Reconciling data privacy and the first amendment fellowship

This Article takes issue with the conventional wisdom that regulating databases, regulates speech that the First Amendment is thus in conflict with the right of data privacy, and that the Constitution

Although private-sector databases containing large amounts of personal information have existed for several decades, a number of recent technological advances and cultural shifts have enabled the easier dissemination of such information and the creation of larger, more detailed, and more useful databases.1 While these advances permit ever-more efficient and valuable uses of consumer information by businesses, they also raise a cluster of undeniable but poorly¬defined legal issues about the rights of consumers to participate in, oversee, or control the ways in which data about them is used. Proposals attempting to grapple with and resolve this so-called "database problem"2 have been bedeviled by a range of practical and theoretical objections. Foremost among these objections is the widely¬held belief that because the First Amendment protects at its core the dissemination of truthful information, any right of "data privacy" is in direct conflict with the First Amendment because any attempt to regulate the flow of personal data would inevitably require the government to impose unconstitutional restrictions on speech. This position, which I call the "First Amendment critique" of data privacy, enjoys widespread currency in the legal academy, the private sector, and recent privacy jurisprudence. For example, Eugene Volokh has argued that "[w]e already have a code of 'fair information practices,' and it is the First Amendment, which generally bars the government from controlling the communication of information (either by direct regulation or through the authorization of private lawsuits)."3

This Article takes issue with the conventional wisdom that regulating databases regulates speech, that the First Amendment is thus in conflict with the right of data privacy, and that the Constitution

1 See, e.g., Philip E. Agre and Marc Rotenberg, eds., Technology and Privacy: The New Landscape (1997)

2 Scholars grappling with the "database problem" have argued that the rights of individuals are threatened by detailed private-sector databases containing profiles of their preferences, potentially embarrassing information about their health, political views, or sexual activities or inclinations. See sources cited id.

3 Eugene Volokh, Free Speech and Information Privacy: The Troubling Implications of a Right to Stop People from Speaking About You, 52 Stan. L. Rev. 1049, 1051 (2000).

thereby imposes an insuperable barrier to basic efforts to tackle the database problem. I argue that the relationship between privacy and the First Amendment is complex, but it is not irreconcilable. Much of the problem results from an underappreciation of the definitional murkiness that suffuses existing legal conceptions of "privacy" and "speech." Such murkiness has allowed what are essentially consumer protection issues in the economic rights context to be transformed into civil rights issues of the highest magnitude, as opponents of data privacy regulation have seized upon the First Amendment as a handy means of derailing proposals to deal with the database problem. The First Amendment critics thus overstate the First Amendment issues at stake in the context of most database regulation proposals, because such proposals are not regulation of anything within the "freedom of speech" protected by the First Amendment. Putting First Amendment rights talk to one side allows us to look at data privacy rules more concretely. Such an approach reveals that a wide variety of these rules are fully justifiable under well-established First Amendment theory, either because they do not regulate "speech," or because such regulations are consistent with existing doctrine.

My approach has, I believe, significant advantages for both data privacy and free speech. On the privacy side, harmonizing data privacy with free speech removes a significant theoretical and practical obstacle to constructive discussions about, and potential solutions to, the database problem. It also avoids the constitutionalization of domestic information policy, permitting that policy to be developed in a way that reflects the enormous complexity of the issue. And on the speech side, recognition of the murkiness in the way we perceive the existence or not of First Amendment problems allows us to more effectively assess both speech and non-speech issues. More fundamentally, resisting the creep of First Amendment analysis into the economic rights and commercial context preserves the basic and essential division between civil and economic rights at the core of modern constitutionalism.

I develop this claim in four parts. Part I sets forth the data privacy issues raised by the collection, aggregation, and use of large amounts of personal information by private-sector businesses. It then sketches the First Amendment critique, which posits that attempts to regulate the database problem through law run directly into the unyielding strictures of the First Amendment. Under this view, data privacy rules that give individuals the right to control how their personal information is used restricts communications between speakers and thus impermissibly burdens the First Amendment. The

critique suggests not only that legal protection of data privacy is contrary to current First Amendment jurisprudence, but also that creating new free speech exemptions to permit data privacy "speech restrictions" would have many unfortunate consequences, including providing powerful rationales to support other, less benign speech restrictions. I argue that although the critique raises a host of practical and theoretical problems for data privacy law, information policy, and even free speech theory itself, existing scholarly responses to the First Amendment critique of database regulation are either incomplete or unsatisfying because they grant too much ground to the First Amendment critics with respect to the scope of the First Amendment in this context.

Part II responds to the First Amendment critics by suggesting that the simple logic of privacy regulation being equivalent to speech regulation is incorrect. Indeed, I suggest that this is entirely the wrong way to frame the issue, as it rests on an overbroad conception of the types of rules that are perceived to implicate First Amendment analysis. The First Amendment critics' assumption ignores not only the reality that few data privacy rules actually involve speech, but also significantly overstates the breadth of the protection afforded by the First Amendment. I argue that database regulation will only rarely implicate "speech" protected by the First Amendment, since large categories of regulations of what is commonly understood to be "speech" (such as criminal solicitation, anticompetitive offers, and copyright infringement) do not in reality trigger heightened First Amendment scrutiny. Building upon the work of the few scholars to have examined the First Amendment in this way, I suggest that much of this "speech" is either outside the scope of the freedom of speech protected by the First Amendment, or a hitherto unnoticed category of speech treated to rational basis scrutiny. I then defend this conception of the scope of First Amendment analysis against both First Amendment critics and their pro-privacy opponents.

Having reconceptualized the relationship between free speech and privacy, Part III responds to the First Amendment critique in more detail, demonstrating how existing doctrine fully supports a wide variety of privacy regulations without violating the First Amendment. In order to more easily assess and demonstrate the constitutionality of such rules, I divide privacy rules that implicate information flows into four categories: collection rules, use rules, disclosure rules, and telemarketing rules. Information collection rules, which govern the circumstances under which persons can collect information about others, create virtually no First Amendment problems, and have been

upheld in a wide variety of contexts. Similarly, information use rules also raise few issues of constitutional magnitude, as our law does not consider the use of information to make decisions to be "speech" any more than collecting information is "speaking." While information disclosures are a harder case than use or collection, I demonstrate that, when properly conceptualized, nondisclosure rules in the database context do not significantly implicate the First Amendment. Regulating how two parties to a commercial transaction act with respect to information received during that transaction no more offends the Constitution than government regulation of other aspects of the commercial relationship. Indeed, our law is replete with instances where confidential information is protected against disclosure under a whole host of public and private law rules, few of which have ever been thought to involve restrictions on speech. Finally, I address direct regulation of telemarketing, and argue that although such regulation certainly implicates the commercial speech rights of telemarketers, the First Amendment nevertheless permits significant regulation of telemarketing activity. Accordingly, I argue, ordinary data privacy rules are fully consistent with the First Amendment.

Finally, Part IV contends with the First Amendment critique at a more abstract level, placing the critique in its historical and jurisprudential context. I argue that when viewed from the twin perspectives of privacy law and First Amendment law, the real theoretical problems of the First Amendment critique are made manifest. From the privacy law perspective, the modern First Amendment critique of data privacy regulation will, if it is unchallenged, prohibit discussion and resolution of the tremendously thorny database problem, thereby constitutionalizing national information policy and placing its resolution outside the democratic process. Indeed, the parallels between the strong form of the First Amendment critique and the discredited "liberty of contract" doctrine of the Lochner period are striking. Drawing upon recent scholarship treating legal history as a species of intellectual history, I argue that both Lochner and the First Amendment critique attempt to respond to the leading economic public policy issue of their day with a liberal theory of rights constitutionalism that is fundamentally flawed. Finally, looking at the critique from the First Amendment law perspective, I argue that the broad, expansive, and slippery conceptualization of the First Amendment at the core of the First Amendment critique is ultimately inconsistent with the basic dualist premise of modern constitutionalism – the bifurcated standards of judicial review given to civil versus economic rights. I assert that that

the critique paves the way for the obliteration of the distinction between economic and civil rights at the core of American Constitutional law since the New Deal. Serious recognition of the First Amendment critique would therefore, I argue, result not only in the constitutionalization of a major and complex policy issue, but would also threaten to unravel the basic premise upon which post-New Deal constitutionalism is based.

First Amendment rights of free speech and press and data privacy rights have been locked in a seemingly irresolvable conflict ever since Charles Warren and Louis Brandeis sketched the basic contours of a common-law notion of privacy in their foundational 1890 article "The Right of Privacy."4 Warren and Brandeis attempted to establish a common law tort of "privacy" to protect principally against intrusions by an overzealous media.5 Although a conflict between privacy and speech might thus seem inevitable, this conclusion is belied somewhat by the fact that both privacy law and modern First Amendment doctrine can trace their origins back to the turn of the twentieth century when both were guided significantly by the writings of Louis Brandeis. Thus, while Brandeis' famous Harvard Law Review article is understood as the progenitor of twentieth century privacy jurisprudence, his concurrence in Whitney v. California6 has been equally influential in the development of modern free speech jurisprudence.7

Although privacy and speech have shared an uneasy coexistence in American law, I believe that much of this problem stems from the conceptual murkiness in both doctrines. Despite its recognition for over a century,8 privacy has remained a vague and poorly-articulated theory which modern commentators despair at being able to define coherently. 9 Although the First Amendment has received greater theoretical attention by judges and scholars, I argue