The Pursuit of Privacy in a World Where Information Control Is Failing

The Pursuit of Privacy in a World Where Information Control Is Failing

Published in
Adam Thierer | Mar 18, 2013

This Article—which focuses not on privacy rights against the government, but against private actors—cuts against the grain of much modern privacy scholarship by suggesting that expanded regulation is not the most constructive way to go about ensuring greater online privacy. The inherent subjectivity of privacy as a personal and societal value is one reason why expanded regulation is not sensible. Privacy has long been a thorny philosophical and jurisprudential matter; few can agree on its contours or can cite firm constitutional grounding for the rights or restrictions they articulate.  Part I discusses some of the normative considerations raised by the debate on privacy right and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States.

This Article does not dwell on that widely acknowledged controversy. Instead, a different complication is introduced here: Legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Part II considers the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

Because it will be exceedingly difficult to devise a fixed legal standard for privacy that will be satisfactory for a diverse citizenry (not all of whom value privacy equally), and because it will be increasingly difficult to enforce that standard even if it can be determined, alternative approaches to privacy protection should be considered. Part III of the Article argues that the best way to protect personal privacy is to build on the approach now widely utilized to deal with online child safety concerns, where the role of law has been constrained by similar factors. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression. A similar layered approach can help us strike a reasonable balance between information sharing, online commerce, and personal privacy in an information marketplace characterized by rapid technological change and constantly evolving social norms.

' '