Brooklyn Law Review

Article Title

Pay For (Privacy) Performance: Holding Social Network Executives Accountable for Breaches in Data Privacy Protection


Lital Helman


Social networking has proliferated over the past years and is now being utilized by a large percentage of the world’s population. Social networks substantially contribute to enhanced speech, creativity, and communication. Yet, their practices of collecting and monetizing personal data of users pose severe privacy risks. Compelling social networks to internalize these risks is crucial for the healthy evolution of social networking. This article proposes a novel approach to address this challenge: to link executive compensation in social networking firms to the quality of data protection the company provides to its users. This proposal is different from other solutions that have been proposed in the context of social media privacy in two significant ways. First, the direct policy object is not the firm itself. Rather, I propose that executive compensation should be keyed to the level of privacy protection the firm provides to its users. Second, the proposal advances a dynamic solution, where privacy practices would adapt to changing privacy expectations. Implementation of my proposal would yield a number of key advantages. First, it would create a powerful incentive for executives of social networks to internalize the harms they cause to users’ privacy. Second, it would provide firsthand and up-to-date information about users’ changing needs and interests. Third, it would align the interests of social media executives with the long-term interests of shareholders to maintain users’ trust in social media, in order for social networks to continue to attract a high volume of users and activity. For reasons I explore herein, shareholders are not likely to achieve this goal themselves. Fourth, it would simplify the privacy enforcement process and reduce its costs. Finally, it would allow social networks to develop and grow, by allowing use of private data, as long as privacy considerations are internalized.