Unpublished Papers

HACKING PRIVACY

Andrea Matwyshyn, University of Pennsylvania

Abstract

This article seeks to clarify the relationship between contract law and promises of privacy and information security. It challenges three commonly held misconceptions in the privacy literature regarding the relationship between contract and data protection – the propertization fatalism, the economic value fatalism and the displacement fatalism - and argues in favor of embracing contract law as a way to enhance consumer privacy. Using analysis from Sorrell v. IMS Health, Inc., marketing theory and the work of Pierre Bourdieu, it argues that the value in information contracts is inherently relational: consumers provide “things of value” -- rights of access to valuable informational constructs of identity and context -- in exchange for access to certain services by the data aggregator. To protect the ability of consumers to selectively embed their information, the article presents a contract-based consumer protection approach to privacy and information security as one piece of a consumer protection regime. Modeled on trade secret law and landlord-tenant law, the “reasonable data stewardship” approach advocated in this article relies on a set of implied promises - non-waivable contract warranties and remedies - to improve consumer privacy and corporate information security.

This document is currently not available here.

Share