Courts struggle with how to identify and assess privacy harm and privacy injuries. This uncertainty has produced a circuit split (and lower court split) on the requisite privacy injury sufficient for federal standing, recently addressed by the Supreme Court, albeit poorly, in TransUnion. This Article provides a framework for distinguishing which actions involve harm to people’s privacy interests and which do to other interests. It provides courts with guidance to assess privacy injuries and proposes a solution to the circuit split that satisfies constitutional requirements without gutting private rights of action.
To address privacy standing while navigating Supreme Court case law hostile to privacy claims, federal courts should do three things. First, inquire whether someone faced a loss of privacy. Second, identify whether such a loss produced privacy harm by looking at normative aspects. Third, determine whether from such harm stems an actionable privacy injury by looking at tort law and statutory privacy to find whether there is a common law wrong or statutory wrong.
This Article’s approach has theoretical and practical benefits. Theoretically, it sheds light on the relationship between privacy loss and actionable injuries. It is well-suited for evaluating grey areas by showing how privacy claims can be evaluated on a continuum. Practically, it gives courts a tool to better identify and navigate privacy harm, which is an increasingly relevant impediment to private rights of action in federal statutory privacy and which courts have manifested they need.
a. Assistant Professor and Canada Research Chair in A.I. Law & Data Governance, McGill University Faculty of Law; Affiliated Fellow, Yale Information Society Project (email@example.com). I’d like to thank Alex Abdo, BJ Ard, Thomas Haley, Woodrow Hartzog, Dennis Hirsch, Yoel Inbar, Jameel Jaffer, Thomas Kadri, Joshua Karton, Ido Kilovaty, Nancy Kim, Alyssa King, João Marinotti, Kirsten Martin, William McGeveran, Sunoo Park, Jon Penney, Neil Richards, Adriana Robertson, Clare Ryan, Yan Shvartzshnaider, Scott Skinner-Thompson, Lionel Smith, Daniel Solove, Lior Strahilevitz, Cristina Tilley, Felix Wu, and Benjamin Zipursky for their helpful comments. The Article also benefited from comments received at the Yale/Harvard Workshop on Private Law & Emerging Technology, the Symposium on Applications of Contextual Integrity, the Privacy Law Scholars Conference, and internal presentations at the Knight First Amendment Institute, McGill University Faculty of Law, and Queens University Faculty of Law. This research was undertaken, in part, thanks to funding from the Canada Research Chairs Program and the Social Sciences and Humanities Research Council. I also thank Malaya Powers, Jordan Bitan, Ana Qarri, and Alessia Zornetta for their fabulous research assistance and the editors of the University of Illinois Law Review for their work on the piece.
The full text of this Article is available to download as a PDF.