University of Miami Law Review


Juan Olano


Today’s world runs on data. The creation and improvement of technological products and services depend on the exchange of data between people and companies. As people’s lives become more digitized, companies can collect, store, and analyze more data, and in turn, create better technology. But, because consumer data can be very sensitive (think Social Security numbers, GPS location, fingerprint recognition, etc.) this cyclical exchange comes with serious privacy risks; especially in light of more frequent and sophisticated cyberattacks. This creates a face-off between technological growth and privacy rights. While it makes sense that people should be willing to subside some of their privacy in exchange for technological enhancements to things like communication, health, and entertainment, companies should also be doing their best to prevent and respond to cyberattacks.

This Note highlights the urgency created by the combination of the digitization of consumer lives, sophisticated hackers, and inadequate data privacy laws. It explains that, because Congress is yet to legislate and the Supreme Court’s findings in Clapper v. Amnesty International USA and Spokeo, Inc. v. Robin created federal circuit splits, data privacy laws are either non-existent or muddled. As a result, it is increasingly difficult for companies or consumers to know their rights, responsibilities, and liabilities in this sphere. Moreover, this Note calls for Congress to establish federal compliance measures with respect to corporate use of consumer data and handling of cyberattacks. However, this Note argues that Congress will continue to remain silent and, therefore, the Supreme Court, by revisiting the constitutional standing issues presented in Clapper and Spokeo, can be the one—for now—to provide much needed guidance with respect to data privacy.