The concept of “information fiduciaries” has surged to the forefront of debates on online-platform regulation. Developed by Professor Jack Balkin, the concept is meant to rebalance the relationship between ordinary individuals and the digital companies that accumulate, analyze, and sell their personal data for profit. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, and accountants vis-à-vis their patients and clients, Balkin argues, so too should it impose special duties on corporations such as Facebook, Google, and Twitter vis-à-vis their end users. Over the past several years, this argument has garnered remarkably broad support and essentially zero critical pushback.
This Article seeks to disrupt the emerging consensus by identifying a number of lurking tensions and ambiguities in the theory of information fiduciaries, as well as a number of reasons to doubt the theory’s capacity to resolve them satisfactorily. Although we agree with Balkin that the harms stemming from dominant online platforms call for legal intervention, we question whether the concept of information fiduciaries is an adequate or apt response to the problems of information insecurity that he stresses, much less to more fundamental problems associated with outsized market share and business models built on pervasive surveillance. We also call attention to the potential costs of adopting an information-fiduciary framework — a framework that, we fear, invites an enervating complacency toward online platforms’ structural power and a premature abandonment of more robust visions of public regulation.
Introduction
Digital businesses such as Facebook, Google, and Twitter collect an enormous amount of data about their users. Sometimes they do things with this data that threaten the users’ best interests, from allowing predatory advertising and enabling discrimination to inducing addiction and sharing sensitive details with third parties. Online platforms may also disserve their users and the general public in myriad other ways, including by facilitating the spread of disinformation and the harassment of certain categories of speakers. The European Union has responded to some of these concerns with a comprehensive personal data law, the General Data Protection Regulation1 (GDPR). After years of relative neglect, U.S. policymakers, roused by Russian interference in the 2016 presidential election and the Facebook–Cambridge Analytica scandal, have begun to consider a range of reforms to enhance consumer privacy, corporate transparency, and data security on the internet.2 To an unprecedented degree, technology firms in general and online platforms in particular find themselves “in Congress’s sights.”3
Among the reforms under consideration is the idea of treating online platforms as “information fiduciaries.” Professor Kenneth Laudon appears to have coined this phrase in the early 1990s.4 Since 2014, it has been identified with Professor Jack Balkin, who has developed the idea over a series of papers.5 Ordinary people, Balkin observes, are deeply dependent on and vulnerable to the digital companies that accumulate, analyze, and sell their personal data for profit. To mitigate this vulnerability and ensure these companies do not betray the trust people place in them,6 Balkin urges that we draw on principles of fiduciary obligation. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, accountants, and estate managers vis-à-vis their patients and clients, so too should it impose such duties on Facebook, Google, Microsoft, Twitter, and Uber vis-à-vis their end users — although Balkin concedes that the duties would be “more limited” in the digital context.7
Support for this idea is swelling. Dozens of legal scholars have endorsed Balkin’s proposal or discussed it approvingly.8 Journalists have covered it with undisguised enthusiasm; a recent Bloomberg subheadline reads: “America needs data rules that won’t crush the tech industry. One law professor may have figured out a solution.”9 Lawmakers from both parties have expressed interest.10 Last December, a group of fifteen Democratic senators took the next step and introduced legislation that would require online service providers to act as fiduciaries for their users, drawing directly from Balkin’s proposal.11 Facebook CEO Mark Zuckerberg has now signaled his support as well.12 Balkin is the legal academy’s preeminent diagnostician of how theories can move over time from the margins to the mainstream, from “off-the-wall” to “on-the-wall.”13 He is also an ingenious idea entrepreneur whose own theory of information fiduciaries is rapidly making this very transition.
We admire Balkin’s ingenuity and applaud his efforts to advance the cause of platform regulation. Yet while we largely agree with his analysis of why certain digital firms should be regulated more vigorously, we question whether the concept of information fiduciaries is an adequate or apt response to the problems of information asymmetry and abuse that he stresses, much less to more fundamental problems associated with market dominance and with business models that demand pervasive surveillance. The primary aims of this Article are, first, to identify a number of lurking ambiguities and tensions in the theory of information fiduciaries and, second, to raise concerns about the theory’s capacity to resolve them satisfactorily.14 The Article also calls attention to the potential costs of adopting an information-fiduciary framework — a framework that, we fear, invites an enervating complacency about issues of structural power and a premature abandonment of more robust visions of public regulation.
* Academic Fellow, Columbia Law School.
** Professor of Law, Columbia Law School. For helpful comments and conversations, we thank Alex Abdo, Jack Balkin, Danielle Citron, Evan Criddle, Kristen Eichensehr, Andrew Gold, James Grimmelmann, Claudia Haupt, Thomas Kadri, Amy Kapczynski, Ramya Krishnan, Ronald Krotoszynski, Genevieve Lakier, Kyle Langvardt, Ethan Leib, Barry Lynn, Tamara Piety, Robert Post, Jed Purdy, Neil Richards, Marc Rotenberg, Chuck Sabel, Ganesh Sitaraman, Matt Stoller, Tim Wu, and Jonathan Zittrain, as well as workshop participants at Cornell Tech, University of Denver Sturm College of Law, University of Maryland School of Law, and Yale Law School.