How to Protect Consumer Privacy and Free Speech

Consumer privacy laws should strengthen free speech protections online, and vice versa. Here’s how it can be done.

Elizabeth Gyori, William J. Brennan Fellow, ACLU Speech, Privacy and Technology Project

Jacob Snow, Technology & Civil Liberties Attorney, ACLU of Northern California

Vera Eidelman, Staff Attorney, ACLU Speech, Privacy, and Technology Project

Technology is a necessity of modern life. People of all ages rely on it for everything from accessing information and connecting with others, to paying for goods, using transportation, getting work done, and speaking out about issues of the day. Without adequate privacy protections, technology can be co-opted to surveil us online and intrude on our private lives–not only by the government, but also by businesses–with grave consequences for our rights.

There is sometimes a misconception that shielding our personal information from this kind of misuse will violate the First Amendment rights of corporations who stand to profit from collecting, analyzing, and sharing that information. But we don’t have to sacrifice robust privacy protection to uphold anyone’s right to free speech. In fact, when done right, strong privacy protections reinforce speech rights. They create spaces where people have the confidence to exercise their First Amendment rights to candidly communicate with friends, seek out advice and community, indulge curiosity, and anonymously speak or access information.

At the same time, simply calling something a “privacy law” doesn’t make it so. Take the California Age Appropriate Design Code Act (CAADCA), a law currently under review by the Ninth Circuit in NetChoice v. Bonta. As the ACLU and the ACLU of Northern California argued in a friend-of-the-court brief, this law improperly included content restrictions on online speech and is unconstitutional. Laws can and should be crafted to protect both privacy and free speech rights. It is critical that legislatures and courts get the balance right when it comes to a law that implicates our ability to control our personal information and to speak and access content online.

Consumer privacy matters. With disturbing frequency, businesses use technology to siphon hordes of personal information from us – learning things about our health, our family situation, our financial status, our location, our age, and even our beliefs. Not only can they paint intimate portraits of our lives but, armed with this information, they can raise or lower prices depending on our demographics, make discriminatory predictions about health outcomes, improperly deny housing or jobs, hike insurance rates, and flood people of color and low-income people with ads for predatory loans.

All this nefarious behavior holds serious consequences for our financial stability, our health, our quality of life, and our civil rights, including our First Amendment rights. Better consumer privacy gives advocates, activists, whistleblowers, dissidents, authors, artists, and others the confidence to speak out. Only when people are free from the fear that what they’re doing online is being monitored and shared can they feel free to enjoy the full extent of their rights to read, investigate, discuss, and be inspired by whatever they want.

Yet in recent years, tech companies have argued that consumer privacy protections limit their First Amendment rights to collect, use, and share people’s personal information. These arguments are often faulty. Just because someone buys a product or signs up for a service, that doesn’t give the company providing that good or service the First Amendment right to share or use the personal information they collect from that person however they want.

To the contrary, laws that require data minimization and high privacy settings by default are good policy and can easily pass First Amendment muster. Arguments to the contrary not only misunderstand the First Amendment; they’d actually weaken its protections.

Laws that suppress protected speech in order to stop children from accessing certain types of content generally often hurt speech and privacy rights for all. That’s why First Amendment challenges to laws that limit what we can see online typically succeed. The Supreme Court has made it clear time and again that the government cannot regulate speech solely to stop children from seeing ideas or images that a legislative body believes to be unsuitable. Nor can it limit adults’ access to speech in the name of shielding children from certain content.

The CAADCA is unconstitutional for these reasons, despite the legislature’s understandable concerns about the privacy, wellbeing, and safety of children. The law was drafted so broadly that it actually would have hurt children. It could have prevented young people and adults from accessing things like online mental health resources; support communities related to school shootings and suicide prevention; and reporting about war, the climate crisis, and gun violence. It also could interfere with students’ attempts to express political or religious speech, or provide and receive personal messages about deaths in the family, rejection from a college, or a breakup. Paradoxically, the law exposes everyone’s information to greater privacy concerns by encouraging companies to gather and analyze user data for age estimation purposes.

While we believe that the CAADCA burdens free speech and should be struck down, it is important that the court not issue a ruling that forecloses a path that other privacy laws could take to protect privacy without violating the First Amendment. We need privacy and free speech, too, especially in the digital age.