Dongsheng Zang, Who Owns Data? Constitutional Division in Cyberspace, 32 Transn’l L. & Contemp. Prob. 111 (2023), https://digitalcommons.law.uw.edu/faculty-articles/943
property rights, privacy, personal rights, cyberspace
Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property rights in data seemed, it was a shared vision before September 11, 2001 (hereinafter September 11). For convenience, I will call this school of thought the “data subject’s property” (DSP) theory of data. DSP builds on the foundation of Katz v. United States, where the United States Supreme Court declared that the Fourth Amendment “protects people, not places.”
This Article does not attempt to make an additional argument following the normative line of DSP. Rather, it asks what happened to the DSP theory of data and why has it been sidelined? For this purpose, this Article proposes to examine privacy in cyberspace by tracking the competition between DSP and its rival theories in defining privacy. Samuel Warren and Louis Brandeis initially proposed that privacy be a personal right, much like DSP; however, Olmstead v. United States shifted this view, finding the right of privacy attached to a defendant’s property, not to her person. This decision was the product of an era of government expansion, when the police, tax bureau, or liquor agency were the data collectors. The second shift came when the Warren Court ruled in Katz that privacy was personal, not based on property; however, the Burger Court soon created the third-party doctrine, under which voluntarily submitting information to a third-party, such as a telephone company or bank, defeats the privacy right. The third-party doctrine is a claim that data are the property of the collector. The third shift developed in the era of the internet and social media; despite the warnings of Lessig and Balkin, as well as occasional protests from tech companies, the Roberts Court brought the third-party doctrine to cyberspace through Jones and Carpenter. This time the data collectors are familiar digital platforms. Therefore, throughout the history of privacy, the DSP was met with a rival theory called “data collector’s property” (DCP) theory. The DSP-DCP competition is a powerful thread in revealing the internal logic of a surveillance state in the United States where data collectors—whether they be government agencies, private companies, or digital platforms—have dominated and defined privacy.