INTRODUCTION I. NORMATIVE CONSIDERATIONS: THE CHALLENGE OF DEFINING PRIVACY A. Privacy and "the Pursuit of Happiness". B. On the Problem of "Creepiness" as the Standard of Privacy Harm C. Increasing Tensions Between Privacy Rights and Online Free Speech II. ENFORCEMENT COMPLICATIONS: CONTROLLING INFORMATION FLOWS A. Media and Technological Convergence B. Decentralized, Distributed Networking C. Unprecedented Scale of Networked Communications D. Explosion of the Overall Volume of Information E. User-Generated Content and Self-Revelation of Data F. Synthesis: Information Wants to Be Free (Even When We Don't Want It to Be) G. Corollary: "Silver-Bullet" Solutions Won't Work III. CONSTRUCTIVE SOLUTIONS A. Education, Awareness and Digital Literacy B. Empowerment and Self-Regulation C. On "Simplified" Privacy Policies and Enhanced Notice D. Increased Section 5 Enforcement, Targeted Statutes, and the Common Law CONCLUSION
Online privacy has become one of the most contentious information policy debates of recent times. (1) Many academics, activist organizations, and average consumers are clamoring for greater privacy protections as they realize it is easier than ever for personal information to be widely shared--whether intended or not. (2) "Targeted" or "behavioral" online advertising and data collection practices are under particularly intense scrutiny. (3) Policymakers at all levels--state, federal, and international--are responding to these concerns with an array of proposals, many of which aim to expand regulation of the Internet, social networking sites, online advertising and marketing services, data aggregators, and other information technology services. (4)
This Article--which focuses not on privacy rights against the government, but against private actors--cuts against the grain of much modern privacy scholarship by suggesting that expanded regulation is not the most constructive way to go about ensuring greater online privacy. The inherent subjectivity of privacy as a personal and societal value is one reason why expanded regulation is not sensible. Privacy has long been a thorny philosophical and jurisprudential matter; few can agree on its contours or can cite firm constitutional grounding for the rights or restrictions they articulate. (5) Part I discusses some of the normative considerations raised by the debate on privacy right and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States.
This Article does not dwell on that widely acknowledged controversy. Instead, a different complication is introduced here: Legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Part II considers the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.
Because it will be exceedingly difficult to devise a fixed legal standard for privacy that will be satisfactory for a diverse citizenry (not all of whom value privacy equally), and because it will be increasingly difficult to enforce that standard even if it can be determined, alternative approaches to privacy protection should be considered. This approach is particularly appropriate here in the United States, which, relative to Europe, places greater significance on both free speech rights and the importance of online commerce and innovation. …