Legally Cognizable Manipulation

58 Pages Posted: 18 Aug 2018 Last revised: 24 Sep 2018

See all articles by Ido Kilovaty

Ido Kilovaty

University of Tulsa College of Law; Yale University - Law School

Date Written: August 1, 2018


Swaths of personal and nonpersonal information collected online about internet users are increasingly being used in sophisticated ways to manipulate them based on that information. This represents a new trend in the exploitation of data, where instead of pursuing direct financial gain based on the face value of the data, actors are seeking to engage in data analytics using advanced artificial intelligence technologies that would allow them to more easily access individuals’ cognition and future behavior. Although in recent years the concept of online manipulation has received some academic and policy attention, the desirable relationship between the data-breach law and online manipulation is not yet well-appreciated. In other words, regulators and courts are yet to realize the power of existing legal mechanisms pertaining to data breaches in mitigating the harm of online manipulation. This Article provides an account of this relationship, by looking at online manipulation achieved through psychographic profiling. It submits that the volume, efficacy, and sophistication of present online manipulation techniques pose a considerable and immediate danger to autonomy, privacy, and democracy. Internet actors, political entities, and foreign adversaries fastidiously study the personality traits and vulnerabilities of potential voters and, increasingly, target each such voter with an individually tailored stream of information or misinformation with the intent of exploiting the weaknesses of these individuals. While new norms and regulations will have to be enacted at a certain point to address the problem of manipulation, data-breach law could provide a much-needed backdrop for the challenges presented by online manipulation, while alleviating the sense of lawlessness engulfing current misuses of personal and nonpersonal data. At the heart of this Article is the inquiry of data-breach law’s ability to recognize the full breadth of potential misuse of breached personal information, which today includes manipulation for political purposes. At present, data-breach jurisprudence does very little to recognize its evolving role in regulating misuses of personal information by unauthorized parties. It is a jurisprudence that is partially based on a narrow approach that seeks to remedy materialized harm in the context of identity theft or fraud. This approach contravenes the purpose of data-breach law – to protect individuals from the externalities of certain cyber risks by bridging informational asymmetries between corporations and consumers. This Article develops the theoretical connection between data-breach law and online manipulation, providing for a meaningful regulatory solution that is not currently used to its full extent.

Keywords: cybersecurity law, data breach notification law, Cambridge Analytica, social media, online manipulation, political manipulation, internet law, law and technology, technology law, artificial intelligence

Suggested Citation

Kilovaty, Ido, Legally Cognizable Manipulation (August 1, 2018). Berkeley Technology Law Journal, 2019, Forthcoming. Available at SSRN: or

Ido Kilovaty (Contact Author)

University of Tulsa College of Law ( email )

3120 E. Fourth Place
Tulsa, OK 74104
United States

Yale University - Law School ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

Register to save articles to
your library


Paper statistics

Abstract Views
PlumX Metrics