Should Commercial Misuse of Private Data be a Crime?

Abstract

We live in a world of ubiquitous technology and pervasive data collection and mining. Third parties (Collectors) collect data (Data) from individuals (Consumers) of a nature and in amounts that were unimaginable or acceptable just a decade ago. In turn, that collection and the associated mining that can occur in the Collector's database create an unprecedented risk that Collectors, their employees or even hackers might appropriate or disclose Data about Consumers for economic gain or simply for perverse pleasure. This article considers whether society should impose criminal liability to address misuse of Data relating to Consumers. Our use of ubiquitous technology has resulted, and will continue to result, in new relationships whereby we now use third parties to process or store information that we used to maintain ourselves or to replace real-world relationships that are now inefficient because they are too expensive, too slow or too imprecise. Each of these changes can create the implication that we have sacrificed privacy for convenience and cost-savings. Do we lose our privacy interest in that information because it is now more efficient to collect it in a database where it can be searched and sorted in myriad ways? We conclude that Consumers do not lose their privacy interests in these circumstances because the societal benefits of pervasive, ubiquitous technology can be exploited only by sharing that privacy. In the absence of that recognition, the only alternatives are to forego utilization of the technology or resort to inefficient barriers to exploitation of privacy. The article then analyzes whether civil remedies for invasion of that privacy interest are insufficient to protect Consumers or to protect the societal interest in assuring the sharing of private information. The inefficiency and inadequacy of civil sanctions leads us to consider the possibility of criminal liability. We do so by considering two models: The true crime approach and the notion of public offenses. Public welfare offenses emerged a century ago to protect tangible items and activities. Given the increasingly critical role intangible items, including personal data, play in defining the public welfare in twenty-first century America, it seems both reasonable and prudent to use this approach to protect them, as well.