Why I Don’t Teach the Privacy Torts in My Privacy Law Class

You may also like...

4 Responses

  1. The privacy torts have many flaws, and they aren’t currently effective for dealing with more contemporary problems regarding data. But I still think they are important to teach because the cases contain a lot of great material about what “privacy” is. The cases present the way jurists think about privacy — often in antiquated ways — and this provides a wonderful opportunity to discuss the meaning and value of privacy. It also is a great way to introduce the First Amendment and the way it can clash with protecting privacy. So although the torts don’t have a ton of relevance for modern information gathering, processing, and use, they are useful to discuss conceptual foundations for privacy.

    Although the privacy torts aren’t particularly useful in regulating data flow, are the statutes much better? The statutes have more relevance, but many lack private rights of action and provide rights of notice and choice that aren’t particularly meaningful in practice. There are also enormous gaps in the statutory regime.

    Regarding the Gramm-Leach-Bliley Act, this law doesn’t have much bite at all, and it is a challenge to teach because it doesn’t have a particularly robust way of regulating information flow.

    HIPAA is much stronger, but in the healthcare context, the privacy torts as well as the breach of confidentiality tort are more robust and are not preempted, making the torts quite relevant.

    The great thing about the course is that it can be taught in many different ways, and I designed my book so that professors can use it however they want and can skip around. I personally love Chapter 2 and find it to be great at setting up the basic arguments and concepts for the course. But your points are well-taken — it is a shame that privacy tort law hasn’t developed more to deal with modern problems of information flow. I discuss this in depth in my piece with Neil Richards on Prosser: http://ssrn.com/abstract=1567693

  2. Peter Swire says:

    I agree entirely with Dan that “the great thing about the course is that it can be taught in many different ways.”

    A number of Dan’s comments go to the mis-match between how to govern modern data flows and where we get thoughtful court opinions. The privacy torts have really nice opinions about the values at stake, but have little relevance to modern data flows. In the U.S., constitutional law has little to say about data privacy, in contrast to the European human rights jurisprudence. And, the various statutes tend to have narrow decisions on statutory interpretation, rather than broader discussions of what is at stake.

    The lack of good case law helps us understand why there is so much emphasis on softer law, such as FTC or administration reports. That is where many of the debates about values actually occur.

    One area rich with case law — the Fourth Amendment. And, after Jones, we may get a new richness of case law there.

  3. Bruce Boyden says:

    If the sense is that the privacy torts are not often successful in actually regulating privacy, I would tend to agree, although some of them are still frequently pled, and thus worth knowing for that reason alone. But I agree with Dan — I think there is pedagogical value to the torts, and in putting the torts before the statutory material, which is that I think it forces students to grapple with the question: what is the flurry of statutory provisions *trying to achieve*? You refer to the question of controlling “what data should flow in IT systems” — control for what purpose? How do we assess whether a given regulation over-blocks or under-blocks? I don’t think it’s very easy to get there in a classroom discussion by talking about what the restrictions are under 16 CFR s 313.11(a) on affiliates receiving financial information.

  4. TJ McIntyre says:

    From my parochial perspective, it’s fascinating to compare the narrow US privacy torts with the much wider approach taken in the European common law jurisdictions, where breach of confidence (England and Wales) and the constitutional tort of breach of privacy (Ireland) have been pressed into service as all purpose remedies covering a variety of different situations. This points to one particular merit of the US approach – the different torts do tend to highlight the varying aspects of privacy which are implicated in each case. This is sometimes lost in the one size fits all torts currently used on this side of the Atlantic.