that privacy critics arguing that most privacy rules create constitutional problems overstate their case. Since the New Deal, American law has rested on the wise judgment that, by and large, commercial regulation should be made on the basis of economic and social policy rather than blunt constitutional rules. This has become one of the basic principles of American Constitutional law. Although some observers have suggested that the Supreme Court’s recent decision in Sorrell v. IMS Health (2011) changes this state of affairs, such readings are incorrect. Sorrell involved a challenge to a poorly-drafted Vermont law that discriminated on both content and viewpoint. Such a law would have been unconstitutional if it had regulated even unprotected speech. As the Sorrell Court made clear, the real problem with the Vermont law at issue was that it didn’t regulate enough, unlike the “more coherent policy” of the undoubtedly constitutional federal Health Insurance Portability and Accountability Act of 1996.
Data privacy law should thus rarely be thought as implicating serious constitutional difficulties, which is a good thing. As we move into the digital age, in which more and more of our society is affected or constituted by data flows, we face a similar threat. If “data” were somehow “speech,” virtually every economic law would become clouded by constitutional doubt. Economic or commercial policy affecting data flows (which is to say all economic or social policy) would become almost impossible. This might be a valid policy choice, but it is not one that the First Amendment commands. Any radical suggestions to the contrary are unsupported by our Constitutional law. In a democratic society, the basic contours of information policy must ultimately be up to the people and their policymaking representatives, and not to unelected judges. We should decide policy on that basis, rather than on odd readings of the First Amendment.