Sunday, June 29, 2008

Protecting Privacy by Contract

I have long been on record as believing that modern contract law will essentially be the death of individual privacy - the basic argument being that people want their toys, so they'll click on abusive clickthroughs and EULAs that essentially sign away their personal data (see, e.g., this post on Privacy and Contract). However, recently Ben Wright has proposed that these contracts could be harnessed on behalf of privacy - essentially, that consumers could put up their own websites with terms of use that require businesses to respect their personal information (see, here). Ben even points to a case where a website's terms of use were enforced against a consumer who made a contract over the phone, to demonstrate how the mere existence of the terms of use can be used in litigation.

I think Ben's argument is appealing, and I'd like to agree with it...unfortunately, there are a couple of problems with the argument that prevent me from endorsing it, as appealing as it may be. First, as a practical matter, it would be difficult to show that a company which sells an individual's personal data ever visited the website where the privacy protective terms of use were posted. In the case Ben cited to show that terms of use could be enforced even against a consumer who made a contract over the telephone, it was easy to prove that the consumer visited the website which hosted the terms of use, because the consumer was trying to enforce the website's privacy policy. However, in most cases, I think it would be hard to prove in court that a company which sells consumer data actually visited the websites of the consumers whose data is being sold. Second, even if it were possible to show that the a company which sells consumer data visited the consumer's website, there is no reason to believe that a court would enforce the website's privacy protective terms of use. For example, in the case of In re Northwest Airlines Litigation, the court refused to allow consumers to sue Northwest Airlines for a violation of its privacy policy. Given that, I see no reason to believe that a court would be any more solicitous of privacy protective terms of use that a consumer might put on his or her website.

The bottom line is I like Ben's idea, and I would love to see the approach to abusive terms of service turned against businesses that don't respect privacy. However, I think the practical obstacles to implementing the idea are such that Ben's idea isn't something that most people can rely on.

2 comments:

Benjamin Wright said...

William: Glad to see your post. Despite the NW Airlines case you cite, regulatory authorities have enforced web privacy policies. For example, the Minnesota Attorney General enforced US Bancorp's privacy policy. --Ben

http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html

summerjojo said...

The actual Contests regarding Guild Competitions 2Now in which guild wars gold dealt with stuff like that to anticipate from Guild Conflicts A couple of, gw2 easy gold get onto the nutrients: Precisely what it’utes exactly about and just what you can expect.