\

Neil Richards on “Reconciling Data Privacy and the First Amendment”

In “Reconciling Data Privacy and the First Amendment,” argues that privacy regulation is not speech regulation at all, and, additionally, that in commercial contexts at least, “speech restrictions … have never triggered heightened First Amendment scrutiny.” In other words, either the data being protected isn’t “speech” in the legal sense, or “because they are legitimate speech regulations under existing doctrine.”

By Kristopher A. Nelson in

Twitter Facebook

By Karsten Schmidt

In “Thinking about privacy and the First Amendment,” I discussed Eugene Volokh‘s critique of privacy laws in relation to  Samuel D. Warren and Louis D. Brandeis’s 1890 law review arti­cle, “The Right to Privacy.” In “Cyberspace and Privacy: A New Legal Paradigm?,” Volokh argues that “the right to information privacy–my right to control your communication of personally identifiable information about me–is a right to have the government stop you from speaking about me.”

In “Reconciling Data Privacy and the First Amendment,” Neil Richards takes issue with Volokh’s arguments. Richards instead argues that, most importantly, privacy regulation is not speech regulation at all, and, additionally, that in commercial contexts at least, “speech restrictions … have never triggered heightened First Amendment scrutiny.” In other words, either the data being protected isn’t “speech” in the legal sense, or “because they are legitimate speech regulations under existing doctrine.”

Scope

Richards advocates that courts should first consider whether a privacy rule even regulates what falls within the scope of the First Amendment. To explain “scope,” Richards points out that many normal criminal laws punish “speech,” but fall outside the scope of the First Amendment: fraud, criminal threats, conspiracies, and solicitation of criminal acts, for example. Additional non-criminal laws constrain speech “in the context of securities, antitrust, labor organizing, copyrights, trademarks, sexual harassment … and vast amounts of evidence and tort law.” These too are considered outside the scope of the First Amendment. Why should privacy laws be any different?

Richards proposes an approach to treating scope that draws on concepts used in other Constitutional jurisprudence. He suggests using “rational basis” review for legal rules involving the commercial trade in customer data, but using higher levels of scrutiny for “privacy rules that restrict speech.” Disclosure of “newsworthy facts” would warrant strict scrutiny, while lesser-protected speech (telemarketing, photography) would receive “intermediate scrutiny under the commercial speech doctrine.”

Categories of Information Processing

To better analyze and target rules for different parts of information processing in the context of potentially private data, Richards proposes four different stages, only two of which potentially fall within the scope of the First Amendment at all:

  1. rules governing the collection of information,
  2. rules governing the use of such information,
  3. rules governing the disclosure of information,
  4. regulation of direct marketing.

Stages 1 and 2 can be safely regulated without bringing the rules within the scope of the First Amendment, while stage 3 can be regulated under commercial speech rules. Stage 4 clearly falls within the First Amendment, but current doctrine already permits extensive regulation of such speech.

Conclusion

In the end, then, Richards argues that “when we subject both data privacy regulations and the First Amendment to careful scrutiny, they can be reconciled without sacrificing either.” Although Volokh’s critique of privacy laws as violations of the First Amendment is rhetorically powerful, I find Richards’ arguments more compelling, as well as more reconcilable with positive societal goals. This last point is perhaps not enough on which to base a legal argument, but I appreciate legal arguments that support such ends in a rational and articulate manner.