The Limits of Industry-Specific Privacy Law

15 Pages Posted: 29 Jul 2015

See all articles by BJ Ard

BJ Ard

University of Wisconsin Law School

Date Written: 2015


The Internet raises several challenges for privacy law. In particular it often disrupts laws that regulate specific industries. As prior scholarship has shown, industry-specific laws are prone to circumvention and obsolescence whenever firms outside the covered industry begin collecting and using the same sorts of data. And the rapid birth (and death) of online business models makes these sorts of disruptions increasingly common. The resulting scheme is one that has sustained substantial criticism for drawing arbitrary distinctions between entities collecting the same sorts of personal information.

This essay argues that the distinct features of online commerce not only challenge discrete industry-specific laws, but also expose more fundamental difficulties for the industry-specific approach. The piecemeal enactment of laws regulating specific industries may have been effective in a time when lawmakers could identify all the industries involved in a particular data-collection practice and trust that new industries would not soon enter the same niche. Indeed, when the business landscape is stable, this approach may offer advantages insofar as it allows lawmakers to tailor their interventions to the specific incentives and norms of the regulated industries. But the information age creates at least three complications for industry-specific lawmaking. First, the accelerated rate of entry that characterizes online commerce makes it hard for legislators to keep pace on an industry-by-industry basis. Second, the intermediation of online transactions by third parties — parties ranging from Internet service providers to search engines, advertising networks, and financial institutions — exposes gaps in any intervention that targets only the industry itself without accounting for these intermediaries. And third, the relative obscurity of online surveillance makes it difficult for lawmakers to identify and target the right class of entities through the industry-specific paradigm. Neither legislators nor their constituents are well equipped to deal with surveillance practices that are invisible to them.

Keywords: privacy, industry-specific law, transaction-centered law, e-commerce, intellectual privacy, financial privacy, surveillance, transparency

Suggested Citation

Ard, BJ, The Limits of Industry-Specific Privacy Law (2015). 51 Idaho L. Rev. 607 (2015), Available at SSRN:

BJ Ard (Contact Author)

University of Wisconsin Law School ( email )

975 Bascom Mall
Madison, WI 53706
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics