'Toward a Positive Theory of Privacy Law' by Lior
Strahilevitz in (2013)113(1)
Harvard Law Review argues that
Privacy law creates winners and losers. The distributive implications of privacy
rules are often very significant, but they are also subtle. Policy and academic
debates over privacy rules tend to de-emphasize their distributive dimensions,
and one result is an impoverished descriptive account of why privacy laws look
the way they do. The article posits that understanding the identities of the
real winners and losers in privacy battles can improve predictions about which
interests will prevail in the agencies and legislatures that formulate privacy
rules. Along the way, the article shows how citizens whose psychological
profiles indicate a strong concern for their own privacy are less likely to be
politically efficacious than citizens who do not value privacy, producing a
substantive skew against privacy protections. The article employs public choice
theory to explain why California’s protections for public figure privacy are
noticeably stronger than the protections that exist in other American
jurisdictions, and what factors might explain the trans-Atlantic divide over
privacy regulation with regard to Big Data, the popularity of Megan’s Laws in
the United States, and the enactment of Do Not Call protections. The article
concludes by noting that structural features of privacy regulation can affect
the public choice dynamics that emerge in political controversies. Individuals
seeking to expand privacy protections in the United States might therefore focus
initially on altering the structure of American privacy laws instead of trying to change the law’s content.
Strahilevitz comments that
Privacy protections create winners and losers. So do the absence of
privacy protections. The distributive implications of governmental decisions
regarding privacy are often very significant, but they can be subtle
too. Policy and academic debates over privacy rules tend not to emphasize
the distributive dimensions of those rules,1 and many privacy advocates
mistakenly believe that “all consumers and voters win” when privacy is
enhanced. At the same time, privacy skeptics who do discuss privacy in
distributive terms sometimes score cheap rhetorical points by suggesting
that only those with shameful secrets to hide benefit from privacy protections.
Neither approach is appealing, and privacy scholars ought to be able
to do better.
This Article reveals some of the subtleties of privacy regulation, with a
particular focus on the distributive consequences of privacy rules. The Article
suggests that understanding the identities of privacy law’s real winners
and losers is indispensable both to clarifying existing debates in the
scholarship and to helping us predict which interests will prevail in the institutions
that formulate privacy rules. Drawing on public choice theory
and median voter models, I will begin to construct a positive account of
why U.S. privacy law looks the way it does. I will also suggest that a key
structural aspect of U.S. privacy law - its absence of a catch-all privacy
provision nimble enough to confront new threats - affects the attitudes of
American voters and the balance of power among interest groups. Along
the way, I will also make several other subsidiary contributions: I will
show why criminal history registries are quite likely to become increasingly
granular over time, examine the relationship between data mining and
personality-based discrimination, and explain how the U.S. political system
might be biased in favor of citizens who do not value privacy to the same
degree that it is biased in favor of highly educated and high-income citizens.
Part I assesses the distributive implications of two privacy controversies:
the extent to which public figures should be protected from the nonconsensual
disclosure of information concerning their everyday activities,
and the extent to which the law should suppress criminal history information.
In both instances the United States is far less protective of privacy
interests than Europe, and, as a result, the U.S. government has been subjected
to criticism both here and abroad.
The Article shows that defensible
distributive judgments undergird the American position. The European
approach to celebrity privacy is highly regressive, and causes elites and
nonelites to have differential access to information that is valuable to both
groups. The U.S. attitude toward criminal history information may be defended
on pragmatic grounds: in the absence of transparent criminal history
information, individuals may try to use pernicious proxies for criminal
history, like race and gender. The Article then shows how these distributive
implications affect the politics of privacy; California’s interest groups
are pushing that state toward European-style regulation, and there is an apparent
emerging trend toward ever-increasing granularity in criminal history
disclosures.
Part II analyzes the emerging issue of Big Data and consumer privacy.
The Article posits that firms rely on Big Data (data mining and analytics)
to tease out the individual personality characteristics that will affect the
firms’ strategies about how to price products and deliver services to particular
consumers. We cannot anticipate how the law will respond to the
challenges posed by Big Data without assessing who gains and who loses
by the shift toward new forms of personality discrimination, so the Article
analyzes the likely winners and losers among voters and industry groups.
The analysis focuses on population segments characterized by high levels
of extraversion and sophistication, whose preferences and propensities to
influence political decisions may deviate from those of introverts and unsophisticated
individuals in important ways.
Part III glances across the Atlantic, using Europe’s quite different legal
regime governing Big Data as a way to test some of the hypotheses articulated
in Part II. Although U.S. and European laws differ significantly, the
attitudes of Americans and Europeans toward privacy seem rather similar.
The Article therefore posits that different public choice dynamics, especially
the strength of business interests committed to data mining in the United
States, are a more likely cause of the observed legal differences. But this
conclusion raises the question of why European business interests committed
to data mining do not have similar sway. The Article hypothesizes that
structural aspects of U.S. and European privacy laws substantially affect
the contents of those laws. In Europe, open ended, omnibus privacy laws
permit regulators to intervene immediately to address new privacy challenges.
The sectoral U.S. approach, which lacks an effective “catch-all” provision, renders American law both reactive and slow to react. As a result,
by the time U.S. regulators seek to challenge an envelope-pushing
practice, interest groups supporting the practice have developed, social
norms have adjusted to the practice, and a great deal of the sensitive information
at issue will have already been disclosed by consumers.
Part IV examines a rare case in which U.S. regulators were able to
combat a substantial privacy harm despite these structural and interest
group dynamics. The fact that the National Do Not Call Registry took
more than a decade to be implemented, despite its enormous popularity
with voters, shows just how difficult regulating privacy can be, especially
since many other privacy regulations will create a substantial number of
losing consumers who are likely to buttress the interests of prospective
loser firms in opposing the new regulation.
