The Surprising Virtues of Data Loyalty
| Jurisdiction | United States,Federal,European Union |
| Publication year | 2022 |
| Citation | Vol. 71 No. 5 |
The Surprising Virtues of Data Loyalty
Woodrow Hartzog
Neil Richards
Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy's relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than vague and indeterminate. We propose five contexts in which specific rules should supplement a general duty of data loyalty: collection, personalization, gatekeeping, influencing, and mediation. Loyalty can be a key policy tool with which to take on the related problems of information capitalism, platform power, and the use of personal data to manufacture consent to objectionable data practices. In fact, loyalty may well be the critical missing piece of the regulatory toolkit for privacy.
[Page 986]
Introduction.............................................................................................986
I. Loyalty Focuses on Relationships............................................992
A. Arms-Length Relationships vs. Relationships of Trust............. 994II. Loyalty Achieves What Care Cannot....................................1000
B. Key Traits of Modern Information Relationships..................... 996
1. Ongoing.............................................................................. 996
2. Frequent ............................................................................. 997
3. Constructed ........................................................................ 998
4. Interactive........................................................................... 999
5. Responsive .......................................................................... 999
A. Loyalty Makes People's Choices Less Dangerous ................. 1001III. Loyalty Prioritizes Human Values.........................................1008
B. Loyalty Complements Other Interventions ............................. 1002
C. Loyalty Avoids the Harm Trap ............................................... 1002
D. Loyalty Animates Legislation and Enforcement Efforts ......... 1005
A. Data Loyalty's Illusory Conflicts ........................................... 1009IV. Loyalty Can Be Both Flexible and Clear.............................1013
B. The Diverse Value-Forcing Function of Data Loyalty........... 1012
A. "Best Interests" Standard Clarified by Specific Rules........... 1015
B. Five Areas for Subsidiary Data Loyalty Rules ....................... 1024
1. Loyal Collection ............................................................... 1025
2. Loyal Personalization....................................................... 1026
3. Loyal Gatekeeping............................................................ 1027
4. Loyal Influencing .............................................................. 1029
5. Loyal Mediation ............................................................... 1032
Conclusion...............................................................................................1033
Lawmakers in the United States and Europe are now seriously considering imposing a duty of loyalty on companies that process human information.1 Such
[Page 987]
duties of loyalty represent both an alternative to the failed "notice and choice" regime in the United States and a supplement to the more robust General Data Protection Regulation (GDPR) model in the EU.2 Scholars have proposed duties of loyalty—in a variety of forms, including loyalty duties for data collectors, "information fiduciaries," design rules, and fiduciary boilerplates—in part because loyalty represents a substantive check on the ability of companies to use human data to nudge, influence, coerce, and amass vast profits from the exploitation of human information and experiences.3 Loyalty, thus, holds the potential to be a powerful response to what Julie Cohen calls "informational capitalism" and Shoshana Zuboff calls "surveillance capitalism": the claiming of "human experience as free raw material for hidden commercial practices of extraction, prediction, and sales."4
Yet, all is not well with the duty of loyalty, as it faces myriad critiques from regulators, companies, and even otherwise sympathetic academics. These critics assert that loyalty does little to deal with the structural pathologies of platform capitalism, and that backward-looking fiduciary models would fall apart at the massive scale at which platforms operate.5 They argue that a duty of loyalty is unnecessary because it would do little that existing consumer protection rules, data protection models, and duties of care do not already accomplish, and
[Page 988]
imposing a duty of loyalty might foreclose other approaches to platform regulation.6 They charge that it is unworkable because corporations cannot simultaneously owe duties both to their shareholders and to their customers.7 They claim that it is redundant because privacy laws modeled on Europe's GDPR already require a lawful basis for processing.8 These laws demand consideration of data subjects' rights and place substantive duties on data processors.9 Finally, and most frequently, critics of a duty of loyalty assert that it is vague—too burdensome, too likely to get watered down to empty formalities through the process of compliance, and inevitably too unclear about what it would actually require.10
Such critiques must be taken seriously. At first blush, their number and variety might leave data loyalty advocates feeling a little bit like Goldilocks holding her proverbial bowl of porridge: What's in the bowl is likely too hot or too cold, and in any event, is undoubtedly a bowl of mush. Well-intentioned but potentially devastating criticisms of this sort require thoughtful consideration and a comprehensive response. This essay represents that reflection and response. In our own work, we have articulated a duty of loyalty for privacy law as the duty of data collectors to act in the best interests of those whose data they collect.11 While we borrow from fiduciary law and work on "information fiduciaries," we have advocated for new relational frameworks tailored to the unique power imbalances between people and platforms.12 We agree with the critics that a duty of loyalty for privacy law is neither perfect nor a tool for all tasks. However, when the criticisms of loyalty are taken seriously—when they are considered, evaluated, and responded to on the merits—loyalty reveals some surprising virtues as a relational approach that collectively prioritizes trusting parties' best interests.
Loyalty, it turns out, places the focus for information-age problems where it belongs: not primarily on the data, but on the human relationships that data can
[Page 989]
affect; not just on procedural requirements for data processing but also on substantive rules restricting dangerous applications; and not merely on the interests of individuals but also on the interests of groups with the same relational vulnerabilities. Loyalty can thus be a powerful state of mind with real analytical and political consequences. Even loyalty's supposed fatal flaw—its indeterminate vagueness13 —is actually a great strength of flexibility and adaptability across contexts, cultures, and time. Simply put, loyalty as a relational approach allows us to deal substantively with the problem of platforms and human information at both a systemic and an individual level.
Our argument in this paper is ultimately a simple one: the concept of data loyalty has surprising virtues, including checking power and limiting systemic abuse. The critics of loyalty have provided the valuable service that generous and constructive criticisms of an idea often perform. They allow loyalty to be presented in a clearer, more refined, more detailed, and more realistic manner—one that is better suited to addressing some (but not all) of the many problems of information policy that cry out for solutions. Loyalty can thus be a key policy tool with which to take on the related problems of information capitalism, platform power, and the use of personal data to manufacture consent to objectional data practices. In fact, it may well be the critical piece of the regulatory toolkit for privacy.
We develop our argument across four parts, each of which responds to one of the principal critiques of loyalty and each of which, in assessing those critiques carefully, identifies one of loyalty's surprising virtues. In Part I, we consider the critique that relational protections, like a duty of loyalty, would not solve the right problems for privacy law—specifically, that they would not be a meaningful check on the excesses of informational capitalism and would not address the root causes of corporate abuses of power facilitated by use of our data. We conclude that the relationships between people and platforms are a key element of these problems. One of the main virtues of a duty of loyalty is that it remedies the misguided approach by lawmakers and judges that treats all interactions between people and companies that offer online services as arms-length relationships. The power imbalances in these relationships, made worse by the remarkable power that digital technologies confer, are simply too great to ignore. A duty of loyalty could usher in privacy's relational turn.
[Page 990]
In Part II, we consider the claim that a duty of loyalty would be unnecessary, whether because it would be coextensive...
To continue reading
Request your trial