Author(s)
Gabe Maldoff and
Omer Tene
Source
Journal of Law, Economics & Policy, Vol. 15, No. 1, pp. 41-66 (2018)
Summary
Some legal norms direct organizations to limit use of data, but others compel use of data to benefit the public. Data collectors may serve as information fiduciaries, obligated to act in users’ interests.
Policy Relevance
Some data-collectors have a duty to use data to prevent harm.
Main Points
- Regulatory responses to big data follow two competing trends; organizations must limit the use of data to protect privacy, but are encouraged to use data to protect the public.
- Concerns about cybersecurity, online extremism, and terrorist attacks lead lawmakers in the United States, the United Kingdom, and Europe to criticize private-sector firms for failing to use personal information to safeguard the public.
- If privacy amounts to locking down data, the conflict between privacy and other values cannot be avoided; a more fluid concept of privacy enables the benefits of data use without compromising the essential qualities of privacy.
- Organizations may have a broad responsibility to use an individual's personal information to promote a desired result, such as the prevention of “copycat” killings or suicide.
- Under the fiduciary model of privacy, organizations that collect and analyze personal information owe ethical obligations to the individuals on whose personal information they rely.
- The more vulnerable a data-sharing user is to an organization, the more likely that the organization will have an affirmative duty to safeguard the individual’s interests.
- Under a “notice and choice” model of privacy, all data collectors owe the same duties to users.
- In a fiduciary model of privacy, an established firm holding years of data about an individual might have more duties than a start-up given accessing their data for the first time.
- Organizations’ duties to different users and the public will vary.
- Usually, one has an affirmative duty to go to another’s aid only in special relationships.
- Firms that aggregate data from many users might have a duty to aid almost all users.
- The largest service providers might have duties to aid the public at large.