Author granted license

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International

Document Type

Article

Publication Date

12-2016

ISSN

0745-3515

Publisher

University of Notre Dame Law School

Language

en-US

Abstract

Accounts of privacy law have focused on legislation, federal agencies, and the self-regulation of privacy professionals. Crucial agents of regulatory change, however, have been ignored: the state attorneys general. This article is the first in-depth study of the privacy norm entrepreneurship of state attorneys general. Because so little has been written about this phenomenon, I engaged with primary sources — first interviewing state attorneys general and current and former career staff, and then examining documentary evidence received through FOIA requests submitted to AG offices around the country.

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices of state attorneys general have been laboratories of privacy enforcement. State attorneys general have been nimble privacy enforcement pioneers where federal agencies have been more conservative or constrained by politics. Their local knowledge, specialization, multi-state coordination, and broad legal authority have allowed them to experiment in ways that federal agencies cannot. These characteristics have enabled them to establish baseline fair information protections; expand the frontiers of privacy law to cover sexual intimacy and youth; and pursue enforcement actions that have harmonized privacy policy.

Although certain systemic practices enhance AG privacy policy making, others blunt its impact, including an over reliance on informal agreements that lack law’s influence and a reluctance to issue closing letters identifying data practices that comply with the law. This article offers ways state attorneys general can function more effectively through informal and formal proceedings. It addresses concerns about the potential pile-up of enforcement activity, federal preemption, and the dormant Commerce Clause. It urges state enforcers to act more boldly in the face of certain shadowy data practices.

Download
Find on SSRN

Included in

Privacy Law Commons

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.