Fiduciary Boilerplate: Locating Fiduciary Relationships in Information Age Consumer Transactions

The result of applying general contract principles to consumer boilerplate has been a mass transfer of unrestricted rights to use and sell personal information from consumers to companies. This has enriched companies and enhanced their ability to manipulate consumers. It has also contributed to the modern data insecurity crisis. Information age consumer transactions should create fiduciary relationships between firm and consumer as a matter of law. Recognizing this fiduciary relationship at law honors the existence of consumer agreements while also putting adaptable, contextsensitive limits on opportunistic behavior by firms. In a world of ubiquitous, interconnected, and mutable contracts, consumers must trust the companies with which they transact not to expose them to economic exploitation and undue security risks: the very essence of a fiduciary relationship. Firms owe fiduciary duties of loyalty and care to their customers that cannot be displaced by assent to boilerplate. History, doctrine, and pragmatism all support this positio

Privacy Remedies

When consumers sue companies for privacy-intrusive practices, they are often unsuccessful. Many cases fail in federal court at the motion to dismiss phase because the plaintiff has not shown the privacy infringement has caused her concrete harm. This is a symptom of a broader issue: the failure of courts and commentators to describe the relationship between privacy rights and privacy remedies. This Article contends that restitution is the normal measure of privacy remedies. Restitution measures relief by economic gain to the defendant. If a plaintiff can show the likely ability to recover in restitution, that should be sufficient to pass muster at the motion to dismiss phase even if the court is unconvinced that the plaintiff could show a case for compensatory damages flowing from harm. This argument intervenes in the scholarly literature in two ways. First, it supports the realist perspective that remedies are constitutive of rights. The election of restitution as a remedy suggests that privacy should be conceptualized in tort as quasi-property, and that contract and/or restitution claims should be a standard part of privacy infringement pleadings. Second, it challenges the view that defining specific and stronger privacy rights at law would be sufficient to increase privacy protection. If any privacy rights are to exist at all, they must be linked to proportional, accessible remedies

Algorithmic Contracts

Algorithmic contracts are contracts in which an algorithm determines a party’s obligations. Some contracts are algorithmic because the parties used algorithms as negotiators before contract formation, choosing which terms to offer or accept. Other contracts are algorithmic because the parties agree that an algorithm to be run at some time after the contract formation will serve as a gap-filler. Such agreements are already common in high speed trading of financial products and will soon spread to other contexts. However, contract law doctrine does not currently have a coherent approach to describing the creation and enforcement of algorithmic contracts. This Article fills this gap in doctrinal law and legal literature, providing a definition and novel taxonomy of algorithmic contracts. The algorithmic contracts that present the most significant problems for con-tract law are those that involve “black box” algorithmic agents, whose decision-making is not functionally understandable ex ante – or sometimes not even human-intelligible at all. There is only a tenuous case for their enforceability under currently accepted approaches to contract law. The Uniform Electronic Transactions Act (UETA) was written and widely adopted nearly twenty years ago to make sure that contracts made electronically using basic automation techniques would be recognized as enforceable. However, the language of the UETA may be read to treat all putative contracts made with algorithms as properly formed, simply because they happen to be electronic. Unintended consequences of this approach include opportunities for fraud, market manipulation, and a general lack of algorithmic, and thus corporate, accountability. This Article’s approach looks to the common law of agency for inspiration. Some algorithms commonly used in contract formation have been delegated a level of responsibility that justifies the use of agency principles. When algorithms take on a role in contract formation analogous to that of human agents, they should be considered constructive agents for the purpose of contract formation. The company consenting to the contract can be said to have authorized or ratified the con-tract formed on its behalf by the algorithm. This approach explains easy cases while also showing why algorithmic contracts, even many black box algorithmic contracts, are enforceable. Furthermore, establishing a doctrinally robust connection between the actions of the algorithm and the intent of the contracting party promotes algorithmic accountability

Private Rights of Action in Privacy Law

Many privacy advocates assume that the key to providing individuals with more privacy protection is strengthening the government’s power to directly sanction actors that hurt the privacy interests of citizens. This Article contests the conventional wisdom, arguing that private rights of action are essential for privacy regulation. First, I show how private rights of action make privacy law regimes more effective in general. Private rights of action are the most direct regulatory access point to the private sphere. They leverage private expertise and knowledge, create accountability through discovery, and have expressive value in creating privacy-protective norms. Then to illustrate the general principle, I provide examples of how private rights of action can improve privacy regulation in a suite of key modern privacy problems. We cannot afford to leave private rights of action out of privacy reform