,

Contracting for Personal Data

,

Is contracting for the collection, use, and transfer of data like contracting for the sale of a horse or a car or licensing a piece of software? Many are concerned that conventional principles of contract law are inadequate when some consumers may not know or misperceive the full consequences of their transactions. Such concerns have led to proposals for reform that deviate significantly from general rules of contract law. However, the merits of these proposals rest in part on testable empirical claims. We explore some of these claims using a hand-collected data set of privacy policies that dictate the terms of the collection, use, transfer, and security of personal data. We explore the extent to which those terms differ across markets before and after the adoption of the General Data Protection Regulation (GDPR). We find that compliance with the GDPR varies across markets in intuitive ways, indicating that firms take advantage of the flexibility offered by a contractual approach even when they must also comply with mandatory rules. We also compare terms offered to more and less sophisticated subjects to see whether firms may exploit information barriers by offering less favorable terms to more vulnerable subjects.

This paper was prepared for and presented at the NYU Law Review Symposium 2018 on “Data Law in a Global Digital Economy”. It was published by the NYU Law Review in Volume 94, Number 4 (October 2019), pp. 662-705.

Machines as the New Oompa-Loompas: Trade Secrecy, the Cloud, Machine Learning, and Automation

In previous work, I wrote about how trade secrecy drives the plot of Roald Dahl’s novel Charlie and the Chocolate Factory, explaining how the Oompa-Loompas are the ideal solution to Willy Wonka’s competitive problems. Since publishing that piece I have been struck by the proliferating Oompa-Loompas in contemporary life: computing machines filled with software and fed on data. These computers, software, and data might not look like Oompa-Loompas, but they function as Wonka’s tribe does: holding their secrets tightly and internally for the businesses for which these machines are deployed.

Computing machines were not always such effective secret-keeping Oompa Loompas. As this Article describes, at least three recent shifts in the computing industry—cloud computing, the increasing primacy of data and machine learning, and automation—have turned these machines into the new Oompa-Loompas. While new technologies enabled this shift, trade secret law has played an important role here as well. Like other intellectual property rights, trade secret law has a body of built-in limitations to ensure that the incentives offered by the law’s protection do not become so great that they harm follow-on innovation—new innovation that builds on existing innovation—and competition. This Article argues that, in light of the technological shifts in computing, the incentives that trade secret law currently provides to develop these contemporary Oompa-Loompas are excessive in relation to their worrisome effects on follow-on innovation and competition by others. These technological shifts allow businesses to circumvent trade secret law’s central limitations, thereby overfortifying trade secrecy protection. The Article then addresses how trade secret law might be changed—by removing or diminishing its protection—to restore balance for the good of both competition and innovation.

Ideas contained in this paper were discussed during the roundtable on data ownership at the NYU Law Review Symposium 2018 on “Data Law in a Global Digital Economy”. The paper was published by the NYU Law Review in Volume 94, Number 4 (October 2019), pp. 706-736.

Digital Megaregulation Uncontested? TPP’s Model for the Global Digital Economy

The United States championed the creation of new rules for the digital economy in TPP. Analyzing this effort as “digital megaregulation” foregrounds aspects that the conventional “digital trade” framing tends to conceal. On both accounts, TPP’s most consequential rules for the digital economy relate to questions of data governance. In this regard, TPP reflects the Silicon Valley Consensus of uninhibited data flows and permissive privacy regulation. The paper argues that the CPTPP parties endorsed the Silicon Valley Consensus due to a lack of alternatives and persistent misperceptions about the realities of the global digital economy, partly attributable to the dominant digital trade framing. It suggests a new approach for the inclusion of data governance provisions in future international trade agreements that offers more flexibility for innovative digital industrial policies and experimental data regulation.

This paper was published in Megaregulation Contested: Global Economic Ordering After TPP (edited by Benedict Kingsbury, David M. Malone, Paul Mertenskötter, Richard B. Stewart, Thomas Streinz, and Atsushi Sunami, Oxford University Press 2019), chapter 14 (pp. 312-342).

 

© 2018-2024 New York University School of Law. 
40 Washington Sq. South, New York, NY 10012  
Tel. (212) 998-6100