About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

114 Colum. L. Rev. 583 (2014)
The FTC and the New Common Law of Privacy

handle is hein.journals/clr114 and id is 617 raw text is: THE FTC AND THE NEW COMMON LAW OF PRIVACY
Daniel j. Solove* & Woodrow Hartzog**
One of the great ironies about information privacy law is that the
primary regulation of privacy in the United States has barely been stud-
ied in a scholarly way. Since the late 1990s, the Federal Trade
Commission (FTC) has been enforcing companies' privacy policies
through its authority to police unfair and deceptive trade practices.
Despite over fifteen years of FTC enforcement, there is no meaningful
body of judicial decisions to show for it. The cases have nearly all
resulted in settlement agreements. Nevertheless, companies look to these
agreements to guide their privacy practices. Thus, in practice, FTC
privacy jurisprudence has become the broadest and most influential
regulating force on information privacy in the United States-more so
than nearly any privacy statute or any common law tort.
In this Article, we contend that the ETC's privacy jurisprudence is
functionally equivalent to a body of common law, and we examine it as
such. We explore how and why the FTC, and not contract law, came to
dominate the enforcement of privacy policies. A common view of the
FTC's privacy jurisprudence is that it is thin, merely focusing on enforc-
ing privacy promises. In contrast, a deeper look at the principles that
emerge from FTC privacy common law demonstrates that the FTC's
privacy jurisprudence is quite thick. The ETC has codified certain norms
and best practices and has developed some baseline privacy protections.
Standards have become so specific they resemble rules. We contend that
the foundations exist to develop this common law into a robust privacy
regulatory regime, one that focuses on consumer expectations of privacy,
extends far beyond privacy policies, and involves a full suite of substan-
tive  rules  that exist independently from     a   company's privacy
representations.
* John Marshall Harlan Research Professor of Law, George Washington University
Law School.
** Assistant Professor, Samford University's Cumberland School of Law. The authors
would like to thank Derek Bambauer, Julie Brill, Danielle Citron, Brannon Denning, Bob
Gellman, Chris Hoofnagle, Toby Levin, Paul Ohm, Gerry Stegmaier, David Vladeck, Joel
Winston, Chris Wolf, the participants of the Fifth Annual Privacy Law Scholars Conference
and the International Association of Privacy Professionals Privacy Academy, the members
of the Federal Trade Commission, and the faculty at the Michigan State University College
of Law and the Notre Dame Law School. The authors would also like to thank Andrew
Hasty, Dennis Holmes, and Blake Hungerford for their excellent research assistance and
the George Washington University Law School Scholarship Grant Program and Samford
University's Cumberland School of Law for their financial support.

583

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most