“数字与法治”系列论坛（II）——Daniel J. Solove：论隐私权的局限
开讲学者：Daniel J. Solove （美国乔治华盛顿大学yh533388银河讲席教授、TeachPrivacy公司创始人）
Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, law firms, healthcare institutions, schools, and other organizations. One of the world’s leading experts in privacy law, Solove is the author of 10+ books and textbooks and 50+ articles. His most recent book is BREACHED!: WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press, March 2022) (with Woodrow Hartzog). His articles have appeared in the Harvard Law Review, Yale Law Journal, Stanford Law Review, and Columbia Law Review, among others. Professor Solove writes at LinkedIn as of its “thought leaders,” and he has more than 1 million followers. He more routinely blogs at Privacy+Security Blog.
Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of。rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure, right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.
In this lecture, I will contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights cannot serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights cannot practically be exercised at scale with the number of organizations than process people’s data. Third, privacy cannot be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people’s decisions about their own data have implications for the privacy of other people. The main goal of providing privacy rights aims to provide individuals with control over their personal data. However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal; and they fail at the former goal.
This lecture is based on Professor Solove’s article, The Limitations of Privacy Rights, 98 Notre Dame Law Review __ (forthcoming 2023).