When it was revealed that Cambridge Analytica obtained the personal and private information of eighty-seven million Facebook users to aid the 2016 U.S. presidential campaign of Donald J. Trump, it was described as privacy's "Three Mile Island": an event, like the famed nuclear accident from which the term comes, that would shake and shape an industry and its approach to digital privacy and the underlying political information such privacy protects. In the intervening four years, despite these revelations, while some social media companies took voluntary measures to prevent a repeat of the types of abuses that plagued the 2016 election, little has changed in terms of the legal infrastructure that could protect the type of private information essential to the functioning of democracies. But what the Cambridge Analytica scandal also made clear is that threats to private information revealed and embedded in our digital activities threaten democracy. What is more, these threats risk undermining individual identity and autonomy and the ability of individuals to pursue individual and collective self-determination. An individual's political identity-with whom she associates, what she says, what she thinks, the questions and ideas she explores, for whom she votes-is all caught up in notions of political privacy. While current public-law protections are fairly robust when it comes to protecting political privacy, even as some fear that current responses to the pandemic may require a degree of intrusion upon privacy by government, the threats to privacy that have emerged in the digital age preceded the current public health crisis and emanate mostly from private actors, where protections for political privacy are quite weak. Nevertheless, democracy requires a high degree of protection for individual identity and political privacy, regardless of the source of the threat, especially when the lines between private action and public effects are blurred, as in the Cambridge Analytica scandal. Given the importance of the integrity of identity to democracy and the fact that many of the threats to political privacy emanate from private actors, as this Article shows, enhanced protections for this political privacy are also necessary in the private-law context. Calls for greater protection of digital privacy often result in recommendations that a single institution-the market, political bodies, or the courts-should take a greater role in policing online privacy. Yet these institutions are often interdependent when it comes to protecting digital privacy, and, by extension, political privacy. Efforts promoted through one institution can often have positive-and negative-spillover effects on the functioning of other institutions: they can at times strengthen the protections of such privacy in other institutional settings or undermine the ability of those other institutions to function effectively to protect political privacy. So which institution or set of institutions is best suited to protect such political privacy? This question calls for the application of the method known as comparative institutional analysis, which assesses the relative strengths and weaknesses of different institutions in achieving desired policy goals. At the same time, as this discussion will reveal, even comparative institutional analysis, if it does not take into account the extent to which different institutional settings can have spillover effects on the ability of other institutions to achieve particular policy goals, fails to offer sufficient tools for the assessment of the best institution or institutions to achieve such goals. Indeed, as this Article attempts to show, at least when it comes to protecting political privacy in private-law contexts, any effective institutional response to the threats to political privacy will likely require not just an appreciation for the ways in which different institutional settings are interdependent when it comes to achieving that goal but also that any such effort will require an integrated and comprehensive approach that spans different institutional settings. In the end, this Article is an attempt to use the tools of comparative institutional analysis to assess the relative abilities of different institutions to protect political privacy, including an assessment of the litigation that has arisen in the wake of the Cambridge Analytica scandal, to determine the role of different institutions in protecting political privacy in private-law--as opposed to public-law-settings. Through a review of this and other litigation to protect digital privacy, which, more and more, affects political privacy, I will show not just how different institutional settings can strengthen the functioning of other settings but also how they can undermine such settings. Thus, given the fact that institutions that protect political privacy can often work at cross-purposes in policing political privacy, this Article argues for the need for comprehensive, integrated, and cooperative action across institutions to ensure the proper protection of this type of privacy.
Raymond H. Brescia,
Privacy's "Three Mile Island" and the Need to Protect Political Privacy in Private-Law Contexts,
48 Fla. St. U. L. Rev.