Article

Branding Privacy

Paul Ohm†

Introduction ...... 908 I. Pivots and Privacy Lurches ...... 913 A. The Pivot ...... 913 B. Privacy Lurches ...... 915 1. Google’s 2012 Privacy Policy Transformation ...... 916 2. NebuAd and Phorm ...... 918 3. A Slow-Moving Lurch: Facebook’s Shift from Private to Public ...... 919 C. The Problem with Privacy Lurches ...... 922 D. It Will Get Worse ...... 927 II. Dealing with Privacy Lurches ...... 928 A. Notice-and-Choice and its Shortcomings ...... 929 1. General Principles ...... 929 2. Information-Quality Problems ...... 930 3. Traditional Notice-and-Choice During a Lurch ... 931 B. Improving Notice-and-Choice During a Lurch ...... 934 C. Leveraging Trademarks ...... 937 1. Trademarks, Brands, and the Law ...... 937 2. The Information-Quality Power of a Name ...... 938 3. Trademarks as Symbols of Privacy Practices ...... 942

† Associate Professor, University of Colorado Law School. Thanks to the participants of the Privacy Law Scholars and Intellectual Property Scholars Conferences and the faculty workshops of the law schools of Florida State University, the College of William & Mary Law School, and the University of Colorado for helpful comments. Thanks specifically to Meg Ambrose, Shawn Bayern, Julie Cohen, Deven Desai, Victor Fleischer, Laura Heymann, Chris Hoofnagle, Jake Linford, Dan Markel, Andrea Matwyshyn, Bill McGeveran, Mark McKenna, Scott Peppet, and Felix Wu for their thoughts. Thanks also to Michael Wagner for his excellent research assistance. Before final publication of this article, I began serving temporarily as a Senior Policy Advisor with the Federal Trade Commission. Nobody at the FTC reviewed this Article prior to publication, and nothing in it should be inter- preted to reflect the official views or policies of the agency. Copyright © 2013 by Paul Ohm.

907

908 MINNESOTA LAW REVIEW [97:907

III. Branding Privacy ...... 943 A. Tying Brands to Privacy Promises ...... 944 1. Branded Privacy and Privacy Law Theory ...... 945 2. Branded Privacy and Trademark and Brand Theory ...... 952 3. Branded Remedies for Everything? ...... 961 B. The Details ...... 962 1. Which Promises Should Be Bound? ...... 962 2. Migrating Users ...... 969 C. Implementation ...... 973 1. Certification Marks Are Not Enough ...... 974 2. Trademark Abandonment ...... 975 3. FTC Power to Police Unfair and Deceptive Trade Practices ...... 977 4. New Legislation ...... 978 D. Examples ...... 980 1. Revisiting the Three Examples ...... 980 2. Examples of Branded Privacy from the Past ...... 983 E. Weighing the Costs and Benefits ...... 986 1. The Costs ...... 986 2. The Benefits ...... 987 Conclusion ...... 988

INTRODUCTION We tend to think about how companies threaten individual privacy by examining their data-handling policies at frozen moments in time. At a given moment, so the typical reasoning goes, a company may collect too much information about its us- ers, enabling it to compile rich digital dossiers.1 It may do too little to protect this information, exposing secrets to hackers and unscrupulous employees.2 It may store information for a much longer time than it has a need to keep it.3

1. DANIEL J. SOLOVE, THE DIGITAL PERSON: TECHNOLOGY AND PRIVACY IN THE INFORMATION AGE 1–10 (2004) [hereinafter SOLOVE, THE DIGITAL PER- SON]. 2. Danielle Keats Citron, Reservoirs of Danger: The Evolution of Public and Private Law at the Dawn of the Information Age, 80 S. CAL. L. REV. 241, 251–55 (2007). 3. Christopher Soghoian, An End to Privacy Theater: Exposing and Dis- couraging Corporate Disclosure of User Data to the Government, 12 MINN. J. L. SCI. & TECH. 191, 209–15 (2011) (summarizing data retention policies for web- sites, Internet providers, and telecommunications companies).

2013] BRANDING PRIVACY 909

This Article re