Privacy, the Hacker Way

Privacy and Security, Cloud Computing and Networks, the Internet, and Cloud Computing

Article Snapshot


Andrea Matwyshyn


Southern California Law Review, Vol. 87, No. 1, pp. 1-68, 2013


Most proposals to protect privacy circumvent contract law. However, contract law includes a number of rules to protect consumers from unfair dealing. Lawmakers or courts should recognize that firms that collect data have a duty to take reasonable care of the data, based on implied promises.

Policy Relevance

Lawmakers and courts can shape contract law to provide a framework for protecting privacy.

Main Points

  • Many users feel that even when they click to register agreement with the terms of an online contract, they do not understand what data is collected from them and how it is used.
  • Some scholars doubt that contract law can help solve privacy problems, but this view is incorrect.
  • Consumers may agree to the use of their data without agreeing to all the consequences if their data is mismanaged by the firm that collects it.
  • Contract law, including the Uniform Commercial Code, includes many implied terms to help protection consumers; however, contract law has not yet evolved to recognize implied terms that would protect privacy.
  • Basing privacy protection on contract law would help avoid the claim that privacy rules violate constitutional rights of free speech, restricting the free flow of information.
  • Consumers’ rights of control over their data are similar to firms’ right to control trade secrets; trade secret law relies heavily on contract law.
  • Firms that collect data should keep data safe in a “reasonable data stewardship” based on implied promises; this idea would require courts or lawmakers to develop new legal tenets to protect privacy, including:
    • Treating a data breach as a breach of contract by the firm holding the data.
    • Extending the duty of good faith to include the handling of data.
    • Treating changes to the way a firm handles data as a request to change the contract, requiring consent.
    • Courts or lawmakers should set out minimum damages to be paid in the event of a data breach.


Get The Article

Find the full article online

Search for Full Article