Neil M. Richards, Data Privacy and the Right to be Forgotten after Sorrell

By privacylaw | Posted on

Neil M. Richards, Data Privacy and the Right to be Forgotten after Sorrell

Comment by: Lauren Gelman

PLSC 2013

Workshop draft abstract:

This paper takes on the argument that the First Amendment also bars the government from regulating some or all of the commercial trade in personal information.  This argument had some success in the federal appellate courts in the 1990s and 2000s, and the Supreme Court seems to have recently embraced it.  In the 2011 case of Sorrell v. IMS, the Court held that the First Amendment prohibited a state from regulating the use of doctor’s prescribing data for marketing purposes.  These cases present the issue of whether the sale of commercial data is “free speech” or not, and the consequences of this decision for consumers and citizens.  But what is really at stake in Sorrell and in the cases which will inevitably follow it are two very different conceptions of our Information Society.  From the perspective of the First Amendment critics (and possibly a majority of the Roberts Court), flows of commercial information are truthful speech protected by the First Amendment.  This argument has received a boost from the Court’s decision in Sorrell and from the poorly-named and articulated “Right to Be Forgotten” that is on the rise in European data protection circles.  By contrast, privacy scholars and activists have often failed to explain why privacy is worth protecting in these cases, particularly in the face of the constitutional arguments on the other side.

Building on my earlier work on this important question, I argue that the First Amendment critique of data privacy law is largely unpersuasive.  While the First Amendment critique of the privacy torts and some broad versions of the Right to Be Forgotten do threaten important First Amendment interests, the broader First Amendment critique of data privacy protections for consumers does not.  Unlike news articles, blog posts, or even gossip, which are expressive speech by human beings, the commercial trade in personal data uses information as a commodity traded from one computer to another.  The data trade is much more commercial than expressive, and the Supreme Court has long held for good reason that the sale of information is commercial activity that receives very little First Amendment protection.  We must keep faith with this tradition in our law rather than abandoning it.  Moreover, I will show how a more modest form of the Right to be Forgotten can be protected consistent with the First Amendment, and even with Sorrell.  But I argue that we should rethink our use of the general term “privacy” to deal with the commercial trade in personal information.  The use of “privacy” connotes tort-centered notions protecting against extreme emotional harm – a model that poorly tracks the modern trade in personal information, which gives opponents of consumer data protection unnecessary ammunition.  A better way to understand the consumer issues raised by the trade in personal information is the European concept of “data protection,” or perhaps just “data privacy.”  Putting the old tort-focused conception of anti-disclosure away allows us to better understand the problem, and can suggest better solutions.  The regulation of data privacy should focus on managing the flows of commercial personal information and allowing greater consumer input into decisions made on the basis of data about them.

But however we as a society choose to regulate data flows, we should be able to choose.  We should not be sidetracked by misleading First Amendment arguments, because the costs of not regulating the trade in commercial data are significant.  As we enter the Information Age, where the trade in information is a multi-billion dollar industry, government should be able to regulate the huge flows of personal information, as well as the uses to which this information can be put.  At the dawn of the Industrial Age, businesses interests persuaded the Supreme Court in the Lochner case that the freedom of contract should immunize them from regulation.  I explain how and why we should reject the calls of First Amendment critics for a kind of digital Lochner for personal information. It shows how we can have consumer protection law in the Information Age without sacrificing meaningful free speech.

(This paper is an adaptation for PLSC of portions of Chapters 5 and 11 of my forthcoming book, Intellectual Privacy: Rethinking Civil Liberties in the Information Age (forthcoming Oxford University Press 2014)).