Author(s)
Source
Boston College Law Review, Vol. 61, Iss. 5, May 2020
Summary
The United States Congress must decide whether to enact a national privacy law like Europe’s General Data Protection Regulation (GDPR). But GDPR-style rules fail to protect against many harms of data overuse.
Policy Relevance
The United States should adopt a comprehensive national data protection law. The new law should firmly limit data collection.
Main Points
- The EU's new privacy law, the GDPR, took effect in 2018; in the United States, some state legislatures have enacted state-level laws, such as the California Consumer Protection Act.
- If Congress does nothing, several American states may pass their own laws.
- Congress has a “constitutional moment” in which to enact new privacy law.
- The EU's GDPR sets global norms, because the GDPR does not allow firms to move data across borders without accountability; the United States is likely to adopt a watered-down GDPR, because of a commitment to constitutional rights of free speech.
- Data protection law based on fair information principles (FIPs) is not enough.
- “Fair” data processing procedures with consent normalize too much surveillance.
- Consumers cannot meaningfully control their own data, as they are bombarded with policies and notifications.
- New privacy law should add “Corporal” rules to address firms’ market power and structure.
- Executives could be held personally or criminally liable for some privacy violations.
- Antitrust law could be used to restrain tech platform power, protecting privacy.
- New privacy law should add “Relational” rules to transform firms that collect data into information fiduciaries, with duties of honesty, protection, discretion, and loyalty to consumers.
- “Informational” privacy rules should go beyond the FIPs and meaningfully limit data collection, including firm bans on certain data practices.
- “External” privacy rules are needed to address the social costs of data use, including environmental problems arising from “planned obsolescence,” the harm to democracy from fake news, or smartphone addiction.