Individuals as Gatekeepers against Data Misuse

28 Michigan Technology Law Review 115 (2021)

39 Pages Posted: 25 Mar 2022

See all articles by Ying Hu

Ying Hu

National University of Singapore (NUS) - Faculty of Law

Date Written: 2021


This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly likely to misuse it or to facilitate its misuse. Recognizing a legal duty to prevent data misuse provides a framework for determining the boundaries of appropriate behavior when dealing with personal data that people have legally acquired. It does not, however, abrogate the need to impose gatekeeping obligations on big technology companies.

In addition, individuals should also owe a social duty to protect the personal data in their possession. Whether individuals have sufficient incentive to protect their personal data in a particular situation depends not only on the cost of the relevant security measures, but also on their expectation of the security decisions made by others who also possess that data. Even a privacy conscious individual would have little incentive to invest in privacy protective measures if he believes that his personal data is possessed by a sufficiently large number of persons who do not invest in such measures. On the flip side, an individual’s decision to protect his personal data generates positive externalities—it incentivizes others to invest in security measures. As such, promoting the norm of data security is likely to lead to a self-reinforcing virtuous cycle which helps improve the level of data security in a given community.

Keywords: Privacy, Data misuse, Gatekeeper, Duty to prevent data misuse, Privacy paradox

JEL Classification: K00, K29

Suggested Citation

Hu, Ying, Individuals as Gatekeepers against Data Misuse (2021). 28 Michigan Technology Law Review 115 (2021), Available at SSRN:

Ying Hu (Contact Author)

National University of Singapore (NUS) - Faculty of Law ( email )

469G Bukit Timah Road
Eu Tong Sen Building
Singapore, 259776

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics