A Relational Turn for Data Protection?

Authors

Neil M. Richards, Washington University in St. Louis School of LawFollow
Woodrow Hartzog, Boston University School of Law

Document Type

Article

Publication Date

2020

Publication Title

European Data Protection Law Review

Abstract

While most approaches to privacy and data protection focus on the data, this paper explores an alternative approach that focuses on relationships. This means looking more closely at how the people who are exposing their information and the people that are inviting that disclosure relate to each other. It is concerned with what powerful parties owe to vulnerable parties–not just with their personal information, but with the things they see, the things they can click, and the decisions that are made about them. It’s less about the nature of data and more about the nature of power. And it can make data protection work better. We call this the "relational turn" in privacy law.

The relational approach has deep roots in American and English law, and a growing group of scholars in North America are starting to appreciate the virtues of such an approach, whether framed in terms of "privacy and trust" or "information fiduciaries." The clear advantage of a relational approach is that it is acutely sensitive to the power disparities within information relationships, such as those between humans and platforms. Relational models of this sort protect against self-dealing and impose duties of loyalty and care to protect against dangerous behavior. Data protection regimes like the American "notice and choice" model or the more robust GDPR, by contrast, target imbalances of power within relationships more indirectly by looking to the nature of the data.

We think a relational turn for data protection would be superior to the current model. A relational turn would provide a path towards more substantive rules that would limit how people's data could be used against them. It would focus on the real problem that privacy and data protection law should tackle–the power consequences of information relationships, making legitimacy of processing a question of fundamental fairness rather than of data hygiene. Substantive data rules would demand more than that data serve a ‘legitimate interest’ of the data processor. They would focus on the power consequences of processing on the data subject, whether we apply some version of the classic fiduciary duties of care, confidentiality, and loyalty, or the trust-promoting duties of honesty, protection, discretion, and loyalty that we have called for in other work. Perhaps equally important, relational duties allow for a decoupling of choice and consent, whereby people would be protected no matter what they choose. It’s time for data protection’s relational turn.

Keywords

Privacy, Data Protection, GDPR, Loyalty, Trust, Cyberlaw

Publication Citation

Neil M. Richards & Woodrow Hartzog, A Relational Turn for Data Protection?, 6 Eur. Data Protection L. Rev. 492 (2020)

Repository Citation

Richards, Neil M. and Hartzog, Woodrow, "A Relational Turn for Data Protection?" (2020). Scholarship@WashULaw. 503.
https://openscholarship.wustl.edu/law_scholarship/503