Download this Paper Open PDF in Browser

The Privacy Policymaking of State Attorneys General

71 Pages Posted: 17 Feb 2016 Last revised: 1 Mar 2017

Danielle Keats Citron

University of Maryland Francis King Carey School of Law; Yale University - Yale Information Society Project; Stanford Law School Center for Internet and Society

Date Written: February 16, 2016

Abstract

Accounts of privacy law have focused on legislation, federal agencies, and the self-regulation of privacy professionals. Crucial agents of regulatory change, however, have been ignored: the state attorneys general. This article is the first in-depth study of the privacy norm entrepreneurship of state attorneys general. Because so little has been written about this phenomenon, I engaged with primary sources — first interviewing state attorneys general and current and former career staff, and then examining documentary evidence received through FOIA requests submitted to AG offices around the country.

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices of state attorneys general have been laboratories of privacy enforcement. State attorneys general have been nimble privacy enforcement pioneers where federal agencies have been more conservative or constrained by politics. Their local knowledge, specialization, multi-state coordination, and broad legal authority have allowed them to experiment in ways that federal agencies cannot. These characteristics have enabled them to establish baseline fair information protections; expand the frontiers of privacy law to cover sexual intimacy and youth; and pursue enforcement actions that have harmonized privacy policy.

Although certain systemic practices enhance AG privacy policy making, others blunt its impact, including an over reliance on informal agreements that lack law’s influence and a reluctance to issue closing letters identifying data practices that comply with the law. This article offers ways state attorneys general can function more effectively through informal and formal proceedings. It addresses concerns about the potential pile-up of enforcement activity, federal preemption, and the dormant Commerce Clause. It urges state enforcers to act more boldly in the face of certain shadowy data practices.

Keywords: privacy, bankruptcy, transparency, data breach, consumer protection, financial privacy, data security, UDAP

Suggested Citation

Citron, Danielle Keats, The Privacy Policymaking of State Attorneys General (February 16, 2016). 92 Notre Dame Law Review 747 (2016); U of Maryland Legal Studies Research Paper No. 2016-08. Available at SSRN: https://ssrn.com/abstract=2733297

Danielle Keats Citron (Contact Author)

University of Maryland Francis King Carey School of Law ( email )

500 West Baltimore Street
Baltimore, MD 21201-1786
United States

Yale University - Yale Information Society Project

127 Wall Street
New Haven, CT 06511
United States

Stanford Law School Center for Internet and Society

Palo Alto, CA
United States

Paper statistics

Downloads
821
Rank
23,589
Abstract Views
5,161