Taking Trust Seriously in Privacy Law

42 Pages Posted: 5 Sep 2015 Last revised: 3 Mar 2017

Neil M. Richards

Washington University in St. Louis - School of Law; Yale Information Society Project; Stanford Center for Internet and Society

Woodrow Hartzog

Samford University - Cumberland School of Law; Stanford Law School Center for Internet and Society

Date Written: September 3, 2015

Abstract

Trust is beautiful. The willingness to accept vulnerability to the actions of others is the essential ingredient for friendship, commerce, transportation, and virtually every other activity that involves other people. It allows us to build things, and it allows us to grow. Trust is everywhere, but particularly at the core of the information relationships that have come to characterize our modern, digital lives. Relationships between people and their ISPs, social networks, and hired professionals are typically understood in terms of privacy. But the way we have talked about privacy has a pessimism problem – privacy is conceptualized in negative terms, which leads us to mistakenly look for “creepy” new practices, focus excessively on harms from invasions of privacy, and place too much weight on the ability of individuals to opt out of harmful or offensive data practices.

But there is another way to think about privacy and shape our laws. Instead of trying to protect us against bad things, privacy rules can also be used to create good things, like trust. In this paper, we argue that privacy can and should be thought of as enabling trust in our essential information relationships. This vision of privacy creates value for all parties to an information transaction and enables the kind of sustainable information relationships on which our digital economy must depend.

Drawing by analogy on the law of fiduciary duties, we argue that privacy laws and practices centered on trust would enrich our understanding of the existing privacy principles of confidentiality, transparency, and data protection. Re-considering these principles in terms of trust would move them from procedural means of compliance for data extraction towards substantive principles to build trusted, sustainable information relationships. Thinking about privacy in terms of trust also reveals a principle that we argue should become a new bedrock tenet of privacy law: the Loyalty that data holders must give to data subjects. Rejuvenating privacy law by getting past Privacy Pessimism is essential if we are to build the kind of digital society that is sustainable and ultimately beneficial to all – users, governments, and companies. There is a better way forward for privacy. Trust us.

Keywords: privacy, trust, big data, data security, consumer protection, confidentiality, loyalty, fiduciary

Suggested Citation

Richards, Neil M. and Hartzog, Woodrow, Taking Trust Seriously in Privacy Law (September 3, 2015). 19 Stanford Technology Law Review 431 (2016). Available at SSRN: https://ssrn.com/abstract=2655719 or http://dx.doi.org/10.2139/ssrn.2655719

Neil M. Richards

Washington University in St. Louis - School of Law ( email )

Campus Box 1120
St. Louis, MO 63130
United States

Yale Information Society Project ( email )

New Haven, CT 06520
United States

Stanford Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Woodrow Hartzog (Contact Author)

Samford University - Cumberland School of Law ( email )

800 Lakeshore Dr.
Birmingham, AL 35229
United States

HOME PAGE: http://cumberland.samford.edu/faculty/woodrow-n-hartzog

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Paper statistics

Downloads
768
Rank
25,221
Abstract Views
5,026