Academic journal article Federal Communications Law Journal

Data Privacy in Our Federalist System: Toward an Evaluative Framework for State Privacy Laws

Academic journal article Federal Communications Law Journal

Data Privacy in Our Federalist System: Toward an Evaluative Framework for State Privacy Laws

Article excerpt

TABLE OF CONTENTS  I. INTRODUCTION    A. Overview of Note II. BACKGROUND III. THE DORMANT COMMERCE CLAUSE AND THE EARLY APPROACH TO THE      INTERNET: AMERICAN LIBRARY ASSOCIATION V. PATAKI    A. Extraterritoriality: New York's Law Was Invalid Because It       Necessarily Governed Wholly Out-of-State Transactions    B. Pike Balancing: New York's Law Was Unconstitutional Because       It Substantially Chilled Interstate Commerce with Few       Countervailing Local Benefits.    C. Inconsistent Regulations: New York's Law Was Unconstitutional       Because Permitting States to Govern the Internet Would Result       in Interlocking Regulatory Schemes that Would Stifle Interstate       Commerce. IV. GEOLOCATION TECHNOLOGY CHANGES THE DORMANT COMMERCE CLAUSE     ANALYSIS, BUT NOT NECESSARILY THE RESULT    A. Extraterritoriality: Geolocation Mandates Are On       Constitutionally Questionably Ground Because They Directly       Regulate Wholly Out-of-State Transactions    B. Pike Balancing: Common State Data Privacy Laws Are       Unconstitutional Because Their Underwhelming Local Benefits       Cannot Justify the Burden of Location-Based User Filtering.  V. CONCLUSION 

I. Introduction

In 2013, Target drew fire for mailing pregnancy-themed advertisements to a teenage girl who had not yet revealed her pregnancy to her parents. (1) Drawing from myriad data points including age, income, address, ethnicity, spending patterns, and more, Target's analytics algorithm identified the girl as likely to be pregnant. (2) In other words, Target knew before her parents did--ultimately forcing her hand in the timing of her announcement to her family. (3)

Even as privacy advocates increasingly express concern, the demand for consumer data is exploding. One industry study projects that consumer data collection--or colloquially, "big data"--will be a $16.9 billion industry in 2015, up from $3.2 billion in 2010. (4) Simultaneously, it is becoming cheaper to gather information. consulting firm McKinsey & co. has estimated a growth rate of roughly 40% in consumer data collected year over year, with a mere 5% corresponding increase in IT spending. (5) In fact, the growth in data collection may force major changes in technological infrastructure: according to some reports, over half of the surveyed c-level executives acknowledge that their infrastructure lacks the capacity to handle the demands of modern data collection. (6)

But the story does not end with the collection of traditional demographic data by previously disinterested players. Instead, wholly new data points emerge daily, each with its own set of privacy implications. The so-called Internet of Things--geek-speak for network connectivity built into traditionally "dumb" apparatus like refrigerators or thermostats--allows collection of personal data in the unlikeliest of places. (7)

But what role should the law play in guarding privacy during the data revolution? More fundamentally, whose law should play which roles in our federalist system? The allocation of regulatory authority over data collection may be as consequential as the substantive regulations imposed. (8) On the one hand, technology firms view the prospect of a medley of fifty assorted state privacy regimes as economically unworkable, and have already begun to object that recent state laws are "impossible to implement" and "extremely burdensome for start-up [companies]." (9) These firms assert that, if data collection is to be regulated, it is the role of the federal government to implement a single, coherent set of laws that apply nationwide. (10) Some state attorneys general, meanwhile, argue that the federal government might not act as quickly or as sweepingly as they would like. (11)

This Note offers a constitutional framework for analyzing the distribution of regulatory authority over data privacy, and ultimately concludes that the Dormant Commerce Clause precludes most state data privacy legislation. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.