Privacy Legislation, not Common Law Duties

NB: This post is part of the “Skepticism About Information Fiduciaries” symposium. Other contributions can be found here.

Harold Feld–

The United States has the distinction among developed nations of lacking a comprehensive consumer privacy protection law. To fill this gap, Professor Jack Balkin proposes the creation of a new class of common law fiduciaries subject to a heightened duty of care when entrusted with a party’s personal information. In addition to providing an answer to possible First Amendment problems that could arise from limiting the ability of businesses to collect personal information and use the collected information for targeted advertising, Balkin argues that courts may expand traditional fiduciary duties to this new class of “information fiduciaries” in the accordance with traditional common law principles. This would overcome the current failure of Congress and nearly all state legislatures to address the increasingly urgent problem of personal privacy in the digital economy.

Balkin’s information fiduciary proposal, while attractive in addressing some businesses that rely on collection of personal information for targeted advertising, does not do nearly enough to protect personal privacy given the unavoidable size of our information footprint. Further, an examination of existing First Amendment case law shows no clear advantage for identification of a new common law fiduciary relationship over privacy legislation. Finally, the recent passage of the California Consumer Privacy Act (CCPA) has galvanized interest in passing comprehensive privacy legislation both on a federal level and among the other states – whereas no court has yet to identify an “information fiduciary” under the common law.

The value of Balkin’s fiduciary framework, I argue, resides not in providing an enforceable legal relationship but providing a framework for privacy legislation. The existing frameworks – the Privacy Principles adopted by the Organization for Economic Co-operation and Development (OECD) in 1980 which rely heavily on notice and consent and the property framework introduced by Louis Brandies in “The Right To Privacy” (both of which I discuss in this privacy white paper) – have significant limitations. Balkin’s proposed fiduciary framework provides a model for legislation that recognizes that the nature of the relationship between information collectors and aggregators requires imposing additional duties and restrictions to adequately protect consumers, while still enabling commerce and facilitating competition.

Continue reading