Why Data Privacy Law Is (Mostly) Constitutional

Laws regulating the collection, use, and disclosure of personal data are (mostly) constitutional, and critics who suggest otherwise are wrong. Since the New Deal, American law has rested on the wise judgment that, by and large, commercial regulation should be made on the basis of economic and social policy, rather than blunt constitutional rules. This has become one of the basic principles of American constitutional law. Although some observers have suggested that the United States Supreme Court’s recent decision in Sorrell v. IMS Health Inc. changes this state of affairs, such readings are incorrect. Sorrell involved a challenge to a poorly drafted Vermont law that discriminated on the basis of both content and viewpoint. Such a law would have been unconstitutional if it had regulated even unprotected speech. As the Sorrell Court made clear, the real problem with the Vermont law at issue was that it did not regulate enough, unlike the “more coherent policy” of the undoubtedly constitutional federal Health Insurance Portability and Accountability Act of 1996. Data privacy law should thus rarely be thought of as implicating serious constitutional difficulties, and this is a good thing. As we move into the digital age, in which more and more of our society is affected or constituted by data flows, we face a similar threat. If “data” were somehow “speech,” virtually every economic law would become clouded by constitutional doubt. Economic or commercial policy affecting data flows—which is to say all economic or social policy—would become almost impossible. This might be a valid policy choice, but it is not one that the First Amendment commands. Any radical suggestions to the contrary are unsupported by our constitutional law. In a democratic society, the basic contours of information policy must ultimately be up to the people and their policy-making representatives, and not to unelected judges. We should decide policy on that basis, rather than on odd readings of the First Amendment

Foreword: The Rehnquist Court and the First Amendment

This paper introduces the question -- what will be the legacy of the Rehnquist Court? Although it is too early to say with certainty, it is safe to hazard a guess that it will be remembered as a relatively conservative Court, particularly interested in policing the lines between federal and state power in areas such as the federal commerce power, state sovereign immunity, and criminal procedure. Indeed, it is in these areas that the “Rehnquist Court” is most aptly named, for William Rehnquist was a leader of the Court’s doctrinal evolution in these areas in a number of ways. Despite the Court’s emphasis on federalism and constitutional criminal law, issues of First Amendment law remained consistently at the top of the docket in terms of importance. Over its two decades, the Rehnquist Court grappled with a host of fundamental First Amendment issues, involving a panoply of questions basic to any free society. Among many others, it addressed questions of flag burning, hate speech, sexually-explicit speech, speech in the digital environment, free speech versus the right to privacy, free speech and the regulation of intellectual property, the scope of the rights of expressive association and religious free exercise,9 and the prohibition on the establishment of religion

The Puzzle of Brandeis, Privacy, and Speech

The Right to Privacy\u27 and his dissent in Olmstead v. United States. In The Right to Privacy, Brandeis and Samuel Warren argued that intrusion into and public disclosure of private affairs by the press was deeply hurtful, and that the common law should be read to recognize a tort remedy for such violations. Their short article is considered by scholars to have established not just the privacy torts but the field of privacy law itself. Brandeis is also famous (though less so) for his Olmstead dissent-a document which introduced modern concepts of privacy into constitutional law, and ultimately led not only to the reasonable expectation of privacy test that governs Fourth Amendment law,4 but also shaped the constitutional right to privacy recognized in Griswold v. Connecticut5 and Roe v. Wade. While sounding good in theory, the right to privacy has proven hard to apply in practice. From its earliest recognition by the common law, and particularly since the 1960s, tort privacy has conflicted with First Amendment rights of free speech and press. Over the years, the conflict between privacy and speech has generated a substantial literature. Important litigation has also examined the constitutionality of privacy rights under the First Amendment, with the First Amendment usually prevailing. An important theme running throughout these cases and commentary is that privacy and speech are in irreconcilable conflict. The assumed conflict between privacy and speech reveals a puzzle. In addition to establishing the modern legal conception of privacy, Brandeis is also a central figure in the genesis of First Amendment law. In a series of separate opinions in free speech cases from 1919-1925, Justice Brandeis articulated a more robust notion of the First Amendment that has subsequently become the dominant one in American constitutional law.\u270 Brandeis\u27s most important contribution to this tradition is his opinion in Whitney v. California, which Vincent Blasi has called arguably the most important essay ever written, on or off the bench, on the meaning of the First Amendment

Prosser\u27s Privacy Law: A Mixed Legacy

This Article examines the complex ways in which William Prosser shaped the development of the American law of tort privacy. Although Prosser certainly gave tort privacy an order and legitimacy that it had previously lacked, he also stunted its development in ways that limited its ability to adapt to the problems of the Information Age. His skepticism about privacy, as well as his view that tort privacy lacked conceptual coherence, led him to categorize the law into a set of four narrow categories and strip it of any guiding concept to shape its future development. Prosser’s legacy for tort privacy law is thus a mixed one: He greatly increased the law’s stature at the cost of giving it no guidance and making it less able to adapt to new circumstances in the future. If tort privacy is to remain vital in a digital age, it must move beyond Prosser’s conception

Rethinking Free Speech and Civil Liability

One of the most important and unresolved quandaries of First Amendment jurisprudence involves when civil liability for speech will trigger First Amendment protections. When speech results in civil liability, two starkly opposing rules are potentially applicable. Since New York Times v. Sullivan, the First Amendment requires heightened protection against tort liability for speech, such as defamation and invasion of privacy. But in other contexts involving civil liability for speech, the First Amendment provides virtually no protection. According to Cohen v. Cowles, there is no First Amendment scrutiny for speech restricted by promissory estoppel and contract. The First Amendment rarely requires scrutiny when property rules limit speech. Both of these rules are widely-accepted. However, there is a major problem - in a large range of situations, the rules collide. Tort, contract, and property law overlap significantly, so formalistic distinctions between areas of law will not adequately resolve when the First Amendment should apply to civil liability. Surprisingly, few scholars and jurists have recognized or grappled with this problem. The conflict between the two rules is vividly illustrated by the law of confidentiality. People routinely assume express or implied duties not to disclose another\u27s personal information. Does the First Amendment apply to these duties of confidentiality? Should it? More generally, in cases where speech results in civil liability, which rule should apply, and when? The law currently fails to provide a coherent test and rationale for when the Sullivan or Cohen rule should govern. In this article, Professors Daniel J. Solove and Neil M. Richards contend that the existing doctrine and theories are inadequate to resolve this conflict. They propose a new theory, one that focuses on the nature of the government power involved

Prosser\u27s Privacy Law: A Mixed Legacy

This Article examines the complex ways in which William Prosser shaped the development of the American law of tort privacy. Although Prosser certainly gave tort privacy an order and legitimacy that it had previously lacked, he also stunted its development in ways that limited its ability to adapt to the problems of the Information Age. His skepticism about privacy, as well as his view that tort privacy lacked conceptual coherence, led him to categorize the law into a set of four narrow categories and strip it of any guiding concept to shape its future development. Prosser’s legacy for tort privacy law is thus a mixed one: He greatly increased the law’s stature at the cost of giving it no guidance and making it less able to adapt to new circumstances in the future. If tort privacy is to remain vital in a digital age, it must move beyond Prosser’s conception

Privacy\u27s Other Path: Recovering the Law of Confidentiality

The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis invented the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual\u27s inviolate personality. English law, however, rejected Warren and Brandeis\u27s conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law\u27s divergent paths reveals that each body of law\u27s conception of privacy has much to teach the other

Privacy\u27s Other Path: Recovering the Law of Confidentiality

The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis invented the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual\u27s inviolate personality. English law, however, rejected Warren and Brandeis\u27s conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law\u27s divergent paths reveals that each body of law\u27s conception of privacy has much to teach the other

Rethinking Free Speech and Civil Liability

One of the most important and unresolved quandaries of First Amendment jurisprudence involves when civil liability for speech will trigger First Amendment protections. When speech results in civil liability, two starkly opposing rules are potentially applicable. Since New York Times v. Sullivan, the First Amendment requires heightened protection against tort liability for speech, such as defamation and invasion of privacy. But in other contexts involving civil liability for speech, the First Amendment provides virtually no protection. According to Cohen v. Cowles, there is no First Amendment scrutiny for speech restricted by promissory estoppel and contract. The First Amendment rarely requires scrutiny when property rules limit speech. Both of these rules are widely-accepted. However, there is a major problem - in a large range of situations, the rules collide. Tort, contract, and property law overlap significantly, so formalistic distinctions between areas of law will not adequately resolve when the First Amendment should apply to civil liability. Surprisingly, few scholars and jurists have recognized or grappled with this problem. The conflict between the two rules is vividly illustrated by the law of confidentiality. People routinely assume express or implied duties not to disclose another\u27s personal information. Does the First Amendment apply to these duties of confidentiality? Should it? More generally, in cases where speech results in civil liability, which rule should apply, and when? The law currently fails to provide a coherent test and rationale for when the Sullivan or Cohen rule should govern. In this article, Professors Daniel J. Solove and Neil M. Richards contend that the existing doctrine and theories are inadequate to resolve this conflict. They propose a new theory, one that focuses on the nature of the government power involved

The Pathologies of Digital Consent

Consent permeates both our law and our lives — especially in the digital context. Consent is the foundation of the relationships we have with search engines, social networks, commercial web sites, and any one of the dozens of other digitally mediated businesses we interact with regularly. We are frequently asked to consent to terms of service, privacy notices, the use of cookies, and so many other commercial practices. Consent is important, but it’s possible to have too much of a good thing. As a number of scholars have documented, while consent models permeate the digital consumer landscape, the practical conditions of these agreements fall far short of the gold standard of knowing and voluntary consent. Yet as scholars, advocates, and consumers, we lack a common vocabulary for talking about the different ways in which digital consents can be flawed.This article offers four contributions to improve our understanding of consent in the digital world. First, we offer a conceptual vocabulary of “the pathologies of consent” — a framework for talking about different kinds of defects that consent models can suffer, such as unwitting consent, coerced consent, and incapacitated consent. Second, we offer three conditions for when consent will be most valid in the digital context: when choice is infrequent, when the potential harms resulting from that choice are vivid and easy to imagine, and where we have the correct incentives choose consciously and seriously. The further we fall from these conditions, the more a particular consent will be pathological and thus suspect. Third, we argue that out theory of consent pathologies sheds light on the so-called “privacy paradox” — the notion that there is a gap between what consumers say about wanting privacy and what they actually do in practice. Understanding the “privacy paradox” in terms of consent pathologies shows how consumers are not hypocrites who say one thing but do another. On the contrary, the pathologies of consent reveal how consumers can be nudged and manipulated by powerful companies against their actual interests, and that this process is easier when consumer protection law falls far from the gold standard. In light of these findings, we offer a fourth contribution — the theory of consumer trust we have suggested in prior work and which we further elaborate here as an alternative to our over-reliance on consent and its many pathologies