law and economics seminar
DESCRIPTION
Law and Economics SeminarTRANSCRIPT
![Page 1: Law and Economics Seminar](https://reader036.vdocument.in/reader036/viewer/2022082521/577c84841a28abe054b94c55/html5/thumbnails/1.jpg)
Law and Economics Seminar – Reaction Paper 6 (March 17)
1) Would in some instances mandatory and nonwaivable rules be a justified policy approach in privacy law?
The discussion proposed here builds on the idea of questioning the role of consent on
normative grounds, as several commentators mentioned in footnote 12 have done, taking into
account that privacy can be viewed as having a social value as well.
Siding with those commentators cited in the referred footnote, one could argue that
despite the general normative standard for allowing the dispositive role of consent in determining
privacy rights, in some instances having statutory limitations governing the role of consent in
privacy questions would be a justifiable policy approach.
This proposition does not deny the social desirability of granting a dispositive role for
consent as a sufficient element to allow the disclosure of private information in most cases, but
rather questions to what extent individual consent should be evaluated through judicial oversight
in some specific instances. In other words, there would be certain circumstances under which
resting solely on consent could provide insufficient privacy protection.
Some of these instances would involve consents to conduct of another party intended to
invade interests related to specific sensitive privacy rights that are liable to result in greater harm
for individuals, such as health data.
Besides, judicial oversight could also de advocated for those instances that involve a
relationship between a company and an individual who under a power imbalance is placed at a
clearly weaker position, where due to information asymmetry or economic pressure (e.g. an
employee that agrees to submit to workplace drug testing because he desperately needs the job)
the latter cannot rationally weight the consequences of agreeing to have his privacy invaded.
![Page 2: Law and Economics Seminar](https://reader036.vdocument.in/reader036/viewer/2022082521/577c84841a28abe054b94c55/html5/thumbnails/2.jpg)
The rationale behind advocating in favor of judicial oversight for specific privacy rights
scenarios would mainly be the preservation of the social value that privacy has in addition to the
more explicit individual value.
The approach under analysis would consist in statutory provisions foreseeing that specific
privacy rights cannot be waived through an agreement between parties. In these cases, individual
would have to submit written consents during litigation, which could be closely monitored by
judges with the objective of assessing the meaningfulness of such consent.
Courts can evaluate the concrete circumstances of each case in order to determine, for
instance, (i) if the individual was properly informed of the consequences of allowing his personal
data to be used by the other party; (ii) if he consented against his will merely because of a lack of
bargaining power from his part; (iii) if crucial perspective needed for appreciating the situation
was available; (iv) if proper contractual options were offered (i.e. to contract with or without
privacy disclosure, as opposed to “all-or-nothing” contracts) etc.
Of course the proposition at hand has an important caveat, since it would add
considerable complexity and costs to companies interested in obtaining some types of private
data (by requiring the courts to intervene), as well uncertainty (since the judicial outcome could
be at best estimated within a reasonable range, but never known in advance with precision). The
question that policymakers thus have to face is whether the social benefits of requiring judicial
oversight of private data disclosure in some instances justify the inefficiencies that such
approach would inevitably cause.
2) Should the debate focus on the use of private data besides its collection?
![Page 3: Law and Economics Seminar](https://reader036.vdocument.in/reader036/viewer/2022082521/577c84841a28abe054b94c55/html5/thumbnails/3.jpg)
Another issue that is marginally discussed in the paper but also raises interesting
concerns is whether the debate should involve the question of how effectively privacy law
protects the use and dissemination of data collected with the acquiescence of the individual.
Said concerns are justified by the flourishing of a dynamic and strong “database industry”
in the last couple decades and the related emergence of the internet as an environment where
individuals routinely share a plethora of personal information with companies (social networks,
e-sellers etc.), sometimes without proper awareness of how and by whom such information will
be used or even transferred to third parties.
As several commentators argue1, the patchwork of current US privacy rules could be
regarded as outdated and with limited effectiveness regarding the issue at hand, thereby failing to
fully protect individuals from the misuse of data that employers and companies collect from
them.
A possible approach to the problem would consist in passing a broad and comprehensive
federal law to effectively govern the use and dissemination of personal data collected by
companies and employers, complementing (or in part overriding) current regulations on the
issue, and possibly establishing a national agency to oversee the protection of such data and
place limits on its use and transfer to third parties, including but not limited to commercial
databases.
In an interesting comparative law perspective, the European legislation on privacy rights
seems to focus on the protection of data collected from individuals rather than on its collection,
as evidenced by the all-encompassing 1995 European Union Directive on Data Protection and
the strong role played by the European Data Protection Supervisor (EDPS)2.1 See, for instance, Daniel J. Solove and Chris Jay Hoofnagle, A Model Regime of Privacy Protection, 2005, p. 7-10, Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=699701&rec=1&srcabs=6819022 According to its website, the EDPS “is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies”. See http://www.edps.europa.eu/EDPSWEB/edps/pid/1?lang=en
![Page 4: Law and Economics Seminar](https://reader036.vdocument.in/reader036/viewer/2022082521/577c84841a28abe054b94c55/html5/thumbnails/4.jpg)
Furthermore, one has to consider the fundamental lack of scholarly consensus regarding
the appropriate general definition of “privacy” on legal grounds, as the paper at hand points out.
Focusing on the use of private data collected by companies and employers could allow
policymakers to circumvent this complex issue and devise better strategies to protect privacy,
since even when individuals manifest informed and reasonable consent to the collection of their
personal information, the use of this information might be improperly handled.
Finally, analogously to the previous question, the one at hand would also have an obvious
downside, as enhancing the protection of personal data collected by companies and employers
could create considerable transactional costs and reduce US companies’ competitiveness in the
international market. Striking a balance between both values – privacy protection and economic
efficiency – is a complex task. Hence policymakers have to evaluate whether the social benefits
of increasing privacy protection (by limiting and controlling the use of personal data collected by
companies and employers) would justify such inefficiencies.