Confiding in Con Men: U.S. Privacy Law, the GDPR, and Information Fiduciaries
57 Pages Posted: 9 Apr 2019
Date Written: March 17, 2019
In scope, ambition, and animating philosophy, American privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot American regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of American law, while emulating the GDPR’s laudable normative objectives and fortifying US consumer privacy law with a moral valence it often lacks. Similar to classic fiduciaries like doctors or lawyers, information fiduciaries would owe duties of loyalty, care and confidentiality to their clients, affirmative commitments to individuals that the laissez-faire approach of American privacy law generally does not require. Fiduciary duties are also derived from the context of commercial relationships, where the law balances the professional prerogatives of the fiduciary with the rights (and vulnerabilities) of the client. Crucially, an information fiduciary model can strengthen protections for privacy, equality, and autonomy in the digital age, echoing the GDPR’s commitments to individual rights, while balancing those principles with the competing aims and constraints of the U.S. legal ecosystem.
Keywords: privacy, administrative law, consumer protection, technology, regulation, General Data Protection Regulation
Suggested Citation: Suggested Citation