Unilateral Invasions of Privacy

Roger Allan Ford*

Most people seem to agree that individuals have too little privacy, and most proposals to address that problem focus on ways to give those users more information about, and more control over, how information about them is used. Yet in nearly all cases, information subjects are not the parties who make decisions about how information is collected, used, and disseminated; instead, outsiders make unilateral decisions to collect, use, and disseminate information about others. These potential privacy invaders, acting without input from information subjects, are the parties to whom proposals to protect privacy must be directed.

This Article develops a theory of unilateral invasions of privacy rooted in the incentives of potential outside invaders. It first briefly describes the different kinds of information flows that can result in losses of privacy and the private costs and benefits to the participants in these information flows. It argues that in many cases the relevant costs and benefits are those of an outsider deciding whether certain information flows occur. These outside invaders are more likely to act when their own private costs and benefits make particular information flows worthwhile, regardless of the effects on information subjects or on social welfare. And potential privacy invaders are quite sensitive to changes in these costs and benefits, unlike information subjects, for whom transaction costs can overwhelm incentives to make information more or less private.

The Article then turns to privacy regulation, arguing that this unilateral-invasion theory sheds light on how effective privacy regulations should be designed. Effective regulations are those that help match the costs and benefits faced by a potential privacy invader with the costs and benefits to society of a given information flow. Law can help do so by raising or lowering the costs or benefits of a privacy invasion, but only after taking account of other costs and benefits faced by the potential privacy invader.

Continue reading in the print edition . . .

© 2016 Roger Allan Ford. Individuals and nonprofit institutions may reproduce and distribute copies of this Article in any format, at or below cost, for educational purposes, so long as each copy identifies the author, provides a citation to the Notre Dame Law Review, and includes this provision of the copyright notice. After 2016, this Article is available for reuse under the Creative Commons Attribution 4.0 International license, https://creative commons.org/licenses/by/4.0/.

*Assistant Professor of Law, University of New Hampshire School of Law; Faculty Fellow, Franklin Pierce Center for Intellectual Property. For helpful comments and conversations, I am indebted to Alex Boni-Saenz, Andrew Selbst, Angela Kuhnen, Avner Levin, Catherine Crump, Helen Nissenbaum, Ira Rubinstein, Jennifer Berk, Joseph Lorenzo Hall, Katherine Strandburg, Lior Strahilevitz, Orin Kerr, Paul Gowder, Saul Levmore, Victoria Schwartz, and participants at the sixth Privacy Law Scholars Conference at the University of California Berkeley, the NYU Privacy Research Group, and the Consumer Federation of America’s Consumer Dialogue Retreat. This Article originated in work conducted during my time as a Microsoft Research Fellow at the Information Law Institute, New York University School of Law, and was supported in part by generous grants from Microsoft Corporation and the Air Force Office of Scientific Research’s Multidisciplinary University Research Initiative (grant no. ONR BAA 07-036).