It’s time to try something different on Internet privacy

Despite the failures of our current online privacy ecosystem, some lawmakers are considering doubling down on policies that do not work. But no matter how much control companies give us over our data, it will never work online. That’s because control and transparency place the burden on consumers to protect themselves and understand where their data is going. And they must do this for every one of the dozens (or more) online accounts they may have.

So let’s try something different. Consider the newly introduced legislation from Sen Brian Schatz (D-HI) called the Data Care Act of 2018, for which we provided feedback in its draft form. The bill, one of the first and most significant moves to establish a new American privacy identity, favors three key non-waivable obligations for companies that use the Internet to collect personal information: duties of care, loyalty and confidentiality. These duties are modeled on the privacy requirements for any fiduciary, such as doctors, lawyers or accountants — all of whom are legally required to act in good faith on behalf of their patients or clients and are bound to keep our disclosures safe and confidential. By embracing trust, the United States can become a leader on privacy instead of following the path of false promises and diminishing returns. Call it legal innovation, if that’s what it takes. But whatever we call it, the United States can pave the way for a safe, sustainable and profitable digital future.

[Woodrow Hartzog is a professor of law and computer science at Northeastern University. Neil Richards is the Thomas and Karole Green Professor of Law and director of the Cordell Institute at Washington University in St. Louis.]