Disclosing personal information online often feels like losing control over one’s data forever; but this loss is not inevitable. This essay proposes a “chain-link confidentiality” approach to protecting online privacy. One of the most difficult challenges to guarding privacy in the digital age is the protection of information once it is exposed to other people. A chain-link confidentiality regime would contractually link the disclosure of personal information to obligations to protect that information as the information moves downstream. The system would focus on the relationships not only between the discloser of information and the initial recipient, but also between the initial recipient and subsequent recipients. Through the use of contracts, this approach would link recipients of personal information as in a chain, with each recipient bound by the same obligation to protect the information. These chain contracts would contain at least three kinds of terms: 1) obligations and restrictions on the use of the disclosed information; 2) requirements to bind future recipients to the same obligations and restrictions; and 3) requirements to perpetuate the contractual chain. This approach would create a system for the permissible dissemination of personal information online. It would also protect Internet users by ensuring that a website’s obligation to safeguard personal information is extended to third parties.
The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.