Alexander Tsesis of Loyola of Chicago has written Marketplace of Ideas, Privacy, and Digital Audiences, forthcoming in the Notre Dame Law Review. Here's the abstract:
The availability of almost limitless sets of digital information has opened a vast marketplace of ideas. Information service providers like Facebook and Twitter provide users with an array of personal information about products, friends, acquaintances, and strangers. While this data enriches the lives of those who share content on the internet, it comes at the expense of privacy.
Social media companies disseminate news, advertisements, political messages, while also capitalizing on consumers’ private shopping, surfing, and travel habits. Companies like Cambridge Analytica, Amazon, and Apple rely on algorithmic programs to mash-up and scrape enormous amounts of online and otherwise available personal data to micro-target audiences. By collecting and then processing psychometric data sets, commercial and political advertisers rely on emotive advertisements to manipulate biases and vulnerabilities that impact audiences’ shopping and voting habits.
The Free Speech Clause is not an absolute bar to the regulation of commercial intermediaries who exploit private information obtained on the digital marketplace of ideas. The Commerce Clause authorizes passage of law to regulate internet companies that monetize intimate data and resell it to third parties. Rather than applying strict scrutiny to such proposed regulations as one would to pure speech, judges should rely on intermediate scrutiny to test statutes limiting the commercial marketing of data.
Legislative reforms are needed to address the substantial economic effects of massive, commercial agglomeration of data files containing histories, daily routines, medical conditions, personal habits, and the like. To address this logarithmically expanding cyber phenomenon, Congress should temporally restrict the retention and trade in private data. Internet intermediaries should not be immune from such a restriction on private data storage. For such a policy to be effective, safe harbor provisions shielding internet intermediaries should be modified to allow for civil litigation against internet companies that refuse a data subject’s request to remove personal information no longer needed to accomplish the transaction for which it was originally processed.