
data " theory Balkin’s
“information fiduciaries” theory—offer
" information fiduciaries" theory - offer possible
possible paths to reduce likelihood
reduce the likelihood
of relational
relational control,
control , although
although neither
neither is designed
designed to prevent relational control
prevent a relational control
harm.
hann .
Finally,, Part VI proposes
Finally proposes a number
number of doctrinal shifts in existing
doctrinal shifts existing privacy
privacy
law that may reduce reduce consumer
consumer exposure
exposure to relational
relational control.
control. Congress
Congress and
legislatures could also move to protect
state legislatures protect certain information as
certain types of information
sensitive and impose
sensitive impose heightened
heightened diligence
diligence and consent standards (or
consent standards (oranan ouh·ight
outright
ban) on transactions
transactions involving
involving these
thesc types of information.
infonnation. Common
Common law courts
could also expand
expand tort law to allow allow consumers
consumers harmed
hanned by relational control to
relational control
sue where
where information
information was wrongly wrongly used or sold. However, However, none of these
proposals
proposals is a panacea,
panacea , and,
and , further,
further , each could prove economically
economically disruptive.
disruptive.
Though there are
Though arc a number
number of ways to reduce reduce consumer
consumer exposure,
exposure , the problem
of relational
relational control
control is not easily
easily sol
solved.
ved.
This Part
Part introduces
introduces what is currently
currently known broker
about the data broker
known about
industry
industry and the sale of consumer
consurner information
information to individuals.
individuals.
673
Journal on Regulation
Yale Journal Regulation Vol. 34, 2017
A. An Expansive
Expansive U.S. Broker Industry’
Brok er lndustr y
36. Boutin,
Boutin, supra note 8.
37. Kroft, s11pranote 8 (“What
Kroft, supra ('"What most of you don't don 't know,
know, or are just just beginning
beginning to
realize, is that
realize, that a much greater
greater and more immediate
immediate threat
thrcat to your privacy privacy is i coming
coming from
frorn thousands
thousands of of
cornpanies you've
companies probably never
you've probably never heard
heard of, in the name
namc of commerce.").
cornmerce.").
38. Vladcck, supra
Vladeck, supra note 12, at al 498 ("Make
("Make no mistake, mistakc, there
thcrc is little question
qucstion that the thc
major data
major data brokers
brokcrs know
know more about about each
each ofof us than,
than, say,
say. for example,
example. the National
Nacional Security
Sccurity Agency,
Agency,
Interna) Revenue
the Internal Rcvenuc Service, Social Security
Service, the Social Security Administration,
Administration. or any other other government
government institution”).
institution:').
39.
39. See U.S. G Gov'T ACC0U TABILITY OFFICE,
ov ’t ACCOUNTABILITY OFFICE. GAO-13-663,
GAO-13-663, INFORMATION
INFORMATION
RESELLERS C
RESELLERS CONSUMER
onsumer P PRIVACY
rivacy F FRAMEW0RK
ramework N NEEDS
eeds to TO R eflect C
REFLECT CIIANGES
hanges in IN T
TECIIN0LOGY
echnology and AND
nE MARKETPLACE
THE MARKETPLACE33-4(2013) fhereinafter
-4 (2 0 1 3 ) [h GAO Information
erein after GAO lnformarionResellersResellers]. j.
40. See FTC Data Dara Brokers,
Brokers, supra
s11pranote 4, at 11-13. 1 1- 13.
41. See id. at 13-14.
13-14.
42. See id. at 13-14.
Seeid.atl3-14.
43. See id. atat 14.
44. See. e.g., Boutin,
See, Boutin, supra
supra note
note 88 ('"As
(“As shadyshady as as itit might
might sound,
sound, the
the entirc
entire industry
industry is is
completely
completely legal.”).
legal."').
45.
45. See, e.g., Neal
See, Nea) Ungerleider,
Ungcrleider, Yes,Ye.1. Political
Polirical Campaigns
Campaigns FollowFolloiv Your
Your Browser
Browser
/-lisrory,FFASTCOMPANY
History, a STCompany (N (Nov. 20 13, 9:30
ov. 5, 2013, 9:30 AM).
AM), http://www.fastcompany.com/302I092/yes-political-
http://www.fastcornpany.corn/3021092/yes-political-
campaigns-follow-your-browser-history
campaigns-follow-your-browser-history ("There are few
("There few lawslaws preventing
preventing marketing
marketing firms
firrns working
working on
election carnpaigns (or,
election campaigns (or, for that matter, selling laundry)
mattcr, selling laundry) ...... . . ”).
").
46.
46. See, e.g.,
See, e.!/,, James
James Temperton,
Temperton. AVG AVG CanCan Sell Sel/ Your
Your Browsing
Browsing and SearchSearch History
1/isrory toro
Adverrisers. WIRED
Advertisers, WiRED (Sept.
(Sept. 18,2015),
18, 2015),http://www.wire d .co.uk/art iclc/avg-privacy-po licy-browser-search-
http://www.wired.co.uk/article/avg-privacy-policy-browser-search-
("While AVG
data (“While A VG has not utilised models to date,
utilised data models date, we may, in the future, future, provided
provided that it is
anonymous, non-personal
anonymous, non-personal data, data, and we are confident
confidenl that
1hat our users uscrs have sufficient
sufficicnl information
informati on and
control to make
control rnakc an informed
informed choice.”).
choice.").
A New
New Privacy Harm
Privacy Harm
47.
47 . See ee.g.,
.g ., Lois
Lo is Beckett,
Beckett , How
f-low Microsoft and Yahoo Are Poli1icia11s Access
Ar e Selling Politicians Access to10
You, PPRO PUBLICA(June
r o PUBLICA (Jun e 11, 2011, 20 11, 11:45
11:45 AAM), http://www .propubli ca .org/a rticle/how-microsoft-a nd-
M), http://www.propublica.org/article/how-microsoft-and-
yahoo-are-selling-politicians-access-to-you
ya hoo- are-se llin g-pol iticians-access- to-yo u (("'fT]he“ [T]he credit reporting giant Experian pe rform s a ·ct
performs o uble-
‘double-
blind’ betweenn Mi
blind' match betwee Microsoft's
crosof t's data and camp campaigns’ data.. Yahoo uses another mass
aig ns' data massive comp any ,
ive data company,
Acxiom.
Acx iom . Both Experian and Acxiom Acx iom also offer similar matching for comm commercial c lients who want to
ercial clients
find previous
prcv ious customers online.”). onlin e ."). The use of double-blind
doubl e- blind or other
oth er anonymization
anon ymization features is
particularly susceptible
susce ptible to de-anonymization,
de- anonymization, even by a “regular" nsumer. See infra Part TTI
consumer.
"regular" co III..
48. See FTC Dala Data Brokers,supra
Brokers,s upra note 4, at 23.
49. Id. at 34.
50..
50 td. (emphasis
Id . (emph added)..
as is added)
51.
5 1. Id. Sorne
Some brokers
broker s offer limited
limit ed versions of of their people search produ cts to
sea rch products
consumers
con sumers for free A spokesperson
spokes person for the people peo ple search broker Whit epagcs claimed
broker Whitepages sea rch
claim ed that its free search
service received
rece ived 55 million
milli on unique
uniqu e visitors every month.month . See Kaveh f-low Family
Wadd ell , How
Kave h Waddell. TreeNow
FamilyTreeNow
Makes
Makes Stalking
Sralking Easy, ATLANTIC
ATLANTIC (Jan. 17, 201 7),
2017),
http://www.theatlantic.com/technology/archive/2017/01/the-webs-many-search-engines-for-your-
http ://w ww.theatlantic .co m/technology/a rch ive/20 17/O1/t he-we bs-many-se arch-engines-fo r-yo ur-
personal-information/513.323
persona l-inform ation/5 I 3323 (“With volu me of visitors, we do our
("With that volume our best to make sure we’re onlyy
we ' re onl
offering
offe ring up landline telephone
landlin e te lcphone numb numbers addr esses" to users who don
ers and addresses” ' t pay for fits
don't [its $30 a month
“Premium”
"Premium " service].
servicel .... . ..”)
")
52. See Julie
Juli e Angwin,
Angw in , Privacy
Pri vacy Tools:
Too ls: Opting
Op1i11g Out from Broke rs (Jan.
f rom Data Brokers 30 , 2014
(Jan . 30. 2014), ),
http://juliaangwin .com/ pri vacy- 1001s-o pti ng-out -from-data-brok e rs.
http ://ju Iiaang win .com/privacy-tools-opting-out-from-data-brokers.
53. See Cynthia
Cy nthi a Alice
Al ice Andrews, Breaking
Andr ews, Breaki ng It Dow11: The Dara
lt Down: Data On Data Brokers,Broke rs, FFUPl ip
d ia (Feb. 09, 2015
M eEDIA 2015), http ://flipthemedi a .com/2015 /02/breakin g-data-data-brok ers.
), http://flipthemedia.com/2015/02/breaking-data-data-brokers.
675
Yale Journal
Joumal on Regulation
Regulation Vol. 34, 2017
records. 54 And,
exists in public records.54 And , as noted, brokers in other countries
countries have begun
individuals consumer
to sell individuals consumer data that originates
originates from, among
among others,
others ,
proprietary 55
sources
proprietary sources in the United
United States like eBay and Amazon.
Amazon.55
U.S . Commercial
II. Gaps in U.S. Commercial Privacy
Privacy Law
U.S. commercial
commercial privacy
privacy protections
protections are derived
derived from distinct,
distinct ,
intersecting authorities
intersecting authorities—- including
including federal and state statutory
statutory law, tort law,
ageney regulations, promulgated
agency regulations, promulgated industry
industry best practices,
practices, and private
prívate contractual
contractual
agreements. This Part surveys
agreements. surveys how these authorities
authorities provide few
fcw checks on the
sale of consumer
consumer data.
The United
United States has adopted patchwork , sectoral approach
adopted a patchwork, approach to federal
56
privacy law in the commercial
privacy commercial sphere.56
sphere. The Thc Telecommunications
Telecommunications Act bars
disclosing , or permitting
ISPs from using, disclosing, pcrmitting access to “individually
"individually identifiable
identifíable
::ustomer proprietary
customer proprietary network
network information”
information" for purposes
purposes outside
outside of the
:,rovision
provision of thc telecommunications services from which
the telecommunications services which thethc information
information is
derivcd .57
derived.57
Bcyond ISPs , the Fair Credit
Beyond ISPs, Credit Reporting
Reporting Act (FCRA)
(FCRA) imposes
imposes an array of
obligations on consumer
obligations consumer reporting
reporting agencies
agencies and offers protections
protcctions for personal
58
credit information.
credit information.''5 For example,
example, the FCRA grants individuals
individuals the right to
request a copy of their
request their credit
credit report, limits the purposes
purposes for whichwhich a credit
report
report can be uscd ,59 and obligates
used,5* obligates agencies
agencies to correct information. 60
correct errant information.60
The Health
Health lnformation
Information Portability
Portability and Accountability
Accountability Act (HIPAA)(HIPAA)
governs how
governs doctors and medical
how doctors medica! services
services must
mu t protect the data of their
61
patients. HJPAA
patients.6' HIPAA mandated
mandated that the Secretary
Secreta1y of Health and Human Services Services
(HHS) promulgate
(HHS) promulgate rules for certain
certain health information
infonnation controlled
controlled by providers,
providers ,
676
676
A New
New Privacy
Privacy Harm
Harm
62
health care plans,
hcalth plans, and clearinghouses.'1
clearinghouses. ' The HHS privacy privacy rule aims aims to
safeguard ali
safeguard all “protected health information”—
"protected health individually identifiable
information "- individually identifiable
information,
infonnation, including demographic data,
including demographic data , and information rclating to a
information relating
patient’s
patient 's medical
medica! background
background and care—that
care-that these thesc entities privacy
entities hold. The privacy
rule establishes
rule establishes a set of national
national standards
standards for protecting
protecting patient
patient information
information, ,
63
including setting
including setting standards
standards for sufficiently
sufficiently dc-identified data. 3
de-identified data.'1
The Gramm-Leach-Bliley
Thc Gramm-Leach-Bliley Act (GBLA) (GBLA) and the Family Educational Rights
Family Educational Rights
and Privacy
Privacy Act (FERPA) (FERP A) regulate
regula te the financial
financia[ and education services,
education services,
64
respectively.
respectively. FERPA FERPA bars disclosure
disclosure of students’ cducational rccords.
students' educational records.1'4 The
GLBA requires that covered
GLBA rcquires financial services
covered financia! entities give notice
services entities notice of their
privacy practices,
privacy secure custorner
practices , securc customer records
records,, and provide right for consumers
provide a right consumers
65
to opt out of of data sharing with third parties.65
sharing with parties.
A particularly important piece of legislation
particularly important legislation to this Note’s
tbis Note inquiry is the
's inquiry
66
Stored Communications
Stored Communications Act (SCA),66
(SCA), passed
passed by Congress
Congress as of the
part of
67
Electronic Communications
Electronic Communications PrivacyPrivacy Act of of 1986 (ECPA).67
(ECPA). The SCA prohibits
prohibits
electronic communications
electronic communications providers disclosing digital
providers from disclosing digital communications
communications
nongovernmental entities
to nongovernmental entities without
without the consent
consent of the message’s originator or
message 's originator
•· ·
■ . 668
8
recipient.
rec1p1ent.
However, the
However, adequacy of existing
tbe adequacy federal statutory
existing federal statutory protections should not
protections should
69
be overstated
overstated and many scholars scholars have questioned
questioned their efficacy.
fundamental efficacy.69
their fundamental
A common
common critiquecritique is that these statutcs
statutes protect
protect particular channels of
particular channels of data
flow,
flow , rather
rather than certain
certain data types or data that tbat may be relevant
relevant to certain
certain
recognized private
recognized private interests.70
7
interests. For °
For example, Rebecca Lipman
example, Rcbecca Lipman describes
describes how
HIPAA does not apply
HIPAA apply to health data that is generated generated by FitBits, Google
FitBits, Google
Searches, Apple
Searches, Apple Watches , Watches, or other devices
other dcvices that comprise
comprise the Internet
Internet of
71
Things.71 Similarly, FERPA A does not impose
impose rules commercial
rules on the data that commercial
Things. Similarly, FERP
studying
studying applications
applications collect,
collect, which
which allows
allows companies
companies to make make “consequential
"co nsequential
677
677
Y ale Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
72
inferences" about
inferences” about “a "a child’s
child's intelligence
intelligence or interests.”72
intercsts." Paul Ohm notes notes how
GLBA only applies
the GLBA applies to a narrow
narrow subset
subset of of entities
entities that arc are defincd by the
defined
73
statute
statute as "financia! institution[s]." 7 Congress
“financial institution[s].”7 Congress has also relaxed relaxed certain
certain
restrictions that would
restrictions would otherwise
otherwise protect
protect certain
certain types of digitaldigital data. Ohm
notes how the Video Video Privacy Protection Act (VPPA),
Privacy Protection (VPPA), passed
passed by Congress
Congress after
after
a reporter publicized Judge
reporter publicized Judge Robert
Robert Bork's
Bork’s video
video rental
renta) records
records during
during his
Supreme Court
Supreme Court confirmation
confirmation hearings,
hearings, was amended
amended so as not to apply apply to
online video streaming after
online video streaming after Netflix
Netflix waged
waged a lengthy
lengthy campaign
campaign to relax
· 74
protect1ons.
protections.74
general rule, statutes
As a general statutes do not prevent
prevent brokers
brokers from buyingbuying and selling
selling
an enormous
enormous amountamount of of information,
infonnation, digitally
digitally produced
produced by consumers,
consumers, relating
rclating
their health
to their health and physiology,
physiology , cognitive
cognitive abilities,
abilities, interests,
interests, purchases,
purchases , wealth,
wealth,
compulsions, and social networks.
compulsions, networks. Two noteworthy
notcworthy exceptions
exceptions to this trend are
75
(flawed ) SCA and (far stronger)
the (flawed75) stronger) Children’s
Children 's Online Privacy Act
Online Privacy
76
(COPPA) . Despite
(COPPA).7'' dcscribing an outdated
Despite describing outdated technical
technical reality,
reality, courts
courts have
:ntcrpreted
interpreted the thc SCA to protect certain
protect certain digital
digital communications
communications that tbat many
many
77
applications cannot
applications cannot sell
se ll to third parties.'7
parties. The SCA, however, however, does not extend extend
social media
to social media posting
posting or comments,
commcnts, and its language—passed
languagc - passed in 1986 as part
Electronic Communications
of the Electronic Communications Privacy Act—no longer
Privacy Act-no longer coheres
coheres in today’s
today 's
technological environment. 785 In contrast,
technological environment. contrast, COPPA
COPPA provides
provides robust
robust protection
protection of
the privacy
privacy of minors.minors. Ohm notes note s how COPPACOPPA “applies
"a pplies broadly
broadly to any
'operators of
‘operators of websites
websites and onlineonline services,’
services,' without
without further limitation," 79 and
further limitation,”79
the FTC has made made clear
clear that this definition
definition expands
expands as technology
technology changes
changes to
c:over mobile
mobile apps, browser 80
cover browser plug ins, and third-party
third-party networks.80
networks. These Tbese narrow
narrow
cxccptions notwithstanding,
exceptions notwithstanding, CongressCongrcss has passed passcd no statutestatutc that imposes
imposes
checks on, or regulation
checks regulation of, data brokerbroker activity.
activity.
State legislation
State Iegislation similarly
similarly provides
provides few checks checks on broker broker activity.
act1v1ty.
California has moved
California moved to expandexpand privacy
privacy protections
protections more than any other other state,
but its regulations generally do not reach
regulations generally reach data brokers.
brokers. California
California has passedpassed
legislation that (1)
legislation ( J) expands
expands the SCA to prohibit prohibit employers
employers from looking looking at the
72. Id.
73. Ohm,Ohm.suprasupra note 16, at 1190 n.362.
16,at
74. Id. at 1140. 1140.
75. See Orin S. Kerr, Kerr. A User's GuideCuide to the Stored Communications
Commw1icatio11sAct,
Act. and a
Lcgislator's Guide
Legislator's Cuide to Amending
A111e11di11g I! , 72 GEO.
It, WASII. L. R
GEO. WASH. ev . 1208 (2004);
REY. (2004): see also
a/so Matter
Matter of Warrant
Warrant To
Search a Certain
Certain E-Mail Account
Account Controlled
Controlled and Maintained
Maintained by Microsoft
Microsoft Corporation,
Corporation, 829 F.3d
F.3d 197
(2j Cir.
(2d Cir.2016)
2016) (Lynch, J .. concurring)
(Lynch, J.. concurring) (pointing
(pointing to Ken’s
Kerr"s critiques
critiques from more than twelve
twelve years prior as
evidence of pressing need for Congress
evidence Congress to revisit
rcvisit the statute).
statutc).
76. See Child
Child Online Privacy Protection
Protection Act of 1998, 1998. Pub. L. No. 105-277.
IOS-277. 112 Stat
Stat.
2681-728, IS U.S.C. §§ 6501-06.
2681-728,15 6501-06.
77. See, e.g.,
e.g., Crispin
Crispin v. Christian
Christian Audigier,
Audigier. Inc.,
lnc ., 717 F. Supp. 2d 965 (2010).
78. See 18 18 U.S.C.
U .S.C. § 2702 (2012) (distinguishing
(distinguishing entities
cntities that provide “electronic
"elcctronic
co11munications services”
communications scrvices" (ECS) and “remote·'remote communications
communications services”
scrvices·· (RCS));
(RCS)); Ken,
Kerr , supra note 75;
inJi·aPart VI.
infra
79. Ohm,Ohm,ssupraupranote
note 16, at 1192
16.at (quoting COPPA).
1192(quotingCOPPA).
80. 16 C.F.R. pt. 312.
16C.F.R.pt.312.
678
A New Privacy Harm
Ncw Privacy Harm
Absent statutes
Abscnt statutes,, courts
courts provide
provide little protection from
little protection from possible abuses that
possible abuses
may
may arise from the commoditization
arise from commoditization of of data. For the past
data. For fifty years,
past fifty years , courts
courts
have recognized
have recognized four four privacy
privacy torts:
torts: intrusion,
intrusion, public
public disclosure
disclosurc ofof private facts,,
prívate facts
85
false light,
false and appropriation.8'
light , and appropriation . Of Of the fourfour,, relational
relational control
control most directly
most directly
implicates
implicates the intrusion
intrusion tort,tort , as a purcha
purchaser attempts to gain acce
ser attempts access prívate
ss to private
information
information by purchasing
purchasing another’s data. The
another's data. The Sccond
Second Restatement
Restatement of Torts
Torts
defines
defines the intrusion
intrusion tort as: “One " One who intentionally intrudes
who intentionally physically or
intrudes,, physically
otherwise,
otherwis e, uponupon the solitude
solitude or seclusion
seclusion of another or his private
of another affairs or
prívate affairs
concerns,, is subject
concerns subject to liability
liability to the otherother forfor invasion
inva sion of privacy , if
of his privacy, if the
86
intrusion
intrusion would
would be hig highly offensivee to a reasonable
hly ojf'ensiv reasonable person.”86
pcrson."
In addition
1□ addition to showing
showing that data transaction
that a data constitutes an intrusion
transaction constitutes intrusion upon
upon
one’s
one ' s seclusion
seclusion (or(or satisfies
satisfies a statutory
statutory hook, like the FCRA),
hook, like FCRA), a plaintiff must
plaintiff must
also demonstrate
also demonstrate that that the harm
harm satisfies
satisfies Article
Article IlJ III standing
standing requirements.
requirements. To
show standing
show standing,, a plaintiff
plaintiff must
must demonstrate
demonstrate (1) ( 1) an injury-in-fact
injury-in -fact that is concrete
concrete
679
679
Yale Journal
Journal on Regulation
Regulation Vol. 34, 2017
Vol.34,2017
C. Agency
C. Agency Regulation ooff Data Transactions
Transactions
In contrast
contrast to the statutory
statutory and judicial
judicial remedies,
remedies, federal agencies
agencies have
proved
proved more responsive
responsive to digital privacy
digital privacy concerns.
concerns. Of recent
recent significance
significance is
:be (now
:he repealed/ 5 2016
(now repealed)b 2016 action
action by the Federal
Federal Communications
Communications Commission
Commission
680
New Privacy
A New Privacy Harm
Harm
(FCC)
(FCC) to require ISPs to disclose
rcquire ISPs disclose the types of information they collcct
of information collect and gain
96
consumer consent
consumer consent to selsellI their
their data.
data.96 Had gone into effect,
Had it gone privacy rule
effect, the privacy
would have required
would have ISPs to disclose
required ISPs disclose the types
types of information collect,
information that they collect,
97
the purposes
purposes for which
which the data are used, used, and whatwhat information
information they share. 7
they share.9
98
Beyond
Beyond the purview
purview of of ISP regulation,98
regulation, the FTC
FTC has been leading
been the leading
advocate consumer privacy,
advocate for consumer privacy, issuing
issuing overover 170 privacy complaints against
privacy complaints against
99
companies for
cornpanies for privacy
privacy violations.99
violations. The FTC FTC derives
derives its authority from Section
authority frorn Section
5 of
of the
thc Federal
Federal Trade
Tradc Commission
Commission Act Act to prohibit
prohibit “unfair dcceptive acts or
"unfair or deceptive
practices.” 1
ºº
practices." 101' Under
Under this authority,
authority, the FTC targets an array
FTC targets array of commercial
of commercial
privacy practices. For
privacy practices. For example,example, the FTC
FTC entered
entered into a consent
consent decree
decree with
Snapchat after
Snapchat after the agency
agency learned
learned that the company company stored messages
stored messages on its
101
servers,
servers, despite
despite its claims
clairns that those
those messages
rnessages would disappear.'01 As part of
would disappear.
the consent
consent decree,
decree , Snapchat
Snapchat agreed
agreed to submit
submit to twentytwenty years
years of monitoring to
of monitoring
102
ensure it did not deceive
ensure deceive customers.
customers. "L The FTC has entered similar
entered into similar
consent
consent decrees
decrees with
with Facebook,
Facebook, when
when in its early
early days the
tbe company
company did not
103
adhere
adhere to its own own privacy
privacy policies,1 apps
policies, 03 as well as other apps whose privacy
other whose privacy
policies
policics are deceptive opposed to merely
deceptive (as opposed merely vague lawyerly , as is the
vague and lawyerly,
, 104
104
norm).
nonn).
The FTCFTC has also, on occasion,
occasion, moved against data brokers.
moved against 2006, a
brokers. In 2006,
data broker
data broker was
was ordered
ordered to pay civil penalties
penalties after
after the FTC
FTC alleged
alleged that it
681
Yale
Yale Journal
Journal on Regulation
Regulation Vol. 34, 2017
Contractual Restrictions
D. Contractual Restrictions on the Sale ooff Digital Information
Digital Information
III
III.. The Threat
Threat of Relational Control
ofRelational Control
682
682
New Privacy
A New Privacy Harm
Harm
Information drives
Information human society.
driv es human society. The need for information information is why
112
intelligence gathering
intelligence gathering is an essential
essential tool
too! of statecraft.11-
statecraft. Even
Even outside of the
national security realm,
national security realm , however,
however , all
ali human actions are influenced
human actions influenced by a wide
array of factors
factors and variables,
variables, many of of which
which are arc indiscernible
indiscernible to both the
113
decision
deci maker and observer.11’
sion maker observer. Nevertheless,
Neverthel ess, the individual ca
tbe more an individual cann
access
access relevant
relevant data,
data , the more easily
easily that individual actions of
predict the actions
individual can predict
another
another person or group.
Not ali
Not all information
inforn1ation is useful.
useful. A link to a person’s Facebook page or public
person 's Facebook
Twitter profile
Twitter profile may not prov provide
ide hidden
hidd en behavioral opportunity to
insights or the opportunity
behavioral insights
114
influence
influ However,, information
encc . 114 However information that reveals
reveals a person's
person’s private activity can
prívate activity
help explain
explain that person’s
person 's interests
interests and observable
observable behaviors. ctment
behaviors. In the current
digital climate, myriad
digital c limate , myriad data types
types can provide
provide insights about the se
these private
dynamics.
dyn amic s.
In the aggregate,
aggregate, social network
network data can revea! “underlying social
reveal the "underlying social
processes
proces ses that drive network
network dynamics,
dynamics , such as the tendency rcciprocity ,
tendency for reciprocity,
115
transitivity,
tran sitivity , or the need for group group balance
balance .."” 1b A specific person 's social
specific person’s social
111.
111. ThereTh ere are no 110confirmed
confirm ed reports
reports in the UnitedU11 ited States
States of user
sellin g user
of brokers selling
purchase
purchase history,
hi story , browsing
browsi11gdata, or other sensitive i11formati on to individual
sensiti ve information consumcrs.
indi vidual consumers.
112. See, e.g., SUN SUN Tzu,Tzu, THE THE ART OF OF W WAR (Lionel
ar (Lio 19 10),
tra11s., 1910),
nel Giles, trans.,
http://classics.mit.edu/Tzu/artwar.html
http://classics.mit.edurrzu /artwar. html (“Hence (" Hence the saying: If you k11ow know the enemy and yourself ,
k11owyourself,
and know
you need
need not fear the result of a hundred battles. If l f you know yourself
yourself but not 1101the enemy, for every
victory
victory gained you will will also suffer
suffer a defeat. If lf you know neither yourself,, you will
11eithcrthe enemy nor yourself will
succumb in evcryevery battle.”).
battle.").
113. See, e.g.,
e .g., KATHLEEN
KATHLEEN M. GALOTTI, MAKING DEC1S10NS
MAKlNG DECISIONS MATTER: HOW
THAT MATTER: How
P eople F
PEOPLE ace Important
FACE MPORTANTL FE C
LIife hoices 67 {2005)
CHOICES (2005) (“People
{'' People do not havehavc direct introspective access to
intro specti ve access
manyy of
man of their higher order cognitive
cognitive processes.
processes. That is, they don't don ' t always know why they feel or think think
the way that they do.”) do.") (internal
(interna ! reference omitted);
reference omi ttcd); Ci Cindy
ndy Dietrich, Decision Making:
Di etri ch. Decision Making: Factors that
Influence Decision
lnf/uence Decision Making
Making,, Heuristics Used, and Decision Outcomes,
ll euristics Used, Outcomes , 2 INQUIRIES
1 QUIRIESJ. J. 1-2 (2010)
(20 10)
(surveying
(survey ing psychological research on human
psychological research human decision making). making) .
114.
114 . But see Ashley Feinberg, This Is Almosr
B111 Almost Certainly James Comey Comey's T,vitter
's Twitter
Account,
Account , GlZMODO
GIZMODO(Mar. 30, 20 2017). http://gizmodo.com/t his-is-almost-ccrtai11ly-j ames-comey-s-tw i1ter-
17), http://gizmodo.com/this-is-almost-certainly-james-comey-s-twitter-
- l 79384364 1.
account-1793843641.
accou11t
115. Arun Sundararajan
Sundararajan et al., Research Research Commentary, lnformation in Digital,
Commentary, Information
Economic,
Economic, a11d and Soc
Social ,vorks , 24 INFO.
Networks,
ial Net INFO.SYS. 883 , 895(20
SYS. RES. 883,895 13).
(2013).
683
Y ale Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
684
684
A New
New Privacy
Privacy Harm
Harm
This Note’s
Thi s Note opening
's op ening hypothetical
hypothetical illustrates
illustrates how asymmetric access to
asymmetric access
information about another’s habits
information about another ' s habits can change
change the trajectory
trajectory of conversations
conversations,,
affect what
affect what people
people think
think and fcel
feel,, and influence
influence a target’s decisions about
target ' s decisions
whom to hire
whom hire.. This
This is not the only
only possible cxample - an informational
possible example—an informational edge
can givc
give an individual
individual the capacity
capacity to nudge, manipulate , and ultimately
nudge , manipulate, ultimately exert
, , . d . . s. 126
control over another
contro 1over anot her person’s group’ss major
person s or group ec1s10n . 1-6
maJor decisions
Relational control
Rclational control is premised
premi sed on the availability
availability of one’s prívate ,
one ' s private,
127
information being
information being available purchase by individual
available for purchase consumers . ~ This
individual consumers.
128
information
information is already being sold.
already bcing sold.1 2* As previously
previously discussed,
discussed, brokers
brokers in other
countries have
countries have begun selling consumer
begun selling consumer data that was not already publicly
already publicly
129 130
available Little prevents
availablc . 129 Little prevents U.S. brokers
broker s from
from soon doing same.. 130
doing the same
addition,, severa!
In addition several other factorss suggest
other factor information sold
suggest that the types of information
in the incipient
incipient people search market
people search market will increase over the next few years,
incre ase over years ,
further exposing
further exposing consumers
consumers to a relational control threat. These
relational control These factors should
factors should
significant concerns
raise significant concerns for privacy
privacy scholars
scholars,, lawmakers, consumers .
lawmakers , and consumers.
asymmetries
asymmctri cs in business business relationships);
relationship s); JamesJames E. Parco. Parco, Price-Setting
Price -Se1ti11g Power
Power and lnjormatio n
and Information
Asymmetry
Asy 111111etry in Sea
Sealed Bidding,
[ed Biddin g, 27 M MANAGE.
anage . D ecis . E
DECIS. con . 413 (2006).
ECON.413
124.
124 . See, e.g.,
See, e .g ., Cyril Tomkins.
Cyril Tomkin s, Interdependencies,
ln terdep e11de11c ies , Trust
Tm st and Information ation in
lnf or 111
Relationships,
Relationship s, Alliances
Alliances and Networks Networks,, 26 ACCT., ÜRGS. ORGS. & & SOC’Y n.10, 166-67 (2001)
16 1, 166 n.10,
Soc ' Y 161,
(describingg the
(describin the relati
relationship between information
onship bctween access and
infarmati on access and trust
tru st development in social networks, and
the challenges
chall enges posed by infa information asymmetries);
rmati on asymmetri es); Nermin Eyuboglu & Osman Osman A. !11formational
A . Atac, Informational
Power:
Po,ve Means
r: A Mea ns fo r Increased
/11c reased Control in Channels
Channe/s o off Distribution,
Distrib111io11, PSYCHOL. M ARKETING (1991)
PSYCll OL. & MARKETING ( 199 1)
125. See, ee.g.,
See, .g .. Nicoleta
Ni coleta B alau & Sanj
Balau Sonjaa Utz,
Utz, Exposing Information
ln fo rmation Sharing
Sharin g as
as Strategic
B ehavior; Power as
Behavior: as Responsibility
Responsibilit y and "Tru “Trust"
st" Buttons,
Butt ons, 46 J. J. APPLIED
APPLIED Soc. PSYCHOL. 593 (2016);
Soc. PSYCHOL.
Jeong Hwang et al. Information
al.., lnf or111 Asymmetry,
atio11 Asym111 Social
etry , Soc ial Networking
Networ king Site
Sit e Wordof
Wordof Mouth, Mobilityy
Mouth , and Mobilit
Effects 011
E.ffects on Soc
Socialial CoCommerce
mm erce in Korea Korea,, 17 CYBERP B EHAV. &
SYCI-IOL., BEHAV.
CYBERPSYCHOL., & SOCIAL NETWORKING
NETWORKING 117 117
(2014).
(20 14) .
126. Cf.
Cj. R
RICll
ichardARD H.H. T haler & C
THALER ass R. S
CASS SUNSTE
unstein IN,, N udge ; ITMPR
NUDGE: ECISIONS
OVING D ecisions
mproving
A bout
BOUT H EALTH,, W ealth
1-Iealth EALTH,, ANDand H 1-IAPPI NESS(2009) (arguing
appiness (arguin g on 0 11 a macro levelleve) that experts
experts can off er
can offer
certain architectures that drasti
cen ain choice architectures drastically affectt consumer decision
call y affec maki ng).
decision making).
127. While
Wh ile not the the focus
facus of this thi s Note, the thc possibility
possibilit y of individuals
indi vidu als using their
professional roles to secure data on others
profe ssional roles others in their network
network should not be overlook ed, as
be overlooked, employe es at
as employees
both Facebook and the NSA NSA have, in the past, past , used their accessaccess to view the the data others not outside of
data of others
professional interest. See See Bruce Schneier,, Why
Bru ce Schneier Why Uher's
Ube r 's 'God‘God View'
View' Is Creepy,
Creepy, CNN (Dec. 4, 2014),
CN N (Dec.
http://www.cnn.com/2014/12/04/opinion/schneier-uber-privacy-issue/index.html
htt p://w ww .cnn.com/ 20 14/12/04/opini on/schneier-uber-priv acy-issue/ index.html (“In ('' In the early
earl y years
years of
Facebook, employees
Facebook , emplo yees had a master password that enabled them to view vi cw anything
anythin g they wanted in any
account. NSA employees occasionallyy snoop on thcir
empl oyees occasionall their friends
fri ends and
and partners. The agency even
partn ers. The even has name
has a name
for
far it; LOVEINT.”).
it: L OVETNT .").
128.
128 . See GAO Information
See lnf or111ati Resellers,
o11 Rese llers , supra notenote 39, at 3-4 (describing
(describin g public and
publi c and
proprietary
propri etary data flows for people search services in the
fl ows far the United States).
Unit ed States).
129. See
See supra notesnotes 2-3.
130.
130. See ge
generally
nera l/y supra
rnp ra Part 11 II..
685
Joumal on Regulation
Yale Journal Regulation Vol. 34, 2017
Vol.34,2017
Expansion of
1. The Expansion ofData
Data (and Data Holders)
Holders)
lnformation Is Cheap
2. Information
686
A New
New Privacy
Privacy Harm
Harm
prescriptions.1139
prescriptions. 2*’9 Data
Data marketed
marketed to individuals significantly more
individuals is significantly expensive
more expensive
140
than bulk
bulk data
data purchases.14
purchases. 0 AndAnd while
while the price
price will likely
likely vary depending on
vary depending
whether
whetber the records
records are available
available publicly
publicly or purchased from proprietary
purchased from proprietary
sources,
sources, thus
thus far consumer records of
consumcr records of either
cither type have not been
type have been prohibitively
prohibitively
. "for
expensive
expens1ve .
ior interested
mtereste b uyers. 141
d buyers.1 41
Regulators Facc
3. Regulators Face Economic
Economic and
and Legal
Legal Roadblocks
Roadblocks
As noted
noted in Part II, there
there are fcw
few legal obstacles
obstacles to the purchase
purchase and sale
142
of
of most
most online activity.142 The United
online activity. United States’ scctor-by-sector approach
States' sector-by-sector approach to
privacy
privacy regulation
regulation leaves
leaves few general
general rules governing
governing what peoplc may do with
what people with
a * 143143
data.
data .
This
This legal context
contcxt seems
seems unlikely
unlikely to change soon. Not
change soon. Not only dramatic
only is a dramatic
shift of
sbift of U.S. federal
federal statutory
statutory law unlikely,
unlikely , but data sale is an enormous,
enormous, multi-
multi-
billion-dollar
billion-dollar industry that also provides
industry that provides many
many positive benefits - including
positive benefits—including tbe
the
many free services
many services that are offered online. Any
offered online. Any significant change to U.S
significant change U.S..
privacy law would
privacy implicate nearly
would implicate nearly every
cvery commercial
commercial industry constitute a
industry and constitute
significant
significant departure
departure from longstanding
from longstanding privacy law. Further,
U.S. privacy Further,
constitutional roadblocks may
constitutional roadblocks may stymie
stymie possible
possible interventions. Many First
interventions. Many First
144
Amendment scholars
Amendmcnt scbolars assert assert that data
data sale likely
likely constitutes
constitutes protected
protected speech,1
speech, 44
139. Id.
Id. The Financial
Financia/ Times released released a pricing
pricing calculator
ca lculator for a wide array ar ray of
information
inforrnation about about one’s
one's demographics,
dernographics, property,
property, family information , property,
family and health information, activities, and
prop erty, activities,
consumption
consumpt ion habits.
habits. Selecting
Selecting ali all possible
possible price tags yields roughly a rate of
yields roughly of $4.8449 person. See
$4.8449 per person.
Emily
Enüly Steel et al., at., How Much Is Your Personal Personal Data Worth?. FlN. TIMES
Worth ?, FIN. TIMES (June 12, 2013, 2013, 8:11 PM),
http://www.ft.eom/cms/s/2/927ca86e-d29b-l
http:/ /www.ft.com /cms /s/ 2/92 7ca86e-d29b- l Ie2-88ed-00144feab7de.html.
Ie2-88ed-00 l 44feab 7de.htrnl.
140. For cxarnp
For example, le , Everify.com charges users $$19.95
Everify.co111charges 19.95 for a premiurn
premium searc
search,h, in addition
addition
to a 19.95 monthlyrnonthly flat-usage
flat-u sage rate. See supra note 1. l. Spokeo
Spokeo charges $4.95 per month
charges $4.95 (quota -
rnonth for a (quota-
limited)
lirnited ) search
searc h of information
information that is collected co llccted from publicly publicly available sources . See SPOKEO,
available sources. SPOKEO,
http://www.spokeo.com/purchase
http:/ /www.spokeo.com/purchase?pid=3270475 ?pid=32704751121 I 121&q=Theodore+Rostow&type=name&url=%2FThe
&q=Theodore+Rostow&type=narne&ur1= %2FThe
odore-Rostow%2FTexas%2FSan-Antonio%2Fp32704751121.
odore-Rostow %2 FTexas %2 FSan-Antonio %2Fp32704751 l 2 l .
141. See Personal
Personal Data Data,, supra
supra note 3 (“fT]he ("fTJ he private
private information
information of many citize ns
rnany citizens
cann be freely purchased
ca purchased by stranstrangers
ge rs for just
just 700 yuan,
yuan, or $101$1 OI USD.”);
USO."); Sarkhel Alawadhi, supra
Sarkhel & Alawadhi, supra note
2 ("For anywhere between
("For anywhere between Rs 10,000-15,000
10,000-15,000 Jrough [roughly ly $$150-230 USD], we were offered
150-230 USO], personal data
offered personal
of upto I1 lakh
ofupto lak h [100,000]
[100 ,000] people
people in Bangalore,
Bangalore. Hyderabad
Hyderabad and Delhi.”).Oelhi.").
142. See, e.g., Neal Ungerleider,
Ungerleider, Yes Political Politica l Campaigns
Campaigns Follow Fol/ow Your BrowserBrowser
History,
His101)', F ast C ompany
FASTCOMPA Y (Nov.
(Nov. 5,2013,9:30
5, 2013, 9:30 AM), AM). http://www.fastcompany.com/302l092/yes-political-
http: // www.fastcompany.corn /3021092 /yes- political-
campaigns-follow-your-browser-history ("T
campaigns-follow-your-browser-history (“There
herc are few laws law s preventing marketing firms
preventing marketing working on
finns working
election campaigns
election campaig (or, for that matter,
ns (or, matter. selling
elling laundry)
laundry) from leveraging
leveraging publicly available
publicly avai census and
lable census
voter registration
voter regis tration data and cor correlating
relatin g it with thingsthin gs like, say,, purchased supermarket
like , say loya lty card
supermarket loyalty
analytics.”).
analytics.' ') .
143. See, e.g.,
e .g., GAO Information
Informa/ion Resellers,
Resel/ers, supra note 39, at 22; Data Brokers and
“People
"Peop le Search”
Search" Sites,
Sites, PRIVACY
PRIVACY RTS. CLEARINGHOUSE (Dec.
CLEARINGHOUSE {Dec. 16, 2016),
2016),
http://www.privacyrights.org/content/data-brokers-and-your-privacy
http: // www.privacyrights.org/content/data-brokers-and-your-privacy ("[ Tlh ere are no cu
(“[T]here current federal
rrent federal
laws
law requiring
requiring datadata brokers
brokers to maintain
maintain the privacy
privacy of consumer
co nsumer data unlessunle ss they use that data credit,,
elata for crcdit
employment,
emp loyment , insurance,
insurance, housing,
housing, or other other similar purposes
purposes...... . . No federal provides consumers
federal law provides consumers with
the right to correct inaccuracies in the data
correct inaccuracies data or assumptions
assumptions made brokers.” (internal
rnade by data brokers." reference
(interna! reference
omitted)).
omittecl)).
144. See, e.g., Jane Bambauer
Bambauer,, Is Data Speech, Speech, 66 STAN.
STA . L. L. REV. ("A
(2014) (“A
57, 106 (2014)
REY. 57.
corporation
corporation that generates
generates and subscqsubsequently
uently uses
use s or sells data,
data , even revenu e stream is
evcn if the revenue ancillary to
i ancillary
its primary
primary product
product or service,
service, has a cognizable
cognizable argument
argument that that it is in the business communications ,
business of communications,
and is therefore analogous to a traditional
thercfore analogous traditional press
press corporation.”); Eugene Volokh,
corporation."); Eugene Freedom ooff Speech
Volokh, Freedom Speech and
687
687
Yale
Yale Journal
Journal on
on Regulation
Regulation Vol. 34, 2017
which
which could
could prevent
prevent legislation
legislation that
that aimed
aimed toto stop
stop brokers
brokers fromfrom selling
selling data
data to to
consumers.
consumers. While
While this Note proposes
this Note proposes a number
number of
of regulatory,
regulatory, tort, statutory,
tort, statutory,
and
and private
priva te law
law reforms
refonns that
that would help mitigate
would help mitiga te the
the threat
threat ofof relational
relational control,
control,
these
these are
are by
by no
no means
means simple
simple or or cure-all fixes.
cure-ali fixes.
4. Anonymization
Anonymization Is Nota
Is Not a Sufficient
Sufficient Solution
Solution
Finally,
Finally, relational control
relational control will will likely
likely become
become a more more significant
significant problem
problem
due
due to to the
the well-documented
well-documented problems
problcms associated
associated with
with datadata anonymization.
anonymization.
Commercial
Commercial entities
entities andand regulators
regulators often
often respond
respond to to consumer
consumer privacy
privacy concerns
concems
145
by attempting to remove all identifying
by attempting to remove ali identifying features
fcatures from
from a data data set.1
set. 45 These
These
efforts
efforts areare pervasive
pervasive in
in data
data transactions.
transactions. For
For example,
example, the
the H1PAA
HIPAA Privacy
Privacy
146
Rule requires
Rule requires thatthat health
health data
data be be anonymized,'46
anonymized, and
and it creates
creates a safe harbor for
safe harbor for
companies
companies that
that (i) (i) remove
remove from
from datasets
datasets eighteen
eighteen types
types of
of identifiers
identifiers
(including,
(ine luding , for for example,
example, names,
names, addresses,
addres es, IP addresses,
addresses, and
and social
social security
security
numbers) and (ii) also have “[n]o
numbers) and (ii) also have "[ n]o actual
actual knowledge
knowledge [that]
[that] residual
residual information
information
147
can
can identify
identify individuals].”
individual[s]." 147 Similarly,
Similarly, a vast
vast number
number of of companies,
eompanies, including
including
ban k s, 148
banks, ' credit
ct· car d s companies,1
ere 1t cards compames,
. 149 . .
44 anti-virus .,,
ant1-v1rus software,1
soitware,
150 l
711 telecommunications
te ecommumcat1ons
. .
/11
/ormation Privacy:
Information Pri1•ac_1•: The Troubling
Tro11bli11g /111pli
cmions ooff a Right
Implications Righr To Stop People fro111
from Speaking
Speaki11gAbout
Abour You.You.
52 SSTAN. REY.
ta n . L. R 1049. 1051
ev . 1049. 1051 (2000) (arguing that many privacy laws regulatingrcgulating the sale and disclosure
personal information
of personal infonnation are unconstitutional under existing First Amendment law).
145. See,
145. See, e.g., FTC Data
Dara Brokers,
Brokers. supra note 4, 4. at 14.
14.
146. See
146. See45C.F.R.pt. 164.514(b)-(c)(2002).
45 C.F.R. pt. 164.514(b)-(c) (2002).
147. O
147. ÜFFICE
ffice of OF CivtL
CIVIL R RIGIITS,
ights , G GUIDANCE
uidance R REGARDING
egarding M METIIODS
ethods for FOR D e
DE-
IDENTll~CATION
identification OFPPROTECTED
of rotected H HEALTll
ealth lNFORMATION
Information in INAACCORDANCE
ccordance with TIIEH
WITIIthe ealth IlNSURJ\NCE
HEALTll nsurance
PPORTABILITY
ortability and ANDA ACCOUNTABILITY
ccountability A ACT
ct (HIPAA) P PRIVACY
rivacy R RULE
ule 7-8, D ep ’t of
DEP'T OF H ealth & H
HEALTII HUMAN
uman
SSERVS
ervs .. (2002),
(2002), http://www.hhs.gov/hipaa/for-professionals/privacy/special-topics /de-
http://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-
identification/#standard.
identification/fstandard.
148. See, e.g., Jonathan Camhi, Barclays
148. Barc/ays Plans
Pla11sTo SellSel/ Anonymized Data to Other
A11011ymi-::.ed
Companies. B
Companies, BJ\
ank KTECJI
Tech (June 24, 24. 2013,
2013. 11:32
11:32 AM),AM). http://www.banktech.com/data-and-
http://www.banktech.com/data-and-
ana Iyt ics/barclays-p Ia11s-to-sel 1-anony mized-data-1o-other-com pan ies/d/d-idi 1296436
analyfics/barclays-plans-to-sell-anonymized-data-to-other-companies/d/d-id/1296436 (an noune ing
(announcing
Barclay's plans to sell
Barclay's ,ell aggregated
aggregatcd checking and savings account data to other private prívate companies and
govemment agencies).
government
149. See,
149. See. e.g.,
e.g .• Bernard Marr, American Express Charges into i1110the World
World ooff Big
Big Data,
DATAINFORMED
DATAlNFORMED (Jan. 13,
13. 2016, 5:30 AM), http://data-informed.com/american-express-chargcs-into-
AM), http://data-informed.com/american-express-charges-into-
world-big-data (describing new American Express business lines using customer cu,tomer data to recommend
tnird-party products to customers).
third-party customcrs) .
150. See, e.g..
150. e.g., James Temperton,
Tempcrton , AVG Can Sell Sel/ Your
Your Browsing and a11dSearch History
1-/istoryto
to
Ad1•ertisers.WIRED
Advertisers, WIRED(Sept. 18,2015),
18, 2015),http://www.wired.co. uk/article/avg-privacy-policy-browser-search-
http://www.wired.co.uk/article/avg-privacy-policy-browser-search-
AVG's updated policy to sell anonymized search
data (detailing AVG’s scarch and browser history).
151. See, e.g..
151. e.g., Bryan Clark, Comcast: ISPs Should Shou/d Be Able To Sell Sel/ Your
Your Web
Web History
/li sto!")'
Ad,•ertisers, TNW (Aug. 3,
to Advertisers, 3.2016, 1:09 PM),
2016, 1:09 PM). http://thenextweb.com/insider/2016/08/03/comcast-isps-
http://thencxtweb.com/insider /2016/08/03/comcast-isps-
should-be-able-to-sell-your-web-history-to-advertisers (reporting that AT&T had been
should-be-able-to-sell-your-web-history-to-advertisers bcen selling customer
data for over
overaa year);
year): Michael H., H .. AT&T Planning
P!a1111i11[i Sel/ Your
To Sell Your Anonymous
A11011ymous Usage
Usage Data
Dara to Advertisers.
Ad,wtisers .
PHONEARENA
PHONEARENA (July 3,3.2013,
2013, 9:37 PM). http://www.phonearena.com /news/AT-T-planning-to-sell-your-
PM) , http://www.phonearena.com/news/AT-T-planning-to-sell-your-
anonymous-usage-data-to-advertisers _id44890 (announcing AT&T plans to sell anonymized
anonymous-usage-data-to-advertisers_id44890 anonymi7cd customer
data).
152. Swati Khandelwal,
152. Khandclwal , ISPs
/SPs Sell
Sel! Your
Your Data to 10Advertisers,
Acfrerrisers, But
8111FCC Has a Plan To
Protect Privacy,
Protect Pri,•acy. HACKER
HACKERNEWS NEWS(Mar. 11, 11, 2016), http://thehackernews.com/2016/03/isp-sells-data-to-
http://thehackernews.com/2016 /03/isp-sells-data-to-
advertiscrs.html; supra note 57.
advertisers.html;
688
A New Privacy Harm
New Privacy Harm
data to other
other companies
companies afterafter stripping
stripping out personally
personally identifiable information
identifiable information
(PII)_ 154
(PII).154
However,, anonymization
However anonymization cannotcannot guarantee
guarantee that a person their
person is not tied to their
data, according
data , according to many
many computer
computcr scientists,
scientists, data analysts,
analysts, and privacy
privacy
155
scholars.'"
scholars. Surveys of common
Surveys common anonymization de-anonymization methods
anonymization and de-anonymization methods
reveal
revea! the ease with whichwhich computers
computers and humans humans can re-identify anonymized
re-identify anonymized
datasets.
dataset For data releases
s. For releases that are explicit (intentional, such as when
explicit (intentional, when
anonymized
anonymized and sanitized
sanitized datasets
datasets are sold)
sold) or implicit (unintentional, such as
implicit (unintentional,
156
when partially
partially or fully
fully anonymized
anonymized datasets
datasets are leaked),IM number of
leaked) , ’ a number de-
of de
anonymization attacks
anonymization attacks can re-identify datasets with ease.
re-identify the datasets
A particularly
particularly effective
effcctive attack relevant to our inquiry)
attack (and relevant involves the
inquiry) involves
attacker leveraging auxiliary
attacker leveraging auxiliary information
information or background knowledge to identify
background knowledge identify
157
the matching
matching dataset."'7
dataset. For example, Arvind Narayanan
example, Arvind Narayanan and Vitaly Shmatikov
Vitaly Shmatikov
took user ratings
ratings from the IMDB IMDB database
database and used them to expose expose user IDs
158
from among
among 500 500,000
,000 Netflix
Netflix users.l5S
users . Working
Working off
off tbe
the bypothesis
hypothesis that among
among
“Netflix subscribers who also use IMDB
"Net flix subscribers IMDB,, there strong correlation
there is a strong between
correlation between
their private
their Netflix ratings
prívate Netílix ratings and their
their public
public IMDB rating,” Narayanan
IMDB rating," Narayanan and
Shmatikov
Shmatikov discovered
discovered that “even "even a handful movies that are rated by a
handful of movies
subscriber
subscriber in both services
services would
would be sufficient identify his or her record
sufficient to identify record in
the Netflix
Netflix Prize
Prize datasct
dataset (if present
present among
among the released records) with enough
released records) enough
statistical confidence
statistical confidence to rule
rule out the possibility
possibility of
of a false match
match except
except for a
159
negligible probability."
negligible probability.” 177 In addition,
addition, Sarah
Sarah Jamie Lewis
Jamie Lewis has surveyed
surveyed how a
20GB dataset,
dataset , comprising
comprising more than 173 million million individual
individual NewNew YorkYork City
689
689
Yate Journal on Regulation
Yale Journal Regulation Vol. 34, 2017
anonymous licenses,
taxi trips with anonymous licenscs , medallion
medallion numbers,
numbers , and other othcr metadata
metadata
could easily
easily be subsequently
subsequently re-identified 160
could re-identified along
along with the driver’s
driver 's identity.1
identity . 60
F'urther, existing
Further, existing relationships
relationships pose additional
additional challenges
ehallenges for effective
effective
anonymization. Fclix
anonymization. describes the possibility
Felix Wu describes possibility of privacy
privacy invasions
invasions by
161
"insiders" in the context
“insiders” context of data releases.1
releases. 61 Wu defines
defines “privacy
"privacy ‘insiders’
'i nsiders' [as]
thosc [whose] relationship
those [whose] particular individual
relationship to a particular individual allows
allows them to know
significantly more more about 162
significantly about that individual
individual than the thc general
general public does.”1
does." 62 Wu
notes that privacy
privacy insiders
insiders can be particularly
particularly difficult
difficult to counter,
counter, because
because
insiders “can
insiders "can exploit
exploit special knowledge gained
special knowledge gained through
tlu-ough their relationships
rclationships with
target individual
a target deduce more about
individual to deduce about that individual
individual from released
released data than
163
general public would.”
the general would." 163 Similarly,
Sim;tarly, Swaroop Poudel observes
Swaroop Poudel observes how, how , in the
164
context
context of anonymized device
anonymized device data,16 data, 4 knowledge
knowledge of a person'sperson’s particular
particular
attributes can lead to idcntifying 165
attributes individual without
identifying an individual without access
access to their PII.1
their Pll . 65
While privacy insiders
While privacy insiders may interact
interact with each
eaeh other in the physical
physical worldworld with
varying degrees
varying degrees of closeness
closeness and trust, theirtheir existing
existing knowledge
knowledge of a person person can
pair with acquired
pair acquired data to produce
produce greater
greater insight.
These four
These four factors
factors suggest
suggcst that the thc threat
threat of relational
relational control
control will
continue to grow. Consumers
continue Consumers produceproduce increasingly
increasingly revealing
revcaling data, data , which
brokcrs will continue
brokers continue to sell at a low price. price . Economic
Economic and legal obstacles
obstacles may
frustrate attempts
frustrate attempts to regulate
regulate data sales, and anonymization
anonymization cannotcannot adequately
adequately
proteet consumers.
protect consumers. In the absence
absence of any meaningful
meaningful check,
check, certain
certain individuals
individuals
will purchase
purchase cheap,
cbeap, powerful
powerful data to gain an informational
informational advantage
advantage over
their peers.
their
IV. Existing
Existing Proposals
Proposals Fail To Remedy
Remedy Relational
Relational Control
Control
160. Sarah
160. Sarah Jamie
Jamie Lewis.
Lewis, Please SlopStop Releasing "Anonymized"
"Anonymi,ed " Datasets,
Dataseis, LlNKEDlN
LINKED[N
PULSE(Jan.
PULSE 25, 2016),
(Jan. 25, 2016), http://www.linkedin.com/pulse/please-stop-releasing-anonymized-datasets-sarah-
http: //ww w.linkedin.com /pulse /please-stop-releasing-anonymized-datasets-sarah-
jamie-lewis.
jamie-lewis.
161. See Felix T. Wu,
161. Defi11i11g
Wu , Defining Pril'ac_vand Utility
Privacy Utility in
in Data Sets, 84 84 U. COLO.
COLO.L. R ev .
REV.
1117, 1154(2013). While
1117,1154(2013). While Wu underscores
unucrscores the unclear
unclear legal state of insider
insider attacks,
attacks, and their
their difficulty
difficulty to
countcr, neither
counter, neithcr Wu nor any other other scholar
cholar has discussed
discusscd the possibility
possibility or implications
implications of these
rdationships in the context
relationships context of peerpeer data
<lata purchases.
purchases.
162. Id.
162.
163.
163. Id .
Id.
164. See also
164. a/so infra
i11fra Section TII.B (discussing
Section 1U.B (uiscussing the relationship
rclationship between
betwecn de de-
a7onymization and
anonymization andaa relational
re!ational control
control threat).
threat).
165. Swaroop
165. Swaroop Poudel, /11/emet ooff Things:
Poudel, Internet 711ings:Underlying
U11der/yi11g Tech11ologies.Interoperability,
Technologies, lnteroperahility,
w1d Threats to Privacy and
and a11dSecurity, 31 31 BBERKELEY
erkeley T 997, 1014
ech . L. J. 997,
TECII. 1014(2016)
(2016) (“Comprising
("'Cornprising granular
granular
d..1ta with many variables,
data variables, sensor
,cnsor data can enableenable someone
someonc with knowledge
knowledge of certain certain attributes
attributes of a
identify them,
person to identify thcm. even
even without
without their
their personally
personally identifiable
idcntifiable information
information (PII)(PH) .....
. . . For example,
example.
Fitbit's movement
Fitbit’s movement data can reveal revea! someone’s
somconc's gait. Someone
Someone who knows a person’s per,on·s gait could,
could, thus,
Lhus,
idcntify that person
identify person and gain access
access to the rest of his or her Fitbit data.”
data. " (internal
(in terna! references
refercnces omitted)).
omitted)).
690
690
A New
New Privacy Harm
Privacy Harm
A. Br Industry Reforms
oker Jndustry
Broker
When the FTC releasedreleased its 2014 Report, Report , the agency proposed a series
agency proposed series of
legislative reforms
legislative reforms that that, , if enacted,
enacted , would offer
offer new privacy
privacy protections
protections for
consumers.
consumer s. The FTC signaled signaled its supportsupport for the Data Data Broker Accountability
Broker Accountability
and Transparency
Transparency Act (DATA), introduced by Senators
(DATA) , introduced Senators Rockefeller
Rockefeller and
Markey,
Mark ey, which would
would ((1) 1) bar data brokers collecting data that brokers
brokers from collecting broker s
knew were illegally
knew obtained;; (2) require
illegally obtained brokers to allow
require brokers consumers to review
allow consumers review
personal information gathered
personal information gathered aboutabout them at least once per year free ; and
year for free;
(3) empower
empower consumers
consumers to dispute dispute the accuracy accuracy of data collected, which
collected , which
166
brokers
brokers would
would then have to inve investigate correct.166 The FTC also expanded
stigatc and correct. expaoded
uupon
pon the existing
existing DATA
DATA proposals
propo sals by recommending legislatioo that would
recommending legislation
require
require consumers
consumers to opt in to the sharing sharing of any sensitive
sensitive data, such as certain
167
health data.1
data . 67 The FTC also recommended
recommended that the legislation require brokers
legislation require
to disclose
disclos e their data sources sources and notify consumers consumers when collccted collected data
168
adversely affected a commercial
adver sely affected commercial transaction.1
tran saction. 6 6 In addition,
addition , the FTC suggested
suggested
that a central web
website
site be created
created to list the largest fifty fifty data brokers provide
brokers and provide
. 169
169
links to their access tools and opt-out opt-out policies.
number of privacy
A number scholars have proposed
privacy scholars additional reforms
proposed additional reforms to
regulate broker activity.
regulate broker activity. These
These range from the advocating
advocating for legislation
legislation in line
170
with the EU'
EU’ss Data Privacy
Privacy dircctive
directive1 70 to cxpandin disclosure and correction
expandingg disclosure correction
171
requirements.1'
requirements. 1 Scholars
Scholars have called Congress to enact
called for Congress enact a law similar
similar to
California’s Right to Know
California 's Right Know Act, Act , which
which would
would require companies to revea!
require companies reveal,,
upon request,
request , the information
information they have collected about an individual
collected about individual and how
the information
inform ation is used and sold sold.1. 172‘
A recent empirical
empírica! study of consumer consumer reactions privacy disclosures
reactions to privacy disclosures
registers one critique
registcrs critique of these proposals
proposals,, arguing that they "rely[] “rely[] on the fiction
that if customers are told about the uses information , they will vote
use s of their information,
173
with their feet if they do not like the thc terms.”17’ However,, the novel
tenns ." However proposals
novel proposals
691
Yalc Joumal on Regulation
Yale Journal Regulation Vol. 34, 2017
692
692
A New
New Privacy Harm
Privacy Harm
182
182
disagreement over
disagreement over the scope
scope of of consumer
consumer protection
protection regulations
regulations ' and the
never-ending struggle to kecp
ncver-cnding struggle keep frameworks up-to-date with the rapid
frameworks up-to-date rapid expansion
expansion
183
of
of data and how how they
thcy are used. ’
Regulatory FIPP
Rcgulatory F1PP or PBD frameworks
frameworks are similarly
similarly incapable
incapable of protecting
protecting
consumers
consumers from relational
relational control.
control. These
These frameworks,
framcworks , along
along with coherent
coherent
184
cyber
cyber security
security norms,1
nonns , X4 can provide useful best practices
providc useful practices for how companiescompanies
should de-identify
should de-identify and secure secure data,
data , as well as delete
delete data over over time. However
However,,
they do not address address the basic structural feature of the commercial
structural feature commercial data
environment that allows
environment allows many private actors to collect
prívate actors collect records
records of of user
user activity
activity
and sell them to interested
interested purchasers.
purchasers.
Furthermore,, it is unlikely
Furthermore unlikely that Congress
Congress will amend amend federal privacy
federal privacy
statutes either
statutcs prevent the trading
eitber to prevent trading of the digital information that relates
digital information relates to
185
regulated
regulated sectors1
sectors X5 or to establish
establish general
general privacy
privacy rules for consumer consumer
186
information
information (as some have recommended).Iw
recommended). > Federal Federal statutory privacy law has
statutory privacy
remained unchanged despite
remained unchanged despite the rampant
rampant purchase
purchase and sale of data, data , a near
constant stream of embarrassing
con stant stream embaiTassing data breachesbreaches and leaks,leak s, and an increasingly
increasingly
lengthy .
1engt hy list f d
l 1st oof documented d
ocumente privacy . h
pnvacy harms. arms. 187 w·
With b
1t one narrow narrow except10n . , 188
exception,
Congress
Congress has not passed passed a statute
statute expanding federal privacy
expanding federal protections in
privacy protections
189
more than a decade.
decade.1 ''9 Federal
Federal statutory
statutory reforms
reforms are also often poorly poorly designed
designed
to combat
combat futmefuture privacy
privacy threats. New Congressional
threats . New Congressional enactments
enactments would would face
familiar undertows
familiar undertows in the form of of swift
swift obsolescence
obsolescence,, dilutiondilution by industry
industry
190
190
lobbying,
lobbying , or the well-documented
well-documented tendency
tendency to target
target specific
specific technologies.
tcchnologies.
693
Yale Journal
Joumal on Regulation
Regulation Vol. 34, 2017
C. Privacy-Enhancing
C. Privacy-Enhancing Consumer Technologies
Technologists have
Technologists have developed
developed a number number of tools
tools to shield
shield consumers
consumers from
digital tracking,
digital tracking, such as adblockers
adblockers or cookie cookie deleting
deleting services.
services. However,
Howcvcr, these
services are unlikely
services unlikely to inoculate
inoculate a user from the threat
user from threat of
of relational
relational control.
control.
There
There are significant economic incentives
significant economic incentives for online actors
online actors to track
track consumer
consumer
. . 191w 111c . h e I th e mternet
act1v1ty,
activity,1 91 which fu .
fuel the internet’s , s free
e . .
1ree pricing
pncmg structure. 192
structure.1 TI1ese incentives
92 These . .
mcentJves
lcad to new
new tracking
tracking technologies
technologies (such 193
lead (such as web web beacons),1
beacons), 91 which
which when
when first
implemented track
implemented track consumers
consumers without
without their
their knowledge,
knowledge, and new services serviccs (such
(such
as Pokémon
Pokemon Go), which which oftenoften begin
begin with few privacy privacy protections
protections for
consumers. 194
consumers.1 Thi lag time is an inevitable
94 This inevitable consequence
conscquence of a free market market
cconomy,
economy, and ensureensure that technical
technical opt-outs
opt-outs will struggle
struggle to provide
provide sustained
sustained
protcction against
protection against relational
relational control.
control.
Additionally, array of tools— 195
Additionally, a wide array tools-fromfrom the Tor Tor browser,19"
browser, to virtual
virtual
priva te networks 196 197
(VPN), end-to-cnd
private networks (VPN),IW’ end-to-end encrypted encrypted messages,1
mcssages, 97 and encrypted
encrypted
694
Privacy Harm
New Privacy
A New
198
desktops19*
desktops 1-—allowallow consumers
consumers to avoid tracking companies and sorne
tracking by most companies some
security agencies.
security agencies. Most websites considerably slower
websites run considerably slower on thetbe Tor browser,,
browser
and sorne
some features,
features , including
including most video streaming
strearning options, cannot work
options , cannot
199
without risking
without risking consumer
consumer privacy certain , high information
privacy .. 199 While certain, information
consumers
consumers could limit their tbeir vulnerability
vulnerability from relational control,, most
relational control
200
consumers necessary to shroud
consumers will not take the steps necessary shroud their activity.""" (And , if
activity . (And,
2011
they did
did,, their action
actionss could significan
significantly economy.).)2°
information economy
tiy disrupt the information
Ohm and Balkin Balkin tackle data abuses from two distinct fronts,, each of
distinct fronts
which is relevant
relevant to the problem
problem of relational
rclational control. Ohm
Ohm’s 's proposal
proposal is data-
centric, highlighting particular types of infonnation
highligbting particular - such
information—such as social secmity
security
numbers or medical
numbers information—that
medica! information consumers and
- that can harm consumers and,, thus, are
recognized
recognized as "sensitive." safeguards exist for certain types of
“sensitive.” Legal safeguards
“sensitive”
"sensitive " information,
information, which
which limit how commercial entitics may use these
commercial entities
202
data
data .
." " 2 Ohm advocates
advocates expanding
expanding U.S. law’s
law' s conception
conception of sensitive
sensitive data to
include three new types of information:
information: precise geolocation
geolocation data remotc
data,, remote
203
biometric
biometric datadata,, and commuoications
communications metadata."
metadata.
695
Y ale Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
204. e.g.,supra
See, e.g., notes 19-20 and accompanying
supra notes accompanying text.
205. Ohm, supra note 16, at 1129.
Ohm,
206. Id.
207.
201. Brokers,supra note 4, at
FTC Data Brokers,supra al 54.
208. See supra note 202 and accompanying
accompanying text.
209. Ohm, supra note 16,
Ohm, ("f Privare industry
16. at 1138 (“[Private industry actorsl
actorsl are probably
probably motivated
motivatcd to
combination of moral compunction,
draw these lines by a combination compunction, ethical
ethical norms,
norms. market
market demand,
demand. and fear of
consumer backlash
consumer backlash or government
govemment regulation.”).
regulation.").
210.
210. See, e.g., id. at 1138-40; Jim Brock,
See, Brock, VetYet Another
A11other(Better)
(Beller) Definition ooff Sensitive
Defi11itio11 Se11si1ive
Boundaries jorr
fo Ad Targeti11g.
Targeting, PRIVACYCHOICE
PRIVACYCIIOICE (Dec. 14, 2011),
2011).
http: // blog.privacychoice.org /201 l / 12/ 14/yet-anothcr-better-definition-of-sensitive-boundaries-for-ad-
http://blog.privacychoice.org/2011/12/14/yet-another-better-definition-of-sensitive-boundaries-for-ad-
ta:-Jeting (arguing
targeting (arguing that the various
various different
different industry
industry standards
,tandards for sensitive
sensitive boundaries
boundaries should
should coalesce
coalc ce
along the lines of Google’s
Google ·s definition).
dcfinition).
21 l.
211. s11pranote 16, at 1138-40.
Ohm, supra
See Ohm, 1138-40.
696
A New
New Privacy Harm
Privacy Harm
212
212
privacy advocates,, sensitive
privacy advocates sensitivc data “may
"may be the only
only game town" " that can
game in town”"
secure protections
secure where so many
protcctions where other proposals
rnany otber proposals have failed.
havc failed.
1. Possible Protections
1. Possible Protections Against Relational Control
Against Relational Control
A number
number of Ohm’s proposals,
of Ohm's proposals , if implemented,
implemented , could could yield
yield value
value in the thc
looming
looming fight fight against relational control.
again st relational control. First,
First, Ohm’s
Ohm ' s threethree new types types of of
“sensitive”
"sensitive " datadata—precise
- precise geolocation
geolocation data, remoteremote biometric
biometric data data (including
(including
213 are
iris scan
sean and facial facial recognition),
recognítíon) , and communications
communications metadata"1 metadata -—are
particularly
particularly dangerous
dangerous in the context context of relational
relatíonal control. Communications
control. Communications
metadata can offer
metadata powerful maps
offer powerful maps ofof an individual’s social networks and reveal
individual ' s social networks revea!
214 metadata
changes in interactions.
changes interactions.214 For For example,
example, Facebook
Facebook communications
communications metadata
can predict
predict with
with surprising
surprisiog confidence
confidence when
when individuals
individuals will begin romantic
begin a romantic
. t,· 21s
re 1at10ns 1p. '
relationship."1
Second,
Second , OhmOhm argues
argues that U.S.U .S. law should
should evolve
evolve to categorize certain
categorize certain
216
types of datadata as sensitive
sensitive data data “no
"no matter who holds
matter wbo it." A
holds it.”216 core challenge for
cballenge
sensitive data
sensitive data as a partial remedy to relational
partía! remedy control is that
relational control thc vast
that the majority
vast majority
of
of relevant
relcvant U.S. law requires requires only
only “particular actors in particular
"particular actors scctors " to
particular sectors”
217
have any any safeguarding
safeguarding responsibilities
responsíbilitícs for the information. 7 As discussed
tbe information."1 discussed in
218 219
Part II, the constant
constant trading
trading of of data"1
data ' weakens
weakens most most U.S.U.S. sensitive
sensitive datadata laws.
laws."15
Ohm calls for a signíficant
significant expansíon
expansion of U.S. law,
ofU.S. arguing that for certaín
law , arguíng certain types
of sensitive information,
of sensítive informatíon, “we should extend
"we should privacy protection regardless of
cxtend privacy protcction regardless of the
ºfi 1 . l . " 22º
specific
speci 1c relationship.”"20
re at1011s11p.
Third,, Ohm argues
Third argues that U.S. U.S. laws should
should recognize
recognize sensitive
sensitive data even
when
when in unstructured
unstructured forms.
forms. Unlike
Unlike structured
structured data that contain
contain only one typetypc
of information,
of information, like an email address, unstructured
ao email address , unstructured data
data exist
exist “at
"at the whim
whim of
221
the person
person doing
doing data cntry entry—-' ‘comments’
comments ' or '‘notes.’”""1
notes. "' example,, Google
For example
For Google
maintains
maintains a collection
collection of of every
every search
search query
query anyone
anyone has entered,entered , which
which is
perhaps
perhaps the world’sworld's largestlargest database
database of incidentally
incidentally collected sensitive
collected sensitive
information.222 222While technical capacity
information . While technical capacity has traditionally
traditionally limited
limited one’s
one's capacity
capacity
212. Id.
ld . at
atl11136.
36.
213.
2 13. Id. at 1143-44.
1143-44.
2214.
14. Leskovec,
Les kovec, supra note 116.1 16.
2215.
1S. Robinsonn Meyer,
See Robinso Meyer , When You Fall Fa// in Lo
Love,
ve, This Is What Facebook Sees, Sees,
Atlantic
AT LAN TI C (Feb. 15,15. 2014
2014). ), http://www.theatlantic.com/technology/archive/2014/02/when-you-fall-in-
http ://www.th eatl antic .com/technolo gy/ archive/2014 /02/when -you -fa ll-in-
love-this-is-what-facebook-sees/283865.
love-th is-is-what-fa cebook- sees/2838 65.
2216.
16. Ohm,,ssupra
Ohm note 16,
upranotel at 1190.
6, atll 90.
217. Id.
218.
2 18. See Christl Spiekermann., supra note 118, at
Chri stl & Spiekermann ar 45-50 studie s of
45-50 (surveying major studies
dataa transmissions that found that •·37
dat “37 of the 50 most popular
popul ar websites transferred information about
every
eve ry click to ovc
overr 30 third parti es, 22 of them even to more than 60 third parties. The website
parties,
dictionary.com
dictionary .co m transmitted data on every page request to 234 externa! services” (interna!
external services" refe rences
(internal references
omitted)).
omitt ed)) .
219.
2 19. See supra Section
Scction Il.A.
11.A.
220. Id. at
ar 1192.
1192 .
221.
221 . Id. at
at 1192-93.
1192-93.
222. Id. at
at 1193.
1 193 .
697
697
Joumal on Regulation
Yale Journal Regulation Vol. 34, 2017
retricve valuable
to retrieve valuable or tailored
tailored information
information fromfrorn massive,
massivc, unstructured
unstructured datasets
datascts
Google's, the
like Google’s, tbc rapidly
rapidly expanding
cxpanding state of computational
computational power, alongalong with
scraping, natural
an array of web scraping, natural language
languagc processing,
processing, and machine
macbine learning
learning
too 1
s, 223
ena bl
tools,"" enablee companies .
compamcs to capture capture and d
an separate .
separatc sensitive. d ata from
sens1ttvc data .., vast,
1rom
unstructured collections.
unstructured collcctions. Google
Google researchers,
researcbers, for example,
examplc, have used machine-
machine-
learning techniques to automatically
learning techniques automatically distinguish
distinguish fluílu symptoms
symptoms from other
searcb queries
search querics analyzed
analyzed from the “billions
"billions of individual
individual searches
scarches from 5 years
224
Google web search
of Google scarch logs.”""4
logs." The power
power of these
tbese new tools
tool underscores
underscores the tbe
necd
need to consider possiblc affirmative
consider possible affirmative protection
protection requirements
rcquirements on unstructured
unstructured
data.
Significant Gaps
2. Significant Gaps with Respect
Respect to Relational
Relational Control
Control
If implemented,
implemented, these thesc three
threc proposals
proposals might reduce
reduce certain
certain manifestations
manifestations
relational control.
of relational control. Nevertheless,
Nevertheless, Ohm’s
Ohm's proposal
proposal is not designed
designcd with
rclational control
relational control in mind. As presentlyprcsently constituted,
constituted, it can provide
providc only
marginal protection
marginal protection against
against the
thc threat
thrcat of relational
relational control.
control.
Ohm's proposals
Ohm’s proposals do not address
addrcss many
many information
information types that can be used
relational control.
to exert relational control. Data
Data that provide
provide deep insights
insights into both behavior
behavior
:J.nd interactions—
and interactions-forfor example,
cxample, browser
browser history,
history, calendar data, purchase
calendar data , purchase
reeords,
records, and social
social network
network metadata—are
metadata-are particularly
particularly dangerous
dangerous in the handsbands
of peers.
pcer s. To protect
protect against
against or manage
manage the risk of relational
rclational control,
control, Ohm’s
Ohm 's
proposal would
proposal would need to be significantly
significantly expanded
expanded to include
include as sensitive
sensitive a
larger body of data. Recognizing
much larger Recognizing these data types as sensitive sensitivc could
triggcr new regulatory
trigger regulatory requirements,
requirements, limiting
limiting the
thc circumstances
circumstanccs in which whicb this
information could
information could be transferred
transferred through,
tbrough, among
among others,
others, thetbe FIPPs of “purpose
"purpose
specification" and “use
specification” "use limitation,”
limitation," which
which can reducereduce the likelihood
likelihood that
sensitive data will wind
sensitive wind up in thethc hands ofof data brokers
brokers who are in turn free to
sel! data to individual 225
sell individual consumers
consumers that cannot
cannot show a validval id purpose.225
purposc.
C. Information
C. Jnformation Fiduciaries
Fiduciaries and Relational Conh·ol: A Theoretical
Relational Control: Theoretical Path To
Improve Sale and Storage
Improve Storage Practices
Practices
223.
223. 1194;
See id. at 11 Liune Colonna,
94; Liane Tawnomy and Classification
Colonna, A Taxonomy Classijicarionooff Data
Data Mining,
Mining,
15 SMU & TECH.
SMU SCI. & TECII. L. R ev .309,
REV. 309, 332-34
332-34 ( 2013).
(2013).
224. Ohm, supra note
Ohm, supra note 16,
16. at 1195
1195 (quoting
(quoting Jeremy
Jcremy Ginsberg
Ginsbcrg et aal..
t. Detecting Influenza
De1ecri11g/11jl11
enza
Evide111ics
Epidemics Using Search
Using Search Engine
Engi11eQuery Da1a.457 NATURE
Que,y Data, NATURE 1012.
1012, 1013 (2009)).
225. Id. at 1138.
1138.
226. Other scholars have have also proposed some
sorne fiduciary
fiduciary obligations
obligations for information
information
services. See N
strvicc,. See NEIL RICIIARDS. INTELLECTUAL
eil RICHARDS, INTELLECTUALPRIVACY:
PRIVACY: RETHINKING
RETHINKINGCrVIL
CIVIL LIBERTIES
LiBERTIESIN IN THE
THE DIGITAL
DIGITAL
AGE 282 (2015); Jerry
AGE Selj-Surveillance Privacy,
Jcrry Kang et aalt,.• Self-Surveillance Privacy, 97 IOWA
IOWi\ L. REV.
REV. 809,
809,8812,
12, 831-32 (2012);
831-32(20 12);
Markets and
Kenneth C. Laudon, Markets a11dPrivacy,
Privacy, COMMS.
COMMS. ACM 92, 101 101 (Sept. 1996). See generally
general/y Richard
R.W.
R Knowledge in
Brook~. Knowledge
.W . Brooks, in Fiduciary
Fiduciary Relations,
Re/a1io11s, PIIILOSOPinCi\L FOUNDATIONS
in PHILOSOPHICAL FOUNDATIONSOF OFFIDUCIARY
FIDUCIARY LLAWaw
(Andrcw S. Gold & Paul B. Miller
(Andrew Miller eds.,
cds., 2014).
698
698
A New Privacy
Privacy Harm
Balkin argues
Balkin argues this relationship,
relationship, like other fiduciary
1ike other relation ships , can be
fiduciary relationships,
regulated
regu 1ate d
?b7
221 . h
without . ¡
violating
w1t out vio atmg freedom . freedom of contract
contract
2228
28
or the First First
229
Amendment.229
Amendment.
230
Balkin analogizes
Balkin analogizes information
information servicesservices and service providers
service providers-' doctors
to doctors
and lawyer
lawyers, s, who
wbo owe a common-lawcommon-law duty of loyalty and confidentiality confidentiality to
231
their clients
clients and patients Balkin proposes
patient s..2’1 Balkin proposes that certain duties of loyalty and
ccrtain duties
attach to a wide array
care attach array of of entities
entities,, "“including]
includ[ing] bookstores,
bookstores, search engines ,
search engines,
ISPs,, email providcrs
ISPs providers,, cloud cloud storagestorage services
services,, providers
providers of physicalphysical and
streamed video
strearned video,, and websites websites and social social networks
networks when they deal in our
232
intellectual data”
intellectual data " (information fiduciaries)."'"
(information fiduciaries). Under Balkin
Undcr Balkin’s framework , each
' s framework,
of these
tbesc entities
entities wouldwould owe consumers consumers some degree degree of fiduciary obligation s
fiduciary obligations
233
233
when controlling
when controlling their data.
data .
with Obm
As witb Ohm’s sensitive data proposal,
' s sensitive proposal, Balkin's information fiduciaries
Balkin’s infonnation fiduciaries
framework is ill-suited
framework ill-suited as proposed proposed to protect protect consumers
consumer s frorn relational
from relational
control. Balkin’s
control. Balkin ' s framework
framework is designed designed to protect
protect consumers
consumers from direct ill ill
234
treatment
treatment by the companies
tbe companies that initially
initially collect
collect their data
data ,
, " '4 rather
rather than from
the indirect
indirect relational
relational abuses transaction s enable. Balkin
abuses that data transactions Balkin doesdoe s not
explore wbetber
explore whether and how to extcnd extend fiduciary
fiduciary obligations
obligations to data sale.
Concerned that such obligations
Concerned obligations would undermine the financia!
would underminc financial viability
viability of
235
information
information services
services ,2 Balkin also disputes
, 0 Balkin disputes,, at least to some
sorne extent,
extent , the idea
227.
227. Balkin,, supra note 19,
See Balkin 19 , at 1205 (“The
("Th e idea fiduciar y duties gives us
ide a of fiduciary usaa way
out of the neo-neo-Lochnerian
Loc hnerian modcl model that bind bindss First Amendment
Firsr Amendm ent freedoms
frecdoms to contractual freedom. Tt
contra ctual freedom. It also
offers
offe rs us a way of ex explaining
plaining why cen certain
ain kinds of information
inform ation are matters of private co nce rn that
prívate concern
governments
go vernments ca cann protec
protectt through
throu gh reasonable
reasonabl e regulation.
reg ulation. My centralce ntral point is that certain kind s of
ce rtain kinds
information co constitute
nstitut e matters of private prí vate co concern
nce rn not becabecause
use of their
the ir content,
co111em , but soc ial
beca use of the social
bue because
relationships that produ produce them .") .
ce them.”).
228..
228 A maj major dilemma raised in pri
or dilemma privacy
vacy scholarship
scho larship is how to treat co mpan y' s
trea t a company’s
privacy
privac y policy, and to what ex extent privacy
tent the priva should be understood as a contract
cy policy should bind s both
contra er that binds
consumers
co nsumers to (often-unco
(often-unconsidered)nsidered) ag agreements
reements and co companies
mpani es to prior promises of privacy.privacy . See, e.g ., M.
See. e.g., M.
Ryann Ca
Rya Calo, Against
lo , Aga inst Notice Skepticism
Skepti cism in Pri Privacy Elsew here), 87 NOTRE
vacy (and Elsewhere), NOTRE DAMEDAME L. L. REV.
REY. 1027
(2012)
(20 ; Daniel
12) ; Dan iel J.J.Solove
Solove, PrivacySe/f-Ma11
, Privacy Self-Management
age men1 a11 and
d the Dilemma,126
ConsentDilemma,
theConse111 H a r vL.
126HARV. . L. R e v1880
REY. . 1880
(2013)
(201 ; Sovem,
3); Sove supranote
rn , supra note177.177.
229.
229. See,, e.g.
See e.g.., Volokh,
Volokh , suprasupra note 114, at 1051 105 1 (arguing that many privacy laws
regulating
reg ulating the sale and disclosure disc losure of of personal information are unconstitutional
personal information under existing Fir
uncon stituti onal under st
First
Amendment
Am endment law) law)..
230. Compare Prot Protecting
ccting and Promoting
Prom oting the Open Int Internet,
ernet , 80 Fed. 19,738 ,
Fed . Reg. 19,738,
19,741
19 ,74 1 (Apr.
(Apr . 13 13,. 20
2015) (defining
15) (defi nin g a broadband
broadb and internet
intcrnet access Teleco mmuni cations Act of
access service) with Telecommunications
1996,
1996 , Pub. L. No. 104- 104-104,
104, § 3(a)(2),
3(a)(2) , 110 Stat.Stat. 56,56 , 58-60 (1996) (co difi ed at 47 U.S.C.
( 1996) (codified 153(24))
U.S. C. § 153(24))
(defining
(definin g an information servicc). service).
231.
23 1. BalkinBalkin,supra 1205 .
notee 19, at 1205.
, supra not
2 3 2 ..
232 Id. at 1221122 1 (quoting NEIL RICI-IARDS,
(q u o tin g NEIL INTELLECTUAL PRIVACY:
RICHARDS, INTELLECTUAL RETHINKING
PRIVACY: RETHINKING
CIVIL
C iv il LLiBERTIE S in
ib e r t ie s D ig it a l AGE
t h e DIGITAL
IN THE 282 (2 015
A g e 282(2 )) .
0 1 5 )).
233. Balkin does does not specify
spec ify the exact ex act scope obliga tions , which may also
sco pe of these obligations,
differ dcpendin
differ dependingg on the informationinformation fiduciary’s
fiduc iary's co commercial
mmerc ial activities. e.g ., Balkin,
See , e.g.,
activities . See, supra note 19,
Balkin , supra 19 , at
1228.
1228.
234..
234 e.g., id. at 1187-94
See, e.g., 1187-9 4 (desc(describing rece nt Facebook
ribin g a recent stud y aimed at
Face book study
manipulating
manipul ating the voting preferences
prefe rences of its users).
use rs).
235.
23 5. See id. at 1227 (" (“It cannot be the case that the basic business model of free or
lt cannol
subsidized online serv services
ices inherently violates fiduc fiduciary
iary obligations therefo re ca
obliga tions and therefore illega l.
cann be made illegal.
‘Fiduciary’
' Fiduc iary' does not mean ‘not profit. "') .
' not for profit.’”).
699
699
Yalc Journal
Yale Journal on Regulation
Regulation Vol. 34, 2017
fiduciary obligations
that fiduciary obligations should
should trigger
trigger liability
liability for possible,
possible , indirect
indirect harms
harms to
cnd-users. 236
end-users.2’6
Nonetheless,
Nonetheless, Balkin
Balkin’s's framework
framcwork can be extended extended to combat
combat the threat
thrcat of
relational control
relational control without
without threatening
threatening the basic viability viability of a free services
services
model. The responsibilities
model. responsibilities of information
information fiduciaries
fiduciaries could be expanded
expanded to
what data companies
limit what companies can sell scll to brokers
brokers and, in particular,
particular , the terms
terms of
agreemcnts. The 2014 FTC report
these agreements. report notes that tbat some
sorne data sellers
sellers demand
demand
237
consumer protections
consumer protections in their contracts
contracts with brokers.2'7
brokcrs. Contractual
Contractual provisions,
provisions,
if consistently
consistently applied
applied across
across most information
information services
services and service
service providers,
providers,
could protect
could protect consumers
consumers to a significant
significant degree
degree from the thc possibility
possibility of
relational control.
relational control. Unlike
Unlike many other other harms
harms associated
associatcd with data broker broker
238
practices,
practices,*" relational control
relational control becomes
becomes a possibility
possibility whenwhen data brokers
brokers sell
consumcr information individuals. Accordingly,
consumer information to individuals. Accordingly, restrictions
restrictions on subsequent
subsequent
sales, re-identifying
sales, re-identifying anonymized
anonymized data, and the thc use of data beyondbcyond a specified
spccified
purposes could
set of purposes could mcaningfully
meaningfully limit the ability ability of interested
interested consumers
consumers to
purchase data.
purchase
While Balkin
While Balkin does not discussdiscuss how or if fiduciary fiduciary obligations
obligations might
Jxtcnd to data sales,
extend sales, his fiduciaries
fiduciaries framework
framework could crediblycredibly be extended
extended to
oblígate companies
obligate companics to store data securely,securely, and restrict
restrict what third parties
parties and
brokers may control,
data brokers control, sell, and use. use . A broader
broader construction
construction of ftduciary
fiduciary
obligations that extends
obligations extends to data sale and storage
storage does not stretch Balkin Balkin’s's model
beyond its intended
beyond intendcd scope,
scope, as restrictions
restrictions on what data can be sold are included included
among the fiduciary
among fiduciary obligations
obligations for doctors
doctors and lawyers
lawyers and, more importantly,
importantly ,
consistent with the general
are consistent general implicit
implicit and explicit
explicit assurances
assurances that information
information
f:duciaries make to consumers
fiduciaries consumers thatthal they
thcy may be trusted
trusted with consumer data. 239
consumer data.239
VI. Doctrinal
Doctrinal Rccornrnendations
Recommendations in Light
Light of Relational
Relational Control
Protecting consumers
Protecting consumers from relational
relational control
control presents
presents a considerable
considerable
challenge, given
challenge, given the inflexible
inflexible state of U.S. privacyprivacy law and the thc legal
challengcs posed
challenges po ed by both the First First Amendment
Amendment and contract
contract law. Further,
Further,
because the threat
because threat of relational
relational control
control both emerges
emerges from a wholly
wholly legal
activity (data purchase)
activity purchase) and is the manifestation
manifestation of quintessential
quintessential human
instincts (to learn about one’s
instincts one's peers
pecrs and make choices choices based
based on that
infonnation), there is no single answer
information), answer to this threat
threat that remains
remains consistent
consistent
with U.S.
with U.S. law. Part VI offers
offcrs some initial doctrinal
doctrinal recommendations
recommendations to protect
protcct
consumers from the
consumers thc threat
threat of relational
relational control.
control. As these
thesc proposals
proposals are the first
respond to the relational
to respond relational control
control harm, they are not exhaustive
cxhaustive and unlikely
unlikely
700
New Privacy
A New Privacy Hann
Harm
to offer
offer a comprehensive
comprehensive solution. Note invites
solution . This Note invites follow-up proposals and
follow-up proposals
remedies
remedies in the years
years ahead.
A. Congressional Privacy Re
Congressional Privacy forms
Reforms
Congress
Congress should
should pass legislation
legislation that unambiguously
unambiguously protects
protects consumers
consumers
from a significant
frorn significant relational
relational control
control threat:
threat: the content
content and meta-data
meta-data of
electronic
electronic communications.
communications. The SCA prohibits prohibits providers
providers of electronic
electronic
communications
communications services
serv1ces (ECS) (ECS) from from divulging
divulging the contents ofof
the contents
communications
comrnunications to private parties while
prívate parties while those communications are "“in
those communications in
240
electronic storage."
electronic storage.’'"4'1 ltIt also prohibits
prohibits providers
providers of of a remote
remote communications
communications
service (RCS) from
service from divulging
divulging the contents communications "carried
contents of communications “carried or
24 1
maintained
rnaintained on that service.”2
service." 41 However,
However, these prohibitions contain significant
prohibitions contain significant
gaps. The SCA allowsallows entities
entities that qualify
qualify as neither
neither ECSECS nor RCS to disclose disclose
242
communications
communications to third parties,242parties , as well as ECS providers disclose the
providers to disclose
243
content
content ofof communications
communications that are not in electronic electronic storage."4'
storage . Additionally,
Additionally ,
the SCA offers
offers no protections
protections for the metadatametadata associated
associated with the content content of
244
communications.
communications.
Congress should
Congress should claseclose these gaps by passingpassing legislation
lcgislation that prohibits
prohibits any
person
person or entity from disclosing,
entity from disclo sing, without
without consent,
consent, to non-governmental
non-govemmental persons
persons
entities the content
and entities content and metadata metadata of of other
other formsforms of electronic
electronic
communication.
communication. Already,
Already , there is political interest in some
political interest reforms. In
sorne of these reforms.
245
2016,, the House
2016 House of Representatives
Representatives passed passed the Email
Email Privacy
Privacy ActAct,, 419-0.
419-0."42
The House Bill amends amends 18 U.S.C. § 2702 to bar (1) an ECS from selling selling to
third parties
parties the content
content of of any communication
communication “that "that is in electronic
electronic storage
storage
with or otherwise stored,
otherwise stored, held , held, or maintained
maintained by that service,”
service ," and (2) an RCS
from
frorn selling
selling to third parties
parties the content
content of any communication
communication communications
communications
246
"“that
that is stored, held,
he ld, or maintained
maintaincd by that service."
service.”246 This expand s
Thi s language expands
the scope
sco pe of of the SCA to protect the content cont ent of of aallli w
wire
ire and electronic
electro nic
communications
co mmunic ation s that are controlled
contr olled by an EC ECSS or RCS.
RCS.
240.
240 . 18 U.S.C.
U.S .C. § 2702(a)(1)
2702(a)( I) (2012).
(201 2) .
241.
241 . 18 U.S.C.
U .S.C . § 2702(a)(2)
2702(a)(2) (2012).
(201 2).
242. Sec See Wesley
Wes ley College
Co llcge v. Pitt
Pitts,
s, 974 F. Supp.
Supp . 375 (D.(D . Del. 1997) (“Thus,
("Thu s. a person
who docs
does not
nor provide
prov ide an electronic
elecrro nic communication
com muni cation service
serv ice (like Ferguson and Hud Hudson)
so n) can
ca n disclose
disclose or
use with
wirh impunity
impun ity the contents of an electronic communication
clcc tronic co mmu nication unlawfully
unlaw fully obtained
obtaincd from electronic
storage.”).
storage."').
243.
24 3. Jennings
See Jennin gs v. Jennings, 7366 S.E
Jennin gs . 73 S.E.2d 242, 245
.2d 242,2 45 (S (S.C. 2012)
.C . 201 2) (holding that emails
"“were electronicc storage.,
we re not in electroni storage” afrcr
after plaintiff
plaintiff “left
"left the single copie
copiess of
of his e-mails on the Yahoo!
Yahoo 1 server
and apparently did not download thcm them or save anoth
another of them in any other location”).
er copy ofthem location") .
244.. Cf. 18 U
244 U.S.C. 2702(a)(3) (2012) (prohibitin
.S .C. § 2702(a)(3) (prohibitingg an ECS or RCS from “knowingly
"knowingly
divulgfingl
divul g[ingl a record or other information pertaining
pcrta ining to a subscriber .... . . to any government entity”).
gove rnment entity").
245.. H.R.
245 H.R. 699, 114th Cong. Con g. (2016),
(2016 ) . http://www.congress.gov/bill/114th-
http ://www. con gress .gov/bill/11 4th-
congress/house-bill/699/text;
co ngress/ house-bill /699/text ; Dustin Volz, Email ail Privacy Bill
E111 Bi/1 Unanimously
U11a11i111ous/y Passes U.S. House,1-/ouse ,
REUTERS
R EUT ER (Apr.
(Apr. 27, 2016, 2016 , 4:56 AM), AM) , http://www.reuters.com/article/us-usa-congress-email-
http://www.reut ers.com/article /us-usa-congress -email-
idUSKCN0XOlJ7.
idUSK CNOXO IJ7 .
246.
246. H.R. 699,
699, 114th Cong.
Cong . § 2(a)(l)(A)-(B) (2016).
2(a)( l )(A)-(B) (201 6).
701
Y ale Journal
Yale Journal on Rcgulation
Regulation 34, 2017
Vol. 34,
B. Privacy
B. Priva cy Torts Reconsidered
702
A New
New Privacy
Privacy Harm
252.
252. R
RES TATEMENT (S
estatement (SECON D)) of
econd OF T
TORTS § 652B (Am. Law
orts L aw Inst.
ln st . 1977) (emphasis
(emphasis
added).
addcd).
253.
253. Id. emt
cmt b.
b.
254. See supra Section II.B. I1.B.
255. Cf.
Cf. Robert
Robcrt S. Litt,
Litt , The Fourth Amendment
Founh Amendm ent in the Information Age, 126
o11Age,
!11for111ati 126 YALE
Y ALE
L.J.F.
L.J.F. 8, 15
15 (Apr.
(Apr. 27, 2016) (" (“To
To this
this extent.
extent, 1 I agree w with
ith those
those who criti
criticize
cize the proposition that
the broad proposition
any
a11y information
in formati on that is disclosed to third thircl parties
parties is
is outside the protection
the protecti on of the Am enclment .
the Fourth Amendment.
Courts can appropriately
Courts appropriately take into account whether informationinformation is content or non-content inform ati on,
information,
whether it is publi
publicly disclosed
cly di sclosed through social media or is storecl stored in the equivalent
equival en! of of the cloucl,
cloud, or
whether its exposure is '‘voluntary'
its exposure voluntary ' only in the the most technical senscsense because
because of the demands
the cl modern
emancls of modern
technology.”
tcchnology (emphasis in original))
." (emphasis
256.
256. See Mary
M ary Madden,
Maclden, Public
Publi c Perceptions
Percepti ons of o f Pri
Privacy
vacy and Security in the Pos Post-
t-
Snowden
Sno wden Era, (Nov.. 12, 2014)
Era , PEW (Nov 2014)., http://www.pewintern
http://www.pewinternet.Org/2014/l
et.org/2014/11l/12/public-privacy-perceptions
/12/publ ic-pri vacy-perceptions
(“91%
("9 1% ofof adults
aclults in the survey ‘agree’
' agree' or ‘strongly
'strongly agree' that consumers
consumers havehave lost control over how
personal information
informati on is collected
coll cctecl and used by companies.”).
companies.") . Even Even the technologies
technologies that allow
“anonymous
•·anony mous browsing”
browsing" should probably not be viewed as as reliably prívate, as
reliabl y private, as intelligence and both
intelli gence and
703
Yale Journal
Journal on Regulation
Regulation Vol. 34,2017
34, 2017
v. Jones,
v. Janes, which
which pushed
pushed back on the idea that third party possession possession of data
257
invalidates an expectation
invalidates expectation of privacy
privacy from otherother third parties.2
partics. 1'7 As a threshold
threshold
determine whether
issue to determine whcther certain
certain instances
instances of relational
relational control
control may constitute
constitutc
a tortious
tortious invasion
invasion of privacy,
privacy, courts
courts should
should recognize
recognize a continued
continued privacy
privacy
interest in private
interest privatc information
information that necessarily
neccssarily must exist exist in the hands
hands of certain
certain
third parties.
partics.
recognize an intrusion
In order to recognize intrusion tort for certain
certain instances
instanccs of relational
relational
control, courts
control, courts wouldwould need to find that the thc intruder’s
intrudcr's purchase
purchase of data was
"highly offensive.”
“highly offensive." Some Sorne courts
courts have interpreted
intcrpreted the “highly
"highly offensive”
offensive"
standard as an unreasonably
standard unreasonably high bar to recognizing recognizing intrusion
intrusion case. For
example, some
example, sorne courts have held hcld that an individual's
individual’s unauthorized
unauthorizcd access
acccss of
258
another's email failed
another’s failcd to meet the standard
tandard for “highly
"highly offensive”
offcnsive" behavior,2
behavior, 1,8
interpretation that seems
an interpretation scems unreasonable
unreasonable givengivcn that the Second
Second Restatement’s
Restatement's
._,omment includes
comment includes the opening
opening of mail as an exampleexample of intrusion.
intrusion. Similarly,
Similarly, it
would seem that a consumer’s
would consumer's purchase
purchase of another’s
another's GPS data or bank
transactions could constitute
transactions constitute an intrusion
intrusion upon
upon that person’s
person 's seclusion.
scclusion.
prohibition that target’s
A legal prohibition target' the purchaser’s
purchascr's behavior
behavior nevertheless
nevcrtheless also
invites pitfalls.
invites pitfalls. An overbroad
ovcrbroad interpretation
interpretation of “highly"highly offensive”
offensive" could
undennine the value
undermine value of consumer
consumer data that is i sold to commercial
commercial entities
entities for
advertising purposes.
advertising purposes. Similarly,
Similarly, an expanded
cxpandcd intrusion
intrusion tort could chill digital
digital
consumers' acquisition
consumers’ acquisition of consumer
consumer information
information for non-harmful
non-harmful ends.end . As
courts consider
courts considcr the specific
specific fact patterns
patterns that wouldwould trigger
trigger liability
liability for
intrusion, courts
intrusion, courts should
should understand
understand “highly
"highly offensive”
offensive" in light of evolving
evolving
activity, while
norms of digital activity, while being
bcing careful
careful not to invite over enforcement
enforcement
with too broad construction. 259
broad a construction.259
704
•704
A New Privacy
Privacy Harm
Harm
While
Wbile an expanded intrusion tort could allow certain
expandcd intrusion certain victims relational
victirns of relational
control
control to sue their controller,
controller, common
cornrnon law courts could
could also expand
expand
negligence
negligence doctrine
doctrine to allow
allow suit against
against the data seller, taking
taking the route of
route
chopping at supply rather
chopping rathcr than demand. noted , courts to date have been
demand. As noted,
260
leery to find data brokers
brokers negligent contcxt.
negligent in the data sale context.260 However,, given
However
the permanence
perrnanence of data and the breadth
brcadth of its subsequent
subsequent uses, courts should
uses , courts
consider
consider whether sensitive data (in type or scope)
whether sales of highly sensitive - particularly
scope)—particularly
with no contractual
contractual restrictions
re trictions on subsequent
subsequent use or sa sale—place consumers at
le- place consumers
unreasonable
unrca sonable risk.
C. Protections
Frameworks as Ex Post Protections
Balkin and Ohm Frameworks
C. Balkin
As discussed
discussed in Part V, Balkin Balkin and Ohm each advance tbat
proposals that
advance proposals
could
could protect consumers from this new avenue
protect consumcrs abuse, while still
digital abuse,
avcnue for digital
accommodating a digital
accommodating environment that places highly
digital environment highly sensitive information
sensitive information
in the hands
hands of a diverse
di verse array commercial entities.
array of commercial
Ohm’s
Ohm's proposal
proposal should
should be expanded rcgulations to
expanded in federal and state regulations
construe a far wider
construe wider category
category of information
information as sensitive. governing
sensitive. U.S. laws governing
sensitive
sensitive data should
should recognize
recognize not only comrnunications metadata, but also
communications metadata,
new data types—
types- including calendar data
including calendar data,, browsing
browsing history, network
history , social network
data,
data , purchase
purchase records, other information
records, and other information that couldcould provide insights into a
provide insights
person’s personality
person's personality and habits.
habits. Expanding
Expa nding the data types that U.S. law
recognizes
recognize s as sensitive
sensitive would
would trigger
h·igger various
various regulatory protections - including
regulatory protections— including
FIPPs of
the FIPPs of "purposc
“purpose specification"
specification” and "use limitation "- for data that could
“use limitation”—for
261
be particularly harmful in the context
particularly harmful context of relational control.2
ofrelational control. 61
This recommendation
recommendation could prove costly, costly, as expanding
expanding the types of data
that regulators
regulators consider sensitive
considcr sensitive wouldwould likely
likely increase
increase the proportion
proportion of
companies
companies that need to submit submit to burdensome
burdensome regulatory safeguards. Over-
regulatory safcguards.
protective regulations
protective regulations could also curb the development
development of many important,
important, pro-
societal benefits
societal benefits that stem fromfrom the efficient
efficient commercia
commerciall access consumer
access to consumer
262
data.262
data.
Balkin’s conception
Balkin's conccption of information fiduciaries should
information fiduciaries construed to
should be construed
require companies to limit the risk of privacy
require companies privacy harms secondary
barm s that stem from secondary
use. The framework
framework should
should support
support regulations
regulations that could,
could, for example, requirc
example, require
companies
companies to encrypt
encrypt data while storage and allow data sale only in the
while in storage thc
context
context of contractual
contractual rules that forbid forbid re-identification subsequent,
re-identification and subsequent.
260.. See
260 See supra
supra Section
Section IITl.B.
.B.
261.
261. Ohm.
Ohm , supra note 16,16 , at 11138.
138.
262.
262. This Note has not extensively
This Note extens ive ly explored
cxplored the benefits
bcnefits of our current data broker
brokcr
regime. See,, ee.g.
regime. See g .., Ohlhausen
Ohlhausen & Okuliar,
Okuliar, supra note 16, at 121-24
121-24 (describing consumer
(describing a broad array of consumer
and societal
societal benefits
benefits advanced
advanced by data
data availability
avai labi lity in the United States). These benefits
States). These bencfits require careful
require careful
weighing
weighing of the regulatory intervcntion .
regulatory intervention.
705
Y ale Journal
Yale Joumal on Regulation
Regulation Vol. 34, 2017
purpose-flexible resale.
purpose-flexible resale. Such
Such duties
duties would
would limit brokers’
brokers' access
access to consumer
consumer
263
also likely
data, but also likely impose
impose transactional
transactional costs.263
costs.
Privacy Opt-ins
D. Privacy Opt-ins fo
forr Data
Data Sale
Sale
Privacy policies
Privacy policies remain
remain a particularly
particularly fertile
fertile ground
ground for privacy
privacy reform.
reforrn.
The FTC's Section
The FTC’s Section 5 enforcement
enforcement actionsactions take aim at companies
companies that lack
privacy policies
privacy policies and at those thosc whose
whose behavior
bchavior deviates
dcviates from their their stated
stated
264
policics.
policies."64 A Solove
As Solove and others
othcrs have
havc noted,
notcd, opt-outs
opt-outs are common
common provisions
provisions
privacy policies,
in privacy policies, often
often requiring
requiring a consumer
consumer to checkcheck a box,
box , call, or mail
rnail the
company within 265
company within a certain
certain time
time period
period to confirm
confirm their
their choice.265
choicc. However,
Howevcr, opt-
come with risks,
outs also come risks, including
including a consumer’s
consumer's implied, unwitting consent
implied, unwitting consent to
266
policies
policies that may prove dctrimental.
prove detrimental."66 In order ordcr to avoid
avoid setting
setting consumers
consumers up
"deals," the FTC should
for bad “deals,” should explore
explore requiring
requiring companies
companies to include
include a
narrow set of clear,
narrow clcar, logistically
logistically smooth
smooth opt-in
opt-in provisions
provisions regarding
regarding thethc sale of
collccted data. Requiring
collected companies receive
Requiring that companies rcccive fromfrorn consumer
consumcr consent
consent that
reduetion or denial
was not tied to a reduction denial ofof service
service would
would provide
provide a strong
strong
mechanism for consumers
mechanism consumcrs to protect
proteet themselves
themselves against
against the threat
threat of relational
relational
control.
control.
These proposed
These proposed changes
changes to privacy
privacy doctrine
doctrine will not inoculate
inoculate consumers
consumers
threat of relational
from the threat relational control,
control, nor are they they immune
immune to criticism.
eriticism.
Howcver, in tandem
However, tandem or in isolation,
isolation, these
these proposed
proposed shifts
shifts to U.S. privacy
privacy law
will help manage
manage a problem,
problem, which,
which, unconstrained,
unconstrained, may only only grow
grow in extent
extent
and intensity.
intcnsity.
Conclusion
Conclusion
706
706
A New
New Privacy
Privacy Harm
Harm
707
Copyright of Yale Journal on Regulation is the property of Yale Journal on Regulation and its
content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission. However, users may print, download, or email
articles for individual use.