The Privacy Policymaking of State Attorneys General

Privacy and Security, Search and Advertising, Internet and Networks, the Internet, and Cloud Computing

Article Snapshot


Danielle Citron


Notre Dame Law Review, Vol. 92, No. 2, pp. 747-816, 2016


State attorneys general (AGs) play a crucial role in shaping privacy norms. AGs act nimbly to fill gaps in the law and address local concerns, often hearing of privacy or data security problems before federal regulators. State enforcement has not unduly burdened businesses.

Policy Relevance

Federal lawmakers should not preempt AG enforcement activity. AGs should act aggressively against spyware and manipulative uses of big data.

Main Points

  • Interviews with AGs and FOIA requests show that state AGs have been pioneers in shaping privacy policy using education, warning letters, and litigation.
  • AGs developed privacy norms for youth, “revenge porn,” data security breach notifications, and the sale of data in bankruptcy.
  • Cooperation among AGs strengthens and coordinates privacy enforcement nationwide. But AGs unilaterally offering weak deals to privacy violators can undermine cooperation.
  • AGs should remain equal enforcement partners to federal privacy regulators.
    • Businesses rarely face enforcement actions from multiple states; when a business ignores the law, action by several states helps force compliance.
    • If all enforcement were federal, privacy issues would be overlooked; AGs serve as the “cop on the beat,” offering local knowledge of privacy problems.
  • Some worry that AG enforcement leads to overregulation and discourages startups.
    • Lawmakers should pass uniform federal privacy laws if state laws become burdensome.
    • State laws do not violate the “dormant commerce clause” of the constitution by burdening interstate commerce, considering the benefits of stronger privacy protection.
  • AGs should treat violations of informal agreements as illegal acts.
  • AGs should act aggressively against unfair scoring algorithms and uses of big data.


Get The Article

Find the full article online

Search for Full Article