In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a moral valence it often lacks. Similar to classic fiduciaries like doctors or lawyers, information fiduciaries would owe duties of loyalty, care, and confidentiality to their clients—affirmative commitments to individuals that the laissez-faire approach of U.S. privacy law generally does not require. Fiduciary duties are also derived from the context of commercial relationships, where the law balances the professional prerogatives of the fiduciary with the rights (and vulnerabilities) of the client. Crucially, an information fiduciary model can strengthen protections for privacy, equality, and autonomy in the digital age, echoing the GDPR’s normative objectives, while balancing those principles with the competing aims (and constraints) of the U.S. legal ecosystem.
Lindsey Barrett, Confiding in Con Men: U.S. Privacy Law, the GDPR, and Information Fiduciaries, 42 SEATTLE U. L. REV. 1057 (2019).
Civil Law Commons, Commercial Law Commons, Computer Law Commons, European Law Commons, International Law Commons, Internet Law Commons, Marketing Law Commons, Other Law Commons, Privacy Law Commons, Public Law and Legal Theory Commons, Science and Technology Law Commons, Torts Commons, Transnational Law Commons