“Getting Rid of Icky” Isn’t Enough for the First Amendment

The algorithms know and love me, so LinkedIn pointed me the other day to a webinar cum gripe session put on by George Washington University Law Professor Daniel Solove and Cornell University Law Professor Gautam Hans about a case called NetChoice v. Bonta. They lamented a district court ruling last year enjoining enforcement of the California Age-Appropriate Design Code Act, which is loosely aimed at protecting children online. Injunctions like this come when a judge pretty much knows how he or she will rule on the merits, so this is effectively a ruling that the First Amendment doesn’t allow the provision of social media services to be regulated all that tightly. Or is it that they can’t be regulated loosely? The best summary may be that “getting rid of icky” on the web doesn’t pass constitutional muster. The case will be reviewed by the Ninth Circuit Court of Appeals in the spring.

Via Adobe Images

In 2011, the Supreme Court acknowledged something that has been lurking in the background of privacy issues for a long time. Information about people can be used to direct messages to them based on their interests, which is an important component of speech. Publishing has always involved directing communications at intended audiences, but the internet made it a practice done at scale and in detail. Can the government regulate how that is done? Not really, given the rather blunt proscription of the First Amendment. Congress shall make no law. By prohibiting states from denying people liberty without due process, the Fourteenth Amendment applied that rule to the states.

The 2011 privacy vs. speech case at the high court was IMS vs. Sorrell Health. Vermont had created a regulation restricting the sale, disclosure, and use for marketing purposes of pharmacy records that revealed the prescribing practices of doctors. The regulation would protect medical privacy, the state said, and diminish the likelihood that marketing would lead to prescription decisions not in the best interests of patients or the state itself. But the law allowed prescriber information to be purchased, acquired, and used for things other than marketing and by entities other than marketers. These latter omissions were giveaways. This so-called privacy law was really aimed at frustrating a certain type of speaker committing certain kinds of speech. Regulation aimed tightly at this one privacy interest—anti-certain-kinds-of-marketing—wasn’t all that believable as “privacy” given all the other things the same information could be used for.

Sorrell Health got plenty of mentions in NetChoice v. Bonta. But it’s a different kind of case. Time and again, the judge compared the requirements of the law to the interests they were supposed to serve and came up empty. The collection of information for targeting purposes and the targeting itself all could be bad. But they also could be good. The California legislature’s belief—unanimous belief, indeed—was that this stuff is bad, but nobody knows exactly, literally, and legally why. Data collection and online tracking of people has potential risks and it can seem icky. It can give people the heebie-jeebies. But those aren’t legally significant interests relative to free speech.

I’ve written before about the issue of “harm” in the area of privacy regulation. There is something of a campaign to make “privacy harms” a thing. But not every dispute, offense, and snit belongs in the courts. The Supreme Court has declined to recognize congressionally invented harms, such as being inaccurately portrayed in a credit bureau’s files.

The problem with the statute in NetChoice v. Bonta is that there isn’t any concrete harm that the California law would directly control. Unlike the too-tight regulation in Sorrell Health, this regulation is too loose.

So what is just right, Goldilocks? First, identify the privacy interest you’re trying to protect. As often as not, it’s something that might go by a better name. My research has identified eight different values that get called “privacy.” Then find the legally cognizable harms that exist in that area. Steps taken to prevent or mitigate those actual harms might get over the sizable hump imposed by the First Amendment.

There is often more than one way to skin a cat, and I prefer common law solutions to statutes and regulation—that is, decentralized lawmaking and administration. These views make me a perennial polecat at the privacy-regulation garden party, speaking of cats. For another unfolding drama in California’s quest to violate the First Amendment for your own good, check out some posts by my AEI colleague Clay Calvert on another Bonta case. In this one, transparency is the Trojan horse. Clay issued one trenchant missive when the case was filed, and another when, recently, a district court judge declined to enjoin California’s statute.