Why Data Privacy Law Is (Mostly) Constitutional

Neil M. Richards, Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501 (2015).

35 Pages Posted: 4 Oct 2013 Last revised: 24 Sep 2020

See all articles by Neil M. Richards

Neil M. Richards

Washington University School of Law; Yale Information Society Project; Stanford Center for Internet and Society

Date Written: October 2, 2013


Laws regulating the collection, use, and disclosure of personal data are (mostly) constitutional, and critics who suggest otherwise are wrong. Since the New Deal, American law has rested on the wise judgment that, by and large, commercial regulation should be made on the basis of economic and social policy rather than blunt constitutional rules. This has become one of the basic principles of American Constitutional law. Although some observers have suggested that the Supreme Court’s recent decision in Sorrell v. IMS Health (2011) changes this state of affairs, such readings are incorrect. Sorrell involved a challenge to a poorly-drafted Vermont law that discriminated on both content and viewpoint. Such a law would have been unconstitutional if it had regulated even unprotected speech. As the Sorrell Court made clear, the real problem with the Vermont law at issue was that it didn’t regulate enough, unlike the “more coherent policy” of the undoubtedly constitutional federal Health Insurance Portability and Accountability Act of 1996.

Data privacy law should thus rarely be thought as implicating serious constitutional difficulties, which is a good thing. As we move into the digital age, in which more and more of our society is affected or constituted by data flows, we face a similar threat. If “data” were somehow “speech,” virtually every economic law would become clouded by constitutional doubt. Economic or commercial policy affecting data flows (which is to say all economic or social policy) would become almost impossible. This might be a valid policy choice, but it is not one that the First Amendment commands. Any radical suggestions to the contrary are unsupported by our Constitutional law. In a democratic society, the basic contours of information policy must ultimately be up to the people and their policymaking representatives, and not to unelected judges. We should decide policy on that basis, rather than on odd readings of the First Amendment.

Suggested Citation

Richards, Neil M., Why Data Privacy Law Is (Mostly) Constitutional (October 2, 2013). Neil M. Richards, Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501 (2015)., Available at SSRN: https://ssrn.com/abstract=2335196

Neil M. Richards (Contact Author)

Washington University School of Law ( email )

Campus Box 1120
St. Louis, MO 63130
United States
314.935.4794 (Phone)

HOME PAGE: http://law.wustl.edu/faculty-staff-directory/profile/neil-richards/

Yale Information Society Project ( email )

493 College St
New Haven, CT CT 06520
United States

Stanford Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics