Author granted license

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International

Document Type


Publication Date





Georgia Law Review Association




Disclosing personal information online often feels like losing control over one’s data forever; but this loss is not inevitable. This essay proposes a “chain-link confidentiality” approach to protecting online privacy. One of the most difficult challenges to guarding privacy in the digital age is the protection of information once it is exposed to other people. A chain-link confidentiality regime would contractually link the disclosure of personal information to obligations to protect that information as the information moves downstream. The system would focus on the relationships not only between the discloser of information and the initial recipient, but also between the initial recipient and subsequent recipients. Through the use of contracts, this approach would link recipients of personal information as in a chain, with each recipient bound by the same obligation to protect the information. These chain contracts would contain at least three kinds of terms: 1) obligations and restrictions on the use of the disclosed information; 2) requirements to bind future recipients to the same obligations and restrictions; and 3) requirements to perpetuate the contractual chain. This approach would create a system for the permissible dissemination of personal information online. It would also protect Internet users by ensuring that a website’s obligation to safeguard personal information is extended to third parties.

Find on SSRN

Included in

Contracts Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.