Christopher G. Bradley

Volume 74, Issue 3, 607-678

The intersection between privacy law and the big business of consumer data has become a major focus of policymakers, scholars, the business community, and consumer advocates, yet the legal regime governing the commercial use of data remains contested and often unclear. The difficulty becomes particularly acute when a company is financially distressed. A healthy firm might hesitate to exploit private data out of concern that doing so would cause reputational harm or liability, but these scruples matter less to financially distressed firms.

Bankruptcy law provides for the appointment of a “consumer privacy ombudsman” to make a recommendation on whether debtors in bankruptcy should be allowed to sell consumers’ private information. But the law applies only to a subset of bankruptcy cases, and while the work of the ombuds may affect the sale of consumer data in those cases, legal protection is less than most would assume. This Article presents the only comprehensive empirical study of the consumer privacy ombudsman’s role in the bankruptcy system, and of ombuds’ qualifications, activities, and fees.

Ultimately, the regime is best understood as a form of “privacy theater,” intended to reassure the public that consumer data is protected in bankruptcy proceedings. By mobilizing the public’s trust in expertise, coupled with an ignorance of the nuances of bankruptcy, the consumer privacy ombudsman regime projects what scholars have called “a myth of oversight.” While there are good rationales for heightening consumer protections when companies are in financial stress, the current system does not fulfill its promise of protecting consumer data from misuse by distressed businesses. This Article presents a series of proposals for reforming the law and for institutions governing commerce in consumers’ private data by entities both in and out of bankruptcy.