The information age has created new kinds of entities that have many of the trappings of fiduciaries—huge online businesses, like Facebook, Google, and Uber, that collect, analyze, and use our personal information—sometimes in our interests and sometimes not. Like older fiduciaries, these businesses have become virtually indispensable. Like older fiduciaries, these companies collect a lot of personal information that could be used to our detriment. And like older fiduciaries, these businesses enjoy a much greater ability to monitor our activities than we have to monitor theirs. As a result, many people who need these services often shrug their shoulders and decide to trust them. But the important question is whether these businesses, like older fiduciaries, have legal obligations to be trustworthy. The answer is that they should.
To deal with the new problems that digital businesses create, we need to adapt old legal ideas to create a new kind of law—one that clearly states the kinds of duties that online firms owe their end users and customers. The most basic obligation is a duty to look out for the interests of the people whose data businesses regularly harvest and profit from. At the very least, digital businesses may not act like con men—inducing trust in end users and then actively working against their interests. Google Maps shouldn’t recommend a drive past an IHOP as the “best route” on your way to a meeting from an airport simply because IHOP gave it $20. And if Mark Zuckerberg supports the Democrat in a particular election, Facebook shouldn’t be able to use its data analysis to remind its Democratic users that it’s election day—while neglecting to remind, or actively discouraging, people it thinks will vote for Republicans.
The project of encouraging some accountability requires fairness in both directions—fairness to end users, and fairness to businesses, who shouldn’t have new and unpredictable obligations dropped on them by surprise. The task also requires determining the proper scope of fiduciary duties—which may be different from those that apply to traditional fiduciaries like doctors and lawyers—and the remedies for their violation. Finally, we have to persuade companies that these duties make sense, and give them reasons to accept that they are a new kind of fiduciary in the digital age.
A good starting point is a very different area of law: copyright. In the face of disputes about copyright and piracy that arose with the growth and spread of the internet, online intermediaries willingly took on new responsibilities in order to create a predictable business environment.
The U.S. Digital Millennium Copyright Act of 1998 created a safe harbor for businesses that followed its rules for when to take down allegedly infringing content. If an online business received notice from a copyright owner that content was infringing, it could avoid copyright liability by promptly removing the content; and if the original uploader responded by identifying him- or herself and claiming fair use, the content would be restored. The Digital Millenium Copyright Act was a political compromise: Businesses didn’t have to accept the bargain that the DMCA offered them, but if they did, they were immune from copyright liability. Academics still grumble about some of the DMCA’s details today, yet its basic features made it possible for online providers to welcome lots of outside content from their users without worrying that one wrong byte could spell a lawsuit. Businesses like YouTube and Facebook couldn’t have developed without it.