Author(s)
Source
Notre Dame Law Review, Vol. 92, No. 2, pp. 747-816, 2016
Summary
State attorneys general (AGs) play a crucial role in shaping privacy norms. AGs act nimbly to fill gaps in the law and address local concerns, often hearing of privacy or data security problems before federal regulators. State enforcement has not unduly burdened businesses.
Policy Relevance
Federal lawmakers should not preempt AG enforcement activity. AGs should act aggressively against spyware and manipulative uses of big data.
Main Points
- Interviews with AGs and FOIA requests show that state AGs have been pioneers in shaping privacy policy using education, warning letters, and litigation.
- AGs developed privacy norms for youth, “revenge porn,” data security breach notifications, and the sale of data in bankruptcy.
- Cooperation among AGs strengthens and coordinates privacy enforcement nationwide. But AGs unilaterally offering weak deals to privacy violators can undermine cooperation.
- AGs should remain equal enforcement partners to federal privacy regulators.
- Businesses rarely face enforcement actions from multiple states; when a business ignores the law, action by several states helps force compliance.
- If all enforcement were federal, privacy issues would be overlooked; AGs serve as the “cop on the beat,” offering local knowledge of privacy problems.
- Some worry that AG enforcement leads to overregulation and discourages startups.
- Lawmakers should pass uniform federal privacy laws if state laws become burdensome.
- State laws do not violate the “dormant commerce clause” of the constitution by burdening interstate commerce, considering the benefits of stronger privacy protection.
- AGs should treat violations of informal agreements as illegal acts.
- AGs should act aggressively against unfair scoring algorithms and uses of big data.