Privacy is a fundamental right. I begin with this statement, which is both widely recognized as fact and heavily contested in its meaning. Certainly, it has been contested in practice, especially in recent decades, as data flows have arisen, grown to rivers, expanded to floods, and reshaped the economy. But we should not conflate the challenges that practical economic choices pose for fundamental rights—and that fundamental rights may pose for those who desire to collect, use, sell and share personal data— with the fundamental rights themselves. Accordingly, if we take our given topic—“Governing Data”—literally, we should consider privacy a principal component of data governance. Relatedly, we should consider issues of “privacy” as compared to “data protection,” and approaches to “informational privacy” (in data) in relation to autonomy and other fundamental interests as they are expressed in privacy protections. With that in mind, I am going to discuss the role of state privacy law in data governance, focusing on California. That’s partly because I am standing here as the Board Chairperson for the California Privacy Protection Agency, and partly because I think California provides an illuminating example of policymakers’, and the public’s, ongoing tussles with the governance of personal data. Not only does California enshrine the right to privacy in its state constitution, but it has also led the way in innovating privacy protections as data has become more and more economically and societally significant.
