A General Defense of Information Fiduciaries
35 Pages Posted: 22 Sep 2020 Last revised: 28 Sep 2020
Date Written: September 12, 2020
Countless high-profile abuses of user data by leading technology companies have raised a basic question: should firms that traffic in user data be held legally responsible to their users as “information fiduciaries”? Privacy legislation to impose fiduciary duties of care, confidentiality and loyalty on data collectors enjoys bipartisan support but faces strong opposition from scholars. First, critics argue that the information fiduciary concept flies in the face of fundamental corporate law principles that require firms to prioritize shareholder interests over those of users. Second, it is said that the overwhelming self-interest of digital companies makes fiduciary loyalty impossible as a practical matter from the outset.
This essay finds neither objection convincing. The first objection rests on a mischaracterization of corporate law, which in reality would require compliance with user-regarding fiduciary obligations—the opposite of what critics fear. The second objection fails to convince because fiduciary law has proven itself adaptable enough to survive such challenges in other settings, such as in the asset management industry. The second objection nevertheless reveals a need for greater specificity of the fiduciary duties that would be imposed under the information fiduciary model, but even then it is unlikely that either objection would undermine the model.
Keywords: Fiduciary law, privacy law, data, loyalty, online service providers, social media, surveillance, user privacy, data security, technology
Suggested Citation: Suggested Citation