Privacy, Contract, Notice, Choice, Protection


Notice and Choice is the model for protecting privacy online in the United States. Under the model, users of online services are given notice about services information and privacy practices in the form of privacy policies. Based on this information, users can choose whether to use particular online services and whether to exercise any options for protecting their privacy that the services might offer. In theory, Notice and Choice seems like a sound regulatory mechanism. Indeed, state and federal regulatory agencies prefer the model as a basis for privacy enforcement action. But Notice and Choice faces harsh criticism from privacy advocates. This Note adds a new critique to the list—that Notice and Choice leaves individual consumers who are affected by privacy policy breaches, legally, empty-handed. This is because website privacy policies—the principal mechanism for effectuating Notice and Choice—are generally not considered to be legally binding agreements. As a result, individuals’ contract theory-based actions against companies for privacy policy breaches almost categorically fail. As a result, the users of online services are largely left without individual redress for privacy policy breaches. Much has been written about Notice and Choice, and even more has been written about online contracting. Yet, like Notice and Choice and contract theory themselves, these two bodies of scholarship remain misaligned. This Note fills that gap by addressing Notice and Choice in the context of contracts, and offers alternative solutions to give individuals the opportunity to seek redress in the Notice and Choice scheme through contract theory.