Kathryn Peyton

First Page


Last Page


Document Type



Given the growing ubiquity of digital technology’s presence in people’s lives today, it is becoming increasingly more necessary to secure data privacy protections. People interact with technology constantly, ranging from when engaging in business activates, such as corresponding through emails or doing research online, to more innocuous activities like driving, shopping, or talking with friends and family. The advances in technology have made possible the creation of digital trails whenever someone interacts with such technology. Companies aggregate data from data trails and use predictive analytics to create detailed profiles about citizen-consumers. This information is typically used for profit generating purposes. The way Big Data is being used threatens individuals’ autonomy because users of Big Data are becoming increasingly more successful in shifting citizen-consumer’s behaviors to meet the guider’s objectives. This Article discusses the difficulty in enacting laws that protect individuals’ data information, as such laws potentially come into conflict with the First Amendment’s right to free speech. This Article proceeds to analyze whether data is speech and concludes that it is likely speech. Thus, regulating data information raises First Amendment concerns. Regulating data is in essence regulating people’s ability to obtain information. By preventing dissemination of information, freedom of speech has very little value because people don’t have the information they otherwise would have obtained. Consequently, individuals cannot speak about such information they don’t have, and this thus diminishes speech. Despite finding data likely constitutes speech, and thus regulating data poses free speech concerns, this Article argues that securing data privacy is necessary to safeguard the same objectives freedom of speech protects. Data privacy is necessary to protect the creation of new ideas and differing opinions because people may self-censor their behavior if such behavior is completely exposed to the public. To ensure the continuance of a citizenry that critically engages in society, data privacy is necessary, not just freedom of speech. In striking the balance between securing data privacy, while still affording a level of freedom of speech that promotes democratic ideals, this Article contends data privacy regulations should be analyzed under the commercial speech doctrine, and thus subject to intermediate scrutiny. Next, this Article argues that the Court should uphold data privacy regulations as meeting the requirement of being no more restrictive than necessary so long as they pertain to the protections common in codes of fair information practices. These protections directly safeguard (1) the use of the data, ensuring use is consistent with the purpose of why the data was originally collected; (2) individuals’ right to notice and participate in how their data is being used; (3) extra protections for sensitive data pertaining to race, sexual orientation, political views, and religion; and lastly, (4) a system for enforcement, including available remedies for individuals who have been wronged. The Court should uphold data privacy regulations embodying these protects because they advance the government’s substantial interest in preserving autonomy amongst individuals in order to protect self-governance. Further, such regulations directly are narrowly tailored because they regulate the concerns of data privacy that threaten individuals’ ability for self-determination.