The Information Age has created a new type of business that thrives off of widespread collection and use of personal information. [1] At this time, though, there is no federal statute to define the obligations these businesses owe regarding the use of their users’ and customers’ data. While doctors and lawyers are legally obligated to respect the privacy of their clients’ information and cannot use that information to further their own interests, large companies are not held to the same standard.
As data-driven businesses continue to emerge, grow, and gain relevance in our society and economy, it is imperative that a clear standard of information fiduciary responsibilities be defined. Federal legislation classifying businesses as information fiduciaries would protect individual data privacy rights by requiring businesses to act with the utmost good faith in relation to their use of individual data.
The Importance of Fiduciary Duties
A fiduciary duty is a legal responsibility that one person or entity owes to another. A fiduciary is “duty bound to act with the utmost good faith for the benefit of the other party.” [2] Fiduciary relationships often arise where confidence is “reposed by one party in the integrity of another.” [3] In the commercial context, traditional examples of fiduciary relationships include those of trustee/beneficiary, corporate directors and majority shareholders, business partners, joint venturers, and agent/principal. [4]
Information Fiduciaries Defined
An information fiduciary is a person or entity that deals in information and must abide by a legal obligation to be trustworthy and to act in good faith in their collection, use, and handling of data. [5] For example, doctors, lawyers, and accountants are considered information fiduciaries because they must act in good faith and protect their clients’ information. Like traditional information fiduciaries, large online companies collect personal information that could be used to consumers’ detriment. Unlike traditional information fiduciaries, though, an online company’s surveillance of data subjects can occur with little or no meaningful notice to the individual and there are few practical limits on the ways in which these companies may use collected information.
In considering how to apply longstanding fiduciary principles to novel data privacy issues, “we need to adapt old legal ideas to create a new kind of law—one that clearly states the kinds of duties that online firms owe their end users and customers. The most basic obligation is a duty to look out for the interests of the people whose data businesses regularly harvest and profit from.” [6] In this new application of a fiduciary duty, companies that collect vast amounts of private data from their users would be held to the same standard as other information fiduciaries. [7]
The First Amendment and Conflicting Obligations
The debate surrounding the concept of data fiduciaries is gaining traction as society becomes increasingly familiar with the ills of widespread data collection and use. Those who oppose the imposition of an information fiduciary duty onto businesses cite First Amendment concerns, arguing that corporate collection, use, and/or distribution of individual users’ private is protected speech. Proponents of greater regulation, on the other hand, contend that enhanced legal duties are not only consistent with data processors’ First Amendment rights, but would also enhance privacy protections to individuals. Due to the position of power that these businesses enjoy, proponents argue that “the First Amendment permits somewhat greater regulation of information fiduciaries than it does for other people and entities.” [8]
Other concerns with the expansion of information fiduciary duties include the potential conflict between competing fiduciary duties. In Delaware, where many leading businesses are incorporated, the law requires strict fiduciary duties to shareholders. Some opponents argue that classifying businesses as information fiduciaries would create contradictory and divided loyalties if compliance with resulting data privacy regulations comes at the expense of ensuring maximum shareholder returns. [9]
Current Events Illustrate the Increasing Need for Information Fiduciaries
The need for information fiduciary duties is increasingly crucial as companies continue to collect vast amounts of data and use this data in new and unexpected ways. For example, the ride-sharing service Uber has begun to video record rides as part of a broad initiative to capture objective data that may assist in settling disputes between drivers and passengers and improving safety. [10] This practice raises significant privacy concerns for the individuals that are being recorded. According to the Electronic Frontier Foundation, this surveillance has created a “treasure trove of highly personal data … and a more fine-tuned snapshot of people’s daily lives.” [11]
Other instances where data is used in seemingly constructive ways raise similar concerns over the level of influence these data-driven businesses enjoy. In 2010, Facebook sent a group of users a reminder to vote, and ultimately observed that this effort increased voter turnout by 0.39%. [12] While increasing voter turnout is a noble pursuit, Facebook’s social experiment raises concerns of “digital gerrymandering.” [13]
Conclusion
As it is clear from recent history, online companies will continue to collect as much information from individuals as possible in order to maximize corporate profits. Therefore, it is increasingly important for individuals not only to be aware of their rights, but also to demand that their rights are valued and respected by digital businesses. A clear standard for informational fiduciary duties is a critical step in protecting individual data privacy rights.
_______________________
[1] This article was written with the research assistance of Cassidy Shapiro, a paralegal on CPM’s Securities Team and a rising first-year law student at Duke University School of Law.
[2] Gilman v. Dalby (2009) 176 Cal.App.4th 606, 613-614.
[3] Gilman, 176 Cal.App.4th at 614.
[4] Id. citing Wolf v. Superior Court (2003) 107 Cal.App.4th 25, 29.
[5] Balkin, Jack and Zittrain, Jonathan. A Grand Bargain to Make Tech Companies Trustworthy. The Atlantic. Oct. 3, 2016, available at https://www.theatlantic.com/technology/archive/2016/10/information-fiduciary/502346/.
[6] Ibid.
[7] Ibid.
[8] Balkin, Jack. Information Fiduciaries and the First Amendment. UC David Law Review. 2016, available at https://lawreview.law.ucdavis.edu/issues/49/4/Lecture/49-4_Balkin.pdf.
[9] Khan, Lina and Pozen, David. A Skeptical View of Information Fiduciaries. Harvard Law Review, Vol. 133. Dec. 10, 2019, at 497-541 available at https://harvardlawreview.org/2019/12/a-skeptical-view-of-information-fiduciaries/.
[10] Conger, Kate. Uber Embraces Videotaping Rides, Raising Privacy Concerns. The New York Times. Nov. 20, 2019, available at https://www.nytimes.com/2019/11/20/technology/uber-recording-rides-privacy.html.
[11] Ibid.
[12] Zittrain, Jonathan. Facebook Could Decide an Election Without Anyone Ever Finding Out. The New Republic. Jun. 1, 2014, available at https://newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.
[13] Ibid.