The Missing Regulatory State: Monitoring Businesses in an Age of Surveillance
An irony of the information age is that the companies responsible for the most extensive surveillance of individuals in history—large platforms such as Amazon, Facebook, and Google—have themselves remained unusually shielded from being monitored by government regulators. But the legal literature on state information acquisition is dominated by the privacy problems of excess collection from individuals, not businesses. There has been little sustained attention to the problem of insufficient information collection from businesses. This Article articulates the administrative state’s normative framework for monitoring businesses and shows how that framework is increasingly in tension with privacy concerns. One emerging complication is the perception that the state, through agencies such as the National Security Agency, deploys large technology companies to surveil individuals. As a result, any routine regulatory monitoring of platforms—even for the purpose of prosecuting those platforms—would implicate an overbearing state peering into our personal lives. Moreover, opponents of regulation have weaponized privacy arguments to shield other businesses from monitoring, such as banks. A sharper understanding of the institutional, legal, and informational differences between regulatory monitoring and personal surveillance is needed. Juxtaposing these two state tools reveals that the tension between regulation and privacy is largely illusory. Regulators today—most notably the Federal Trade Commission—have untapped power to monitor emerging risks in big technology and other sectors. They should not hesitate to use that power to pursue a more informed and collaborative path to achieving their missions.
Rory Van Loo