A Duty of Loyalty for Privacy Law

73 Pages Posted: 5 Sep 2020 Last revised: 16 Dec 2020

See all articles by Neil M. Richards

Neil M. Richards

Washington University School of Law; Yale Information Society Project; Stanford Center for Internet and Society

Woodrow Hartzog

Northeastern University School of Law and Khoury College of Computer Sciences; Center for Law, Innovation and Creativity (CLIC); Stanford Law School Center for Internet and Society

Date Written: July 3, 2020

Abstract

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has now become a major element of the Internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with peoples’ data and online experiences to be loyal to those who trust them. But critics and companies have concerns about a duty of loyalty. What, exactly, would such a duty of loyalty require? What are the goals and limits of such a duty? Should loyalty mean obedience or a pledge to make decisions in peoples’ best interests? What would the substance of the rules implementing the duty look like?

In this article, we offer a theory of loyalty based upon the risks of digital opportunism in information relationships. Data collectors bound by this duty of loyalty would be obligated to act in the best interests of people exposing their data and online experiences, up to the extent of their exposure. They would be prohibited from designing digital tools and processing data in a way that conflicts with a trusting parties’ best interests. This duty could also be used to set rebuttable presumptions of disloyal activity and act as an interpretive guide for other duties. A duty of loyalty would be a revolution in data privacy law. That’s exactly what is needed to break the cycle of self-dealing ingrained into the current Internet. This Article offers one pathway for us to get there.

Keywords: privacy, data, surveillance, loyalty, fiduciary, torts, harm, care, data protection, technology, internet

Suggested Citation

Richards, Neil M. and Hartzog, Woodrow, A Duty of Loyalty for Privacy Law (July 3, 2020). Available at SSRN: https://ssrn.com/abstract=3642217 or http://dx.doi.org/10.2139/ssrn.3642217

Neil M. Richards

Washington University School of Law ( email )

Campus Box 1120
St. Louis, MO 63130
United States
314.935.4794 (Phone)

HOME PAGE: http://law.wustl.edu/faculty-staff-directory/profile/neil-richards/

Yale Information Society Project ( email )

New Haven, CT 06520
United States

Stanford Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Woodrow Hartzog (Contact Author)

Northeastern University School of Law and Khoury College of Computer Sciences ( email )

416 Huntington Avenue
Boston, MA 02115
United States

HOME PAGE: http://https://www.northeastern.edu/law/faculty/directory/hartzog.html

Center for Law, Innovation and Creativity (CLIC) ( email )

416 Huntington Avenue
Boston, MA 02115
United States

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
735
Abstract Views
3,249
rank
39,985
PlumX Metrics