Is Privacy Regulation the Environmental Law of the Information Age?

Abstract

This chapter argues that information-based businesses injure personal privacy in much the same way that smokestack industries damage the environment, and that this analogy can teach us something about how to preserve privacy better in the information age. The chapter shows that two of the principal constructs that have been used to understand environmental damage — the negative externality, and the tragedy of the commons — apply equally well to privacy injuries. Thus, a common conceptual structure can be used to understand both environmental damage and privacy injuries. Can environmental law and policy serve as a model for the nascent field of privacy protection? The chapter examines the evolution of environmental regulation from first generation, “command-and-control” methods to more flexible, second generation strategies. It argues that first generation approaches, while appropriate for addressing some social ills, are not a good fit for the regulation of fast-changing information businesses. Second generation strategies, which demand meaningful results while also providing flexibility and reducing regulatory costs, will work better in the privacy context. The chapter concludes that environmental covenants and environmental management systems can be adapted to protect personal information. An emission fee approach can be used to combat spam effectively.