Download this Paper Open PDF in Browser

The Inadequate, Invaluable Fair Information Practices

31 Pages Posted: 15 Aug 2017 Last revised: 21 Sep 2017

Woodrow Hartzog

Northeastern University School of Law and College of Computer and Information Science; Stanford Law School Center for Internet and Society

Date Written: August 11, 2017

Abstract

For the past thirty years, the general advice for those seeking to collect, use, and share people’s personal data in a responsible way was relatively straightforward: follow the fair information practices, often called the “FIPs.” These general guidelines were designed to ensure that data processors are accountable for their actions and that data subjects are safe, secure, and endowed with control over their personal information. The FIPs have proven remarkably sturdy against the backdrop of near-constant technological change. Yet in the age of social media, big data, and artificial intelligence, the FIPs have been pushed to their breaking point. We are asking too much of the FIPs, yet they are far too entrenched and important to be abandoned.

New privacy risks present an opportune moment to assess the state of the FIPs in the modern world and ask whether they are up to the task. This Essay is an attempt to identify the practical virtues and limitations of the FIPs in order to help privacy law evolve while retaining traditional notions of data accountability. I argue that while we cannot do without the FIPs, it is time for lawmakers to stake out new ground. They should pay more attention to things like anti-competitive behavior and the design of information technologies. The FIPs are necessary, but not sufficient. To make privacy law whole, the FIPs must be treated as one of several frameworks to protect our personal information and people's ability to consent to data practices must be treated as a finite resource.

Suggested Citation

Hartzog, Woodrow, The Inadequate, Invaluable Fair Information Practices (August 11, 2017). 76 Maryland Law Review 952 (2017); Northeastern University School of Law Research Paper No. 301-2017. Available at SSRN: https://ssrn.com/abstract=3017312

Woodrow Hartzog (Contact Author)

Northeastern University School of Law and College of Computer and Information Science ( email )

416 Huntington Avenue
Boston, MA 02115
United States

HOME PAGE: http://https://www.northeastern.edu/law/faculty/directory/hartzog.html

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Paper statistics

Downloads
71
Rank
280,127
Abstract Views
670