{"title":"格雷姆-里奇-比利利法案,信息隐私和默认规则的限制","authors":"E. Janger, P. Schwartz","doi":"10.2139/SSRN.319144","DOIUrl":null,"url":null,"abstract":"The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Only a few years after the GLB Act's enactment, however, it appears to have failed as far as privacy protection is concerned. The Act has pleased neither privacy advocates nor the financial industry. It may, in fact, be a rare legislative feat to have a single statute create so many diverse critics so quickly. This Article examines the GLB Act and its shortcomings through reference to and refinement of theoretical work regarding the law of incomplete contracts. The key scholarship concerns information sharing and \"defaults,\" or background rules, for filling gaps in agreements. We explore three possible kinds of defaults: majoritarian, information forcing, and norm enforcing. This Article finds that the GLB Act's privacy safeguards are highly problematic as examples of either a majoritarian or information forcing default. The GLB Act also raises difficulties if evaluated as a background rule that seeks to enforce norms. In our judgment, information privacy should be conceptualized as a norm constitutive of a democratic society. The access to personal information and limits on it help form the nature of the society in which we live and shape our individual identities. For example, the structure of access to personal information can have a decisive impact on the extent to which certain actions or expressions of identity are encouraged or discouraged. Our concept of \"constitutive privacy\" suggests that information privacy is a kind of commons that requires some degree of social control to construct and preserve. Default rules, when viewed from this normative perspective, should have a limited role in norm enforcement because of the current poor functioning of the privacy market between consumers and financial institutions. In particular, the presence of bounded rationality along with coordination problems makes default rules a risky choice in this context of information privacy. Under such conditions, the law should generally seek to minimize harms that flow from reliance on bargaining among consumers and data processors. In this Article's final section, we explore ways in which to make the GLB Act's mandatory rules more flexible, and we propose possible revisions to the existing \"notice and opt-out\" default in the GLB Act. Finally, we revisit the GLB Act's opt-out requirement. We propose to improve upon this requirement by using social science research concerning the power of \"frames.\" We also discuss the possible merits of a shift to an opt-in requirement.","PeriodicalId":47393,"journal":{"name":"Minnesota Law Review","volume":"86 1","pages":"1219-1262"},"PeriodicalIF":3.0000,"publicationDate":"2002-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.2139/SSRN.319144","citationCount":"41","resultStr":"{\"title\":\"The Gramm-Leach-Bliley Act, Information Privacy, and the Limits of Default Rules\",\"authors\":\"E. Janger, P. Schwartz\",\"doi\":\"10.2139/SSRN.319144\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Only a few years after the GLB Act's enactment, however, it appears to have failed as far as privacy protection is concerned. The Act has pleased neither privacy advocates nor the financial industry. It may, in fact, be a rare legislative feat to have a single statute create so many diverse critics so quickly. This Article examines the GLB Act and its shortcomings through reference to and refinement of theoretical work regarding the law of incomplete contracts. The key scholarship concerns information sharing and \\\"defaults,\\\" or background rules, for filling gaps in agreements. We explore three possible kinds of defaults: majoritarian, information forcing, and norm enforcing. This Article finds that the GLB Act's privacy safeguards are highly problematic as examples of either a majoritarian or information forcing default. The GLB Act also raises difficulties if evaluated as a background rule that seeks to enforce norms. In our judgment, information privacy should be conceptualized as a norm constitutive of a democratic society. The access to personal information and limits on it help form the nature of the society in which we live and shape our individual identities. For example, the structure of access to personal information can have a decisive impact on the extent to which certain actions or expressions of identity are encouraged or discouraged. Our concept of \\\"constitutive privacy\\\" suggests that information privacy is a kind of commons that requires some degree of social control to construct and preserve. Default rules, when viewed from this normative perspective, should have a limited role in norm enforcement because of the current poor functioning of the privacy market between consumers and financial institutions. In particular, the presence of bounded rationality along with coordination problems makes default rules a risky choice in this context of information privacy. Under such conditions, the law should generally seek to minimize harms that flow from reliance on bargaining among consumers and data processors. In this Article's final section, we explore ways in which to make the GLB Act's mandatory rules more flexible, and we propose possible revisions to the existing \\\"notice and opt-out\\\" default in the GLB Act. Finally, we revisit the GLB Act's opt-out requirement. We propose to improve upon this requirement by using social science research concerning the power of \\\"frames.\\\" We also discuss the possible merits of a shift to an opt-in requirement.\",\"PeriodicalId\":47393,\"journal\":{\"name\":\"Minnesota Law Review\",\"volume\":\"86 1\",\"pages\":\"1219-1262\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2002-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.2139/SSRN.319144\",\"citationCount\":\"41\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Minnesota Law Review\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.319144\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Minnesota Law Review","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.319144","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
The Gramm-Leach-Bliley Act, Information Privacy, and the Limits of Default Rules
The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Only a few years after the GLB Act's enactment, however, it appears to have failed as far as privacy protection is concerned. The Act has pleased neither privacy advocates nor the financial industry. It may, in fact, be a rare legislative feat to have a single statute create so many diverse critics so quickly. This Article examines the GLB Act and its shortcomings through reference to and refinement of theoretical work regarding the law of incomplete contracts. The key scholarship concerns information sharing and "defaults," or background rules, for filling gaps in agreements. We explore three possible kinds of defaults: majoritarian, information forcing, and norm enforcing. This Article finds that the GLB Act's privacy safeguards are highly problematic as examples of either a majoritarian or information forcing default. The GLB Act also raises difficulties if evaluated as a background rule that seeks to enforce norms. In our judgment, information privacy should be conceptualized as a norm constitutive of a democratic society. The access to personal information and limits on it help form the nature of the society in which we live and shape our individual identities. For example, the structure of access to personal information can have a decisive impact on the extent to which certain actions or expressions of identity are encouraged or discouraged. Our concept of "constitutive privacy" suggests that information privacy is a kind of commons that requires some degree of social control to construct and preserve. Default rules, when viewed from this normative perspective, should have a limited role in norm enforcement because of the current poor functioning of the privacy market between consumers and financial institutions. In particular, the presence of bounded rationality along with coordination problems makes default rules a risky choice in this context of information privacy. Under such conditions, the law should generally seek to minimize harms that flow from reliance on bargaining among consumers and data processors. In this Article's final section, we explore ways in which to make the GLB Act's mandatory rules more flexible, and we propose possible revisions to the existing "notice and opt-out" default in the GLB Act. Finally, we revisit the GLB Act's opt-out requirement. We propose to improve upon this requirement by using social science research concerning the power of "frames." We also discuss the possible merits of a shift to an opt-in requirement.
期刊介绍:
In January 1917, Professor Henry J. Fletcher launched the Minnesota Law Review with lofty aspirations: “A well-conducted law review . . . ought to do something to develop the spirit of statesmanship as distinguished from a dry professionalism. It ought at the same time contribute a little something to the systematic growth of the whole law.” For the next forty years, in conjunction with the Minnesota State Bar Association, the faculty of the University of Minnesota Law School directed the work of student editors of the Law Review. Despite their initial oversight and vision, however, the faculty gradually handed the editorial mantle over to law students.