Author granted license

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International

Document Type


Publication Date





Washington University School of Law




Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, exactly, would such a duty of loyalty require? What are the goals and limits of such a duty? Should loyalty mean obedience or a pledge to make decisions in people’s best interests? What would the substance of the rules implementing the duty look like? And what would its limits be?

This Article suggests a duty of loyalty for personal information that answers these objections and represents a promising way forward for privacy law. We offer a theory of loyalty based upon the risks of digital opportunism in information relationships that draws upon existing—and in some cases ancient—precedent in other areas of American law. Data collectors bound by this duty of loyalty would be obligated to act in the best interests of people exposing their data and online experiences, up to the extent of their exposure. They would be prohibited from designing digital tools and processing data in a way that conflicts with trusting parties’ best interests. We explain how such a duty could be used to set rebuttable presumptions of disloyal activity and to act as an interpretive guide for other duties. And we answer a series of objections to our proposed duty, including that it would be vague, be too narrow, entrench surveillance capitalism, create a problem of conflicting duties, and spell the end of surveillance-based “targeted advertising.” The duty of loyalty we envision would certainly be a revolution in data privacy law. But that is exactly what is needed to break the cycle of self-dealing and manipulation ingrained in both the current internet and our society as a whole. This Article offers one pathway for us to get there.

Find on SSRN Link to Publisher Site

Included in

Privacy Law Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.