09 March 2013

Positive Privacy

'Toward a Positive Theory of Privacy Law' by Lior Strahilevitz in (2013)113(1) Harvard Law Review argues that
Privacy law creates winners and losers. The distributive implications of privacy rules are often very significant, but they are also subtle. Policy and academic debates over privacy rules tend to de-emphasize their distributive dimensions, and one result is an impoverished descriptive account of why privacy laws look the way they do. The article posits that understanding the identities of the real winners and losers in privacy battles can improve predictions about which interests will prevail in the agencies and legislatures that formulate privacy rules. Along the way, the article shows how citizens whose psychological profiles indicate a strong concern for their own privacy are less likely to be politically efficacious than citizens who do not value privacy, producing a substantive skew against privacy protections. The article employs public choice theory to explain why California’s protections for public figure privacy are noticeably stronger than the protections that exist in other American jurisdictions, and what factors might explain the trans-Atlantic divide over privacy regulation with regard to Big Data, the popularity of Megan’s Laws in the United States, and the enactment of Do Not Call protections. The article concludes by noting that structural features of privacy regulation can affect the public choice dynamics that emerge in political controversies. Individuals seeking to expand privacy protections in the United States might therefore focus initially on altering the structure of American privacy laws instead of trying to change the law’s content.
Strahilevitz comments that
Privacy protections create winners and losers. So do the absence of privacy protections. The distributive implications of governmental decisions regarding privacy are often very significant, but they can be subtle too. Policy and academic debates over privacy rules tend not to emphasize the distributive dimensions of those rules,1 and many privacy advocates mistakenly believe that “all consumers and voters win” when privacy is enhanced. At the same time, privacy skeptics who do discuss privacy in distributive terms sometimes score cheap rhetorical points by suggesting that only those with shameful secrets to hide benefit from privacy protections. Neither approach is appealing, and privacy scholars ought to be able to do better.
This Article reveals some of the subtleties of privacy regulation, with a particular focus on the distributive consequences of privacy rules. The Article suggests that understanding the identities of privacy law’s real winners and losers is indispensable both to clarifying existing debates in the scholarship and to helping us predict which interests will prevail in the institutions that formulate privacy rules. Drawing on public choice theory and median voter models, I will begin to construct a positive account of why U.S. privacy law looks the way it does. I will also suggest that a key structural aspect of U.S. privacy law - its absence of a catch-all privacy provision nimble enough to confront new threats - affects the attitudes of American voters and the balance of power among interest groups. Along the way, I will also make several other subsidiary contributions: I will show why criminal history registries are quite likely to become increasingly granular over time, examine the relationship between data mining and personality-based discrimination, and explain how the U.S. political system might be biased in favor of citizens who do not value privacy to the same degree that it is biased in favor of highly educated and high-income citizens. Part I assesses the distributive implications of two privacy controversies: the extent to which public figures should be protected from the nonconsensual disclosure of information concerning their everyday activities, and the extent to which the law should suppress criminal history information. In both instances the United States is far less protective of privacy interests than Europe, and, as a result, the U.S. government has been subjected to criticism both here and abroad.
The Article shows that defensible distributive judgments undergird the American position. The European approach to celebrity privacy is highly regressive, and causes elites and nonelites to have differential access to information that is valuable to both groups. The U.S. attitude toward criminal history information may be defended on pragmatic grounds: in the absence of transparent criminal history information, individuals may try to use pernicious proxies for criminal history, like race and gender. The Article then shows how these distributive implications affect the politics of privacy; California’s interest groups are pushing that state toward European-style regulation, and there is an apparent emerging trend toward ever-increasing granularity in criminal history disclosures.
Part II analyzes the emerging issue of Big Data and consumer privacy. The Article posits that firms rely on Big Data (data mining and analytics) to tease out the individual personality characteristics that will affect the firms’ strategies about how to price products and deliver services to particular consumers. We cannot anticipate how the law will respond to the challenges posed by Big Data without assessing who gains and who loses by the shift toward new forms of personality discrimination, so the Article analyzes the likely winners and losers among voters and industry groups. The analysis focuses on population segments characterized by high levels of extraversion and sophistication, whose preferences and propensities to influence political decisions may deviate from those of introverts and unsophisticated individuals in important ways.
Part III glances across the Atlantic, using Europe’s quite different legal regime governing Big Data as a way to test some of the hypotheses articulated in Part II. Although U.S. and European laws differ significantly, the attitudes of Americans and Europeans toward privacy seem rather similar. The Article therefore posits that different public choice dynamics, especially the strength of business interests committed to data mining in the United States, are a more likely cause of the observed legal differences. But this conclusion raises the question of why European business interests committed to data mining do not have similar sway. The Article hypothesizes that structural aspects of U.S. and European privacy laws substantially affect the contents of those laws. In Europe, open ended, omnibus privacy laws permit regulators to intervene immediately to address new privacy challenges. The sectoral U.S. approach, which lacks an effective “catch-all” provision, renders American law both reactive and slow to react. As a result, by the time U.S. regulators seek to challenge an envelope-pushing practice, interest groups supporting the practice have developed, social norms have adjusted to the practice, and a great deal of the sensitive information at issue will have already been disclosed by consumers.
Part IV examines a rare case in which U.S. regulators were able to combat a substantial privacy harm despite these structural and interest group dynamics. The fact that the National Do Not Call Registry took more than a decade to be implemented, despite its enormous popularity with voters, shows just how difficult regulating privacy can be, especially since many other privacy regulations will create a substantial number of losing consumers who are likely to buttress the interests of prospective loser firms in opposing the new regulation.