Download This PaperSham Choice: How the Current Privacy Regime Fails Us, and How to Fix It
36 Pages Posted: 30 Nov 2022 Last revised: 20 Dec 2022
Date Written: November 18, 2022
Abstract
Many of the businesses that we interact with as consumers are greatly interested in acquiring personal information about us and using it in ways designed to improve their bottom line. Many consumers, on the other hand, want to maintain control over their personal information, allowing its collection and use only in service of their own interests.
To mediate between these conflicting goals, many jurisdictions rely upon a privacy regime that is premised on the paradigm of notice and choice. Under this paradigm, a business provides consumers with notice of its privacy policies, and consumers, armed with that information, decide whether to enter a transaction with the business.
Commentators and regulators have devoted much attention to the element of notice, seeking to encourage or require businesses to provide notice of their privacy policies in such a way that consumers will become aware of the notice be able to comprehend it. Surprisingly little attention has been directed to the element of choice, which is no less crucial to the notice-and-choice paradigm.
One might say that consumers always have a choice available to them: they can choose to decline to enter into a transaction with a business whose privacy policy does not meet their requirements. But consumers have to get their goods and services from some source. So they have privacy choices only if the market offers them a range of privacy policies from different sellers of a particular type of product.
This article demonstrates that the market does not in fact offer consumers such a choice in one segment of consumer goods. Through an analysis of the privacy policies accompanying several categories of Internet-connected devices, it shows that the privacy policies are almost identical across several measures likely to be of greatest interest to consumers. This analysis complements previous work in which I showed that the same is true of the privacy policies accompanying commercial websites and mobile apps.
Under these conditions, the notice-and-choice paradigm is a sham. It offers the illusion of consumer choice when actually there is virtually none.
This article proposes a solution: two legal rules that prevent sellers from requiring consumers to agree to uses of their personal information that are not needed to complete the transaction that a consumer wishes to enter. These rules are already present in the General Data Protection Regulation, the European Union’s comprehensive privacy regulatory scheme, and in privacy laws that several of the states of the United States have recently enacted. It consists of, first, a prohibition against deeming consent to enter a transaction to be also consent to uses of private information for the seller’s own purposes, and, second, the rule that a business may not retaliate against a consumer who declines to consent to such uses.
Keywords: privacy, Internet
JEL Classification: K29
Suggested Citation: Suggested Citation
John A. Rothchild (Contact Author)
Wayne State University Law School ( email )
471 West Palmer
Detroit, MI 48202
United States
313-577-3963 (Phone)