Publication Date



Disclosing personal information online often feels like
losing control over one's data forever; but it does not have
to be that way. This Essay proposes a "chain-link
confidentiality" approach to protecting online privacy.
One of the most difficult challenges to guarding privacy in
the digital age is the protection of information once it is
exposed to other people. A chain-link confidentiality
regime would link the disclosure of personal information
to obligations to protect that information as the
information moves downstream. It would focus on the
relationships not only between the discloser of information
and the initial recipient but also between the initial
recipient and subsequent recipients. Through the use of
contracts, this approach would link recipients of personal
information as in a chain, with each recipient bound by
the same obligation to protect the information. These
chain contracts would contain at least three kinds of
terms: (1) obligations and restrictions on the use of the
disclosed information; (2) requirements to bind future

recipients to the same obligations and restrictions;and (3)
requirements to perpetuate the contractual chain. This
approach would create a system for the permissible
dissemination of personal information online. It would
also protect Internet users by ensuring that a website's
obligation to safeguard information is extended to third