Abstract

http://ssrn.com/abstract=2312913
 


 



The FTC and the New Common Law of Privacy


Daniel J. Solove


George Washington University Law School

Woodrow Hartzog


Samford University - Cumberland School of Law; Stanford Law School Center for Internet and Society

August 15, 2013

114 Columbia Law Review 583 (2014)
GWU Legal Studies Research Paper No. 2013-120
GWU Law School Public Law Research Paper No. 2013-120

Abstract:     
One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States — more so than nearly any privacy statute or any common law tort.

In this Article, we contend that the FTC’s privacy jurisprudence is functionally equivalent to a body of common law, and we examine it as such. We explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies. A common view of the FTC’s privacy jurisprudence is that it is thin, merely focusing on enforcing privacy promises. In contrast, a deeper look at the principles that emerge from FTC privacy “common law” demonstrates that the FTC’s privacy jurisprudence is quite thick. The FTC has codified certain norms and best practices and has developed some baseline privacy protections. Standards have become so specific they resemble rules. We contend that the foundations exist to develop this “common law” into a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, extends far beyond privacy policies, and involves a full suite of substantive rules that exist independently from a company’s privacy representations.

Number of Pages in PDF File: 94

Keywords: privacy, FTC, administrative law, common law, contract, data security, deception, unfairness, COPPA, FCRA, GLBA, Gramm-Leach-Bliley Act, Safe Harbor, FTC Act, Section 5

JEL Classification: O30, O33, M31, M37, K20, K23, K40

Accepted Paper Series





Download This Paper

Date posted: August 21, 2013 ; Last revised: April 5, 2014

Suggested Citation

Solove, Daniel J. and Hartzog, Woodrow, The FTC and the New Common Law of Privacy (August 15, 2013). 114 Columbia Law Review 583 (2014); GWU Legal Studies Research Paper No. 2013-120; GWU Law School Public Law Research Paper No. 2013-120. Available at SSRN: http://ssrn.com/abstract=2312913 or http://dx.doi.org/10.2139/ssrn.2312913

Contact Information

Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Woodrow Hartzog
Samford University - Cumberland School of Law ( email )
800 Lakeshore Dr.
Birmingham, AL 35229
United States
HOME PAGE: http://cumberland.samford.edu/faculty/woodrow-n-hartzog
Stanford Law School Center for Internet and Society ( email )
Palo Alto, CA
United States
HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog
Feedback to SSRN


Paper statistics
Abstract Views: 10,823
Downloads: 2,820
Download Rank: 1,995

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo8 in 0.234 seconds