Layered Fiduciaries in the Information Age


Technology companies such as Facebook have long been criticized for abusing customers’ personal information and monetizing user data in a manner contrary to customer expectations. Some commentators suggest fiduciary law could be used to restrict how these companies use their customers’ data.1 Under this framework, a new member of the fiduciary family called the “information fiduciary” was born. The concept of an information fiduciary is that a company providing network services to “collect, analyze, use, sell, and distribute personal information” owes customers and end-users a fiduciary duty to use the collected data to promote their interests, thereby assuming fiduciary liability if it misuses or misappropriates customer data.2 Although the possibility of an information fiduciary has generated significant attention, neither questions about the scope of the information fiduciary’s duty of care nor whether corporate law’s fiduciary duties are compatible with the information fiduciary duty have been satisfactorily answered. In 2021, Facebook was renamed Meta Platforms, Inc., to expand business related to the Metaverse,3 which is expected to bring about many new digital products. The establishment and development of the information fiduciary duty will help prepare the legal framework for this new era of digitization. This Article proposes a model to implement the information fiduciary’s duty of loyalty and duty of care to end-users in today’s information age by imposing these duties on Data Protection Officers (DPOs). First, this Article sketches the contours of information fiduciary duties on DPOs, examines how these duties can be structured, and clarifies how they interact with the duties owed by directors to the company. Second, this paper addresses the use of layered fiduciaries to alleviate the potential conflict caused by the information fiduciary duty. Third, this Article discusses in detail how the fiduciary duties imposed by Delaware corporate law can be applied to the field of digital privacy and consumer data. Directors’ duties of care and loyalty in corporate law have developed over decades to form a useful system that is applicable in developing the information fiduciary duty. Implementing the information fiduciary duty can benefit from and be partially guided by existing law, like the director’s duty to inform under the duty of care and the duty to act in the best interests of the company under the duty of loyalty. Lastly, this Article explores how the information fiduciary duty can efficiently regulate multinational corporations’ international data transfers, a rarely discussed yet important aspect of world economic development

    Similar works