Professors Hartzog and Richards Insist It’s Time to Try Something Different on Internet Privacy

By TAP Staff Blogger

Posted on January 4, 2019


In an op-ed article written for The Washington Post, Professors Woodrow Hartzog and Neil Richards explain why the current online privacy ecosystem in the U.S. is failing; and, they encourage policymakers to “reimagine the relationship between consumers and online companies in a way that places trust at the center.”


It’s Time to Try Something Different on Internet Privacy” emphasizes that the economic stakes for trustworthy data protection are enormous. “International data flows are essential for the global economy to function without fundamentally — and expensively — restructuring the Internet.”


Below are a few excerpts from “It’s Time to Try Something Different on Internet Privacy.”


Failures of Our Current Online Privacy Ecosystem


Since the dawn of the Internet, American regulators and companies have pursued two goals to protect our privacy: that people should be in control of their data and that companies should be transparent about what they do with our data. … This approach has failed us. Too often it has resulted in little more than threadbare privacy protections and cluttered inboxes.


And so, over the past decade, we’ve witnessed a cascade of high-profile privacy failures: the Edward Snowden disclosures, the Cambridge Analytica scandal, fake news and data breach after data breach after data breach. Big tech platforms and shadowy advertising companies make their fortunes while the rest of us are watched, nudged, exploited and exposed to cyberattacks and the manipulation of our political systems.


Congress stands alone among Western democracies in failing to pass a general privacy law covering all our information. The Federal Trade Commission has worked hard to be the top U.S. privacy cop, but it lacks the legal tools and financial resources needed to do the job.


Establishing Trust through a Privacy Fiduciary Model


Consider the newly introduced legislation from Sen. Brian Schatz (D-Hawaii) called the Data Care Act of 2018, for which we provided feedback in its draft form. The bill, one of the first and most significant moves to establish a new American privacy identity, favors three key non-waivable obligations for companies that use the Internet to collect personal information: duties of care, loyalty and confidentiality. These duties are modeled on the privacy requirements for any fiduciary, such as doctors, lawyers or accountants — all of whom are legally required to act in good faith on behalf of their patients or clients and are bound to keep our disclosures safe and confidential.


It’s time to take a bold step forward. The United States has an opportunity to redefine itself as the country that protects the trust that people give to companies. By embracing trust, the United States can become a leader on privacy instead of following the path of false promises and diminishing returns. Call it legal innovation, if that’s what it takes. But whatever we call it, the United States can pave the way for a safe, sustainable and profitable digital future.


Read the full article: “It’s Time to Try Something Different on Internet Privacy.”


Woodrow Hartzog is Professor of Law and Computer Science at Northeastern University School of Law and holds a joint appointment in the College of Computer and Information Science department. Professor Hartzog teaches privacy and data protection issues, and his research focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online.


Neil Richards is an internationally-recognized expert in privacy law, information law, and freedom of expression. He is the Thomas and Karole Green Professor of Law at Washington University School of Law, where he co-directs the Cordell Institute for Policy in Medicine & Law. He teaches courses on privacy, technology, free speech, and constitutional law.