Legislating Data Loyalty

97 Notre Dame Law Review Reflection 356 (2022)

29 Pages Posted: 21 Jun 2022

See all articles by Woodrow Hartzog

Woodrow Hartzog

Boston University School of Law; Stanford Law School Center for Internet and Society

Neil M. Richards

Washington University School of Law; Yale Information Society Project; Stanford Center for Internet and Society

Date Written: June 8, 2022

Abstract

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our model takes advantage of loyalty’s strengths—it is well-established in our law, it is flexible, and it can accommodate conflicting values. Our Essay also explains how data loyalty can embolden our existing data privacy rules, address emergent dangers, solve privacy’s problems around consent and harm, and establish an antibetrayal ethos as America’s privacy identity.

We propose that lawmakers use a two-step process to (1) articulate a primary, general duty of loyalty, then (2) articulate “subsidiary” duties that are more specific and sensitive to context. Subsidiary duties regarding collection, personalization, gatekeeping, persuasion, and mediation would target the most opportunistic contexts for self-dealing and result in flexible open-ended duties combined with highly specific rules. In this way, a duty of data loyalty is not just appealing in theory—it can be effectively implemented in practice just like the other duties of loyalty our law has recognized for hundreds of years. Loyalty is thus not only flexible, but it is capable of breathing life into America’s historically tepid privacy frameworks.

Keywords: privacy, data, surveillance, loyalty, fiduciary, torts, harm, care, data protection, technology, internet

Suggested Citation

Hartzog, Woodrow and Richards, Neil M., Legislating Data Loyalty (June 8, 2022). 97 Notre Dame Law Review Reflection 356 (2022), Available at SSRN: https://ssrn.com/abstract=4131523

Woodrow Hartzog (Contact Author)

Boston University School of Law ( email )

765 Commonwealth Avenue
Boston, MA 02215
United States

HOME PAGE: http://https://www.bu.edu/law/profile/woodrow-hartzog/

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Neil M. Richards

Washington University School of Law ( email )

Campus Box 1120
St. Louis, MO 63130
United States
314.935.4794 (Phone)

HOME PAGE: http://law.wustl.edu/faculty-staff-directory/profile/neil-richards/

Yale Information Society Project ( email )

493 College St
New Haven, CT CT 06520
United States

Stanford Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
659
Abstract Views
2,633
Rank
73,656
PlumX Metrics