To add to your must-read list:
Richards, Neil M. and Hartzog, Woodrow, A Duty of Loyalty for Privacy Law (July 3, 2020).
Available at SSRN: https://ssrn.com/abstract=
Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has now become a major element of the Internet’s business model.
Academics and policymakers have recently proposed a possible solution: require those entrusted with peoples’ data and online experiences to be loyal to those who trust them. But critics and companies have concerns about a duty of loyalty. What, exactly, would such a duty of loyalty require? What are the goals and limits of such a duty? Should loyalty mean obedience or a pledge to make decisions in peoples’ best interests? What would the substance of the rules implementing the duty look like?
In this article, we offer a theory of loyalty based upon the risks of digital opportunism in information relationships. Data collectors bound by this duty of loyalty would be obligated to act in the best interests of people exposing their data and online experiences, up to the extent of their exposure. They would be prohibited from designing digital tools and processing data in a way that conflicts with a trusting parties’ best interests. This duty could also be used to set rebuttable presumptions of disloyal activity and act as an interpretive guide for other duties. A duty of loyalty would be a revolution in data privacy law. That’s exactly what is needed to break the cycle of self-dealing ingrained into the current Internet. This Article offers one pathway for us to get there.
You can read or download the full paper on SSRN, here.