Privacy Isn’t Only About State Action

Americans have traditionally had an understandable skepticism towards government collection of our data and monitoring of our private communications. The uproar caused by the Snowden leaks in 2013 was followed by increased public attention to data privacy. In a 2014-15 survey, 57% of respondents said that government monitoring of the communications of US citizens was unacceptable. Over 90% of respondents found it important to be able to personally control what data about them was shared, and with whom. The public has expressed similar concerns about data-sharing among private companies. Nearly 2/3 of Americans say that current laws do not go far enough to protect their privacy, and would support increased regulation of advertisers.

Limitations on government collection of private data are built into the Fourth Amendment, as applied to collection of digital data in Carpenter. But there is no analogous limitation on the ability of corporations to share our data far and wide, as anyone who has seen a targeted Facebook ad pop up minutes after searching for an item on Amazon knows. Indeed, First Amendment cases such as Sorrell v. IMS Health, in bolstering protections for commercial speech, may significantly restrict the ability of Congress to regulate private companies selling our data amongst themselves. While many targeted ads can make data sharing seem harmless (I see you just bought a watch. Perhaps I can interest you in these 73 similar watches?), at times it may be more nefarious. 

Public unease with data sharing may be especially warranted in the case of mobility data. The majority of Americans move about the world in cars. While many of those trips are innocuous, some may be trips to an unpopular church, to the home of a secret paramour, or to the scene of a crime. Even the innocuous trips may be simply embarrassing (maybe you ate at a fast food restaurant a few more times than you should have, or fibbed to your spouse once or twice about working late when you were actually getting an after-work drink with friends). These are the type of excursions that, if your car were continuously collecting data on its whereabouts, could easily be sold to a private actor that would be willing to use it against you.

The concern that a private company could abuse access to your personal data just as easily as the government has led legal scholar Jeffrey Rosen to propose a new Constitutional amendment. Such affronts to dignity, as Rosen describes this all-consuming data collection and sale, are problematic enough that we need an amendment to bar unreasonable searches and seizures by either the government or a private corporation. Mercatus Center Senior Research Fellow Adam Theirer has argued that Rosen’s proposal is ill-advised, but still supports making it easier for consumers to restrict access to their private data.

Under current doctrine, the path to heightened protections from abuse of our personal data by private companies is unclear. In Carpenter, the Court took account of the changing nature of technology to limit the government’s ability to collect our information from corporations under the Fourth Amendment. Going forward, the Court should bear in mind the public’s desire for privacy, and the increasing prominence of data collection companies such as Google, Amazon, and soon, CAV operators. As in Carpenter, they should adjudicate with changing technology in mind, and seek to enable Congress’ ability to legislate limits on the ability of private companies to sell our personal data.