A Duty of Loyalty for Privacy Law

99 Washington University Law Review 961 (2021)

61 Pages Posted: 5 Sep 2020 Last revised: 4 Apr 2022

See all articles by Neil M. Richards

Neil M. Richards

Washington University School of Law; Yale Information Society Project; Stanford Center for Internet and Society

Woodrow Hartzog

Boston University School of Law; Stanford Law School Center for Internet and Society

Date Written: July 3, 2020


Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, exactly, would such a duty of loyalty require? What are the goals and limits of such a duty? Should loyalty mean obedience or a pledge to make decisions in people’s best interests? What would the substance of the rules implementing the duty look like? And what would its limits be?

This Article suggests a duty of loyalty for personal information that answers these objections and represents a promising way forward for privacy law. We offer a theory of loyalty based upon the risks of digital opportunism in information relationships that draws upon existing—and in some cases ancient—precedent in other areas of American law. Data collectors bound by this duty of loyalty would be obligated to act in the best interests of people exposing their data and online experiences, up to the extent of their exposure. They would be prohibited from designing digital tools and processing data in a way that conflicts with trusting parties’ best interests. We explain how such a duty could be used to set rebuttable presumptions of disloyal activity and to act as an interpretive guide for other duties. And we answer a series of objections to our proposed duty, including that it would be vague, be too narrow, entrench surveillance capitalism, create a problem of conflicting duties, and spell the end of surveillance-based “targeted advertising.” The duty of loyalty we envision would certainly be a revolution in data privacy law. But that is exactly what is needed to break the cycle of self-dealing and manipulation ingrained in both the current internet and our society as a whole. This Article offers one pathway for us to get there.

Keywords: privacy, data, surveillance, loyalty, fiduciary, torts, harm, care, data protection, technology, internet

Suggested Citation

Richards, Neil M. and Hartzog, Woodrow, A Duty of Loyalty for Privacy Law (July 3, 2020). 99 Washington University Law Review 961 (2021), Available at SSRN: https://ssrn.com/abstract=3642217 or http://dx.doi.org/10.2139/ssrn.3642217

Neil M. Richards

Washington University School of Law ( email )

Campus Box 1120
St. Louis, MO 63130
United States
314.935.4794 (Phone)

HOME PAGE: http://law.wustl.edu/faculty-staff-directory/profile/neil-richards/

Yale Information Society Project ( email )

493 College St
New Haven, CT CT 06520
United States

Stanford Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Woodrow Hartzog (Contact Author)

Boston University School of Law ( email )

765 Commonwealth Avenue
Boston, MA 02215
United States

HOME PAGE: http://https://www.bu.edu/law/profile/woodrow-hartzog/

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics