Abstract
Consumers overwhelmingly believe that companies do not do enough to protect their personal data. As Congress considers federal data protection legislation, it must ensure that any proposed legislation comports with the First Amendment. In 2011, in Sorrell v. IMS Health Inc., the U.S. Supreme Court determined that a Vermont law prohibiting the use of physician-prescribing records for marketing purposes violated the First Amendment. At the heart of Sorrell is that shared data, unlike a traditional commodity like oil, conveys information and is thus First Amendment-protected speech. Since Sorrell, the use and retention of data, specifically personal data, has exploded and is only expected to increase. Nevertheless, the United States currently lacks comprehensive federal data protection legislation. To fill this legislative gap, state legislatures have begun to pass data protection laws. These laws apply either to specific types of data—such as biometric information or Internet service provider customer information—or simply all consumer data. As state and federal legislative efforts advance, lawmakers must consider the lessons from Sorrell to ensure that new legislation protects consumer privacy interests without infringing on data holders’ protected speech. This Note argues that most data protection legislation will likely survive First Amendment scrutiny under Sorrell because the legislation establishes baseline personal data privacy rights while still generally allowing businesses to use personal data so long as they are transparent.
Files
Metadata
- Subject
Consumer Protection Law
First Amendment
Internet Law
Privacy Law
State and Local Government Law
- Journal title
Boston College Law Review
- Volume
63
- Issue
6
- Pagination
2007
- Date submitted
7 September 2022