ABSTRACT
This paper aims to show that, to achieve even the narrow type of meaningful protection in data privacy that the property paradigm was designed to achieve, the law must instead protect privacy rights simultaneously by two mechanisms that the Calabresi-Melamed framework calls property and liability rules. Even if property rules proposals seem like they would provide strong protection, they cannot, by themselves, change the vulnerable situation of data subjects meaningfully.
Doctrinally, this combination of rules means fusing consent requirements in data protection regulation with private rights of action. Theoretically, it translates into abandoning the idea that property effectively solves control problems in data protection law, and into creating liability-like private rights of action for privacy harm irrespective of whether such harm accrued in compliance with data protection law.
This criticism also informs a number of current privacy law discussions that do not overtly use the language of property. As an example, this paper explores two of them: its use as a basis to (i) reinforce the purpose limitation principle and (ii) establish privacy rights of actions to improve data protection.
Cofone, Ignacio, Beyond Data Ownership (March 30, 2020). TILT Discussion Paper.
First posted 2020-04-10 06:37:15
Leave a Reply