Chain-Link Confidentiality

I have just uploaded a new essay about online privacy to SSRN that will appear in Volume 46 of the Georgia Law Review. The essay, titled "Chain-Link Confidentiality," asserts that personal information that is shared online can be better protected if we require our confidants to make sure that their confidants are watching out for us. This strategy could help us retain control over our personal information as it moves downstream. Your comments are warmly welcome. The abstract is below and you can download the paper here.

Disclosing personal information online often feels like losing control over one’s data forever; but this loss is not inevitable. This essay proposes a “chain-link confidentiality” approach to protecting online privacy. One of the most difficult challenges to guarding privacy in the digital age is the protection of information once it is exposed to other people. A chain-link confidentiality regime would contractually link the disclosure of personal information to obligations to protect that information as the information moves downstream. The system would focus on the relationships not only between the discloser of information and the initial recipient, but also between the initial recipient and subsequent recipients. Through the use of contracts, this approach would link recipients of personal information as in a chain, with each recipient bound by the same obligation to protect the information. These chain contracts would contain at least three kinds of terms: 1) obligations and restrictions on the use of the disclosed information; 2) requirements to bind future recipients to the same obligations and restrictions; and 3) requirements to perpetuate the contractual chain. This approach would create a system for the permissible dissemination of personal information online. It would also protect Internet users by ensuring that a website’s obligation to safeguard personal information is extended to third parties.

Image Source: MyTudut