Safety as Privacy

67 Pages Posted: 1 Feb 2022 Last revised: 10 Nov 2022

See all articles by A. Michael Froomkin

A. Michael Froomkin

University of Miami - School of Law; Yale University - Yale Information Society Project

Phillip J. Arencibia

Duane Morris LLP

Zak Colangelo

Lewis Brisbois Bisgaard & Smith LLP

Date Written: November 1, 2022


New technologies, such as internet-connected home devices we have come to call the Internet of Things (IoT), connected cars, sensors, drones, internet-connected medical devices, and workplace monitoring of every sort, create privacy gaps that can cause danger to people. In prior work [A. Michael Froomkin & Zak Colangelo, Privacy as Safety, 95 Wash. L. Rev. 141 (2020).] two of us sought to emphasize the deep connection between privacy and safety to lay a foundation for arguing that U.S. administrative agencies with a safety mission can and should make privacy protection one of their goals. This Article builds on that foundation with a detailed look at the safety missions of several agencies. In each case, we argue that the agency has the discretion, if not necessarily the duty, to demand enhanced privacy practices from those within its jurisdiction, and that the agency should make use of that discretion.

Armed with the understanding that privacy is or causes safety, several U.S. agencies tasked with protecting safety could achieve substantial gains to personal privacy under their existing statutory authority. Examples of agencies with untapped potential include the Federal Trade Commission (“FTC”), the Consumer Product Safety Commission (“CPSC”), the Food and Drug Administration (“FDA”), the National Highway Traffic Safety Administration (“NHTSA”), the Federal Aviation Administration (“FAA”), and the Occupational Safety and Health Administration (“OSHA”). Five of these agencies have an explicit duty to protect the public against threats to safety (or against risk of injury) and thus—as we have argued previously—should protect the public’s privacy when the absence of privacy can create a danger. The FTC’s general authority to fight unfair practices in commerce enables it to regulate commercial practices threatening consumer privacy. The FAA’s duty to ensure air safety could extend beyond airworthiness to regulating spying via drones.

The CPSC’s authority to protect against unsafe products authorizes it to regulate products putting consumers’ physical and financial privacy at risk, thus sweeping in many products associated with the IoT. NHTSA’s authority to regulate dangerous practices on the road encompasses authority to require smart car manufacturers to include precautions protecting drivers from misuses of connected car data due to the carmaker’s intention and due to security lapses caused by its inattention. Lastly, OSHA’s authority to require safe work environments encompasses protecting workers from privacy risks that threaten their physical and financial safety on the job.

Arguably, an omnibus federal statute regulating data privacy would be preferable to doubling down on the United States’ notoriously sectoral approach to privacy regulation. Here, however, we say only that until the political stars align for some future omnibus proposal, there is value in exploring methods that are within our current means. It may be only second best, but it is also much easier to implement. Thus, we offer reasonable legal constructions of certain extant federal statutes that would justify more extensive privacy regulation in the name of providing enhanced safety, a regime that we argue would be a substantial improvement over the status quo yet not require any new legislation, just a better understanding of certain agencies’ current powers and authorities. Agencies with suitably capacious safety missions should take the opportunity to regulate to protect relevant aspects of personal privacy without delay.

Keywords: Privacy, Regulation, IoT, drones, FAA, FTC, FDA, CPSC, FDA, NHTSAA

JEL Classification: K23

Suggested Citation

Froomkin, A. Michael and Arencibia, Phillip J. and Colangelo, Zak, Safety as Privacy (November 1, 2022). University of Miami Legal Studies Research Paper No. 4021420, Arizona Law Review, Forthcoming, Available at SSRN: or

A. Michael Froomkin (Contact Author)

University of Miami - School of Law ( email )

P.O. Box 248087
Coral Gables, FL 33146
United States
305-284-4285 (Phone)
305-284-6506 (Fax)

Yale University - Yale Information Society Project ( email )

127 Wall Street
New Haven, CT 06511
United States

Phillip J. Arencibia

Duane Morris LLP ( email )

United States
3059602339 (Phone)

Zak Colangelo

Lewis Brisbois Bisgaard & Smith LLP ( email )

2 Alhambra Plaza
Suite 1110
Miami, FL 33134
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics