Ryan Calo, A Long-Standing Debate: Reflections on Risk and Anxiety: A Theory of Data Breach Harms by Daniel Solove and Danielle Keats Citron, 96 Tex. L. Rev. Online 59 (2018), https://digitalcommons.law.uw.edu/faculty-articles/410
Texas Law Review Online
This jointly-authored Article contributes mightily to our understanding of a critical aspect of privacy: harm. As Professors Solove and Citron carefully evidence, courts are reticent to countenance the harms that flow from a violation of privacy, even as they compensate similar harms in other contexts. Thus while exposing a plaintiff to an environmental or health risk may be compensable, few decisions vindicate victims of a data breach unless or until they experience actual identity theft. Courts have recognized subjective harms such as fear since the night W de S threw his fateful axe at M de S. But courts seldom recognize harm in anxieties over data exposure so significant that they have contributed to suicide.
Despite my widespread agreement with Risk and Anxiety, I suspect the analysis is missing a step. Presumably Congress can create a protectable interest—including a privacy interest—where none existed before. The question is whether Congress, with enough specificity of intent, could create a right to be free from privacy risk or anxiety or whether the very nature of these injuries somehow offends Article III. In this way, privacy harm turns out to be an interesting testing ground for a longstanding debate about the limits of legislatively conferred standing. And solving the puzzle of privacy harm arguably requires addressing this debate directly.