A General Defense of Information Fiduciaries

Andrew F. Tuch is Professor of Law at Washington University School of Law. This post is based on his recent paper.

Countless high-profile abuses of user data have put Facebook, Google, and other digital companies within the sights of lawmakers. Across the political spectrum, legislators condemn these firms’ conduct, accusing them of undermining user privacy and data security. Scholars and other commentators seek greater oversight of digital enterprises. In this environment, one especially influential reform proposal has emerged: making digital companies “information fiduciaries” of their users. The information fiduciary model, most prominently proposed by Jack Balkin, enjoys bipartisan support and is being considered in proposed privacy laws at the federal and state levels.

But while there is enthusiasm behind the information fiduciary model, it also faces powerful opposition from critics who regard it as incompatible with Delaware corporate law and at odds with firms’ powerful self-interests. The most forceful criticism comes from David Pozen and Lina Khan, who argue in the Harvard Law Review that the information fiduciary model “could cure at most a small fraction of the problems associated with online platforms—and to the extent it does, only by undercutting directors’ duties to shareholders, undermining foundational principles of fiduciary law, or both.” Summarizing their critique, Professor Pozen describes Balkin’s information fiduciary model as “flawed—likely beyond repair—on conceptual, legal and normative grounds.

In A General Defense of Information Fiduciaries, I argue that neither criticism of the information fiduciary model holds water. The first criticism rests on a mischaracterization of corporate law, while the second fails to account for the adaptability fiduciary law has shown in other settings, such as the asset management industry. These criticisms warrant close attention because they have proved influential among commentators and industry participants and because, if accepted, they undermine commonly used regulatory techniques in other industries, especially financial services.

Claimed Incompatibility with Delaware Corporate Law

Critics’ first argument is that imposing user-regarding duties under the information fiduciary model would clash with shareholder-regarding corporate law duties, creating the problem of “conflicting fiduciary obligations” or “divided loyalties.” Focusing on Facebook, Khan and Pozen worry that its directors will face the “untenable position of having to violate their fiduciary duties (to stockholders) under Delaware law in order to fulfill their fiduciary duties (to end users) under the new body of law that Balkin proposes—at least barring some sort of ‘heavy-handed government intervention’ that clearly prioritizes the latter set of duties.” Khan and Pozen ask whether “the duties [digital companies] already owe to stockholders [can] be harmonized with the new duties they would owe to users without doing too much violence either to the companies themselves or to fundamental principles of fiduciary law?”

Khan and Pozen’s answer to this question is an emphatic no. Khan and Pozen reject the possibility that Facebook could permissibly prioritize users’ interests, in compliance with Balkin’s duties, over those of shareholders. That strategy “runs counter to the prevailing understanding of Delaware doctrine.” Khan and Pozen also reject the possibility that digital companies might serve users’ interests while also advancing shareholders’ interests. Instead, to manage the conflict, “corporate law might be modified through state or federal legislation to authorize or compel platforms to put users’ interests ahead of stockholders’ interests.” Barring such reform, user-regarding duties would yield to corporate law shareholder-regarding duties; they would be “cabin[ed]  . . . so that they do not seriously threaten firm value.” According to Khan and Pozen, “it seems that Facebook, Google, and Twitter would, as a rule, have to temper their duties to users with a higher duty of loyalty to shareholders. Delaware law would remain unaffected. The interests of shareholders would still come first.” In fact, the tension between Balkin’s proposal and corporate law “is too deep to resolve without fundamental reform. To suggest otherwise is to risk mystification of ‘surveillance capitalism,’ entrenchment of prevailing business models, and legitimation of a wide range of troubling practices, if not also the unraveling of fiduciary law itself.”

Khan and Pozen argue eloquently and emphatically, but their central criticisms significantly overstate the threat that corporate and fiduciary law pose for the information fiduciary model. I argue that imposing user-regarding obligations on corporations would not create untenable frictions between duties to users and duties to shareholders. The criticism sees conflicting obligations where none plausibly exist and identifies strategies for resolving these apparent conflicts that are unknown to corporate law. In fact, the plausible outcome of an information fiduciary regime is exactly the opposite of what critics fear. Under the information fiduciary model, corporate law would require compliance with user-regarding obligations, creating incentives for directors to favor users’ interests over those of shareholders.

The basic reason is that Delaware law altogether avoids tension with regimes such as Balkin’s. Delaware corporate law requires directors to exercise their discretion within legal limits imposed on the corporation; it does not license or excuse non-compliance with corporate obligations, even if directors believe that doing so would maximize shareholder value. And Delaware law offers no suggestion that a corporation’s duties or responsibilities should be diluted or otherwise shaped by the content of directors’ duties. Rather, case law indicates clearly that directors must act “within the law.”

Delaware law not only provides no room for directors to operate in the way Khan and Pozen fear they will, the law also affirmatively seeks to prevent directors from reneging on obligations. Delaware law exposes directors to liability if they intentionally violate the corporation’s obligations, no matter the reasons for the violation. A director who “acts with the intent to violate applicable positive law, or … [who] intentionally fails to act in the face of a known duty to act, demonstrating a conscious disregard for his duties” may fail to act in good faith, resulting in liability for fiduciary breach. It is no excuse to claim that disregarding the corporation’s obligations nevertheless increased profits. Corporate fiduciary law thus creates incentives for directors to ensure corporations comply with their obligations.

In the paper, I show how similar strategies to the information fiduciary model have been used in the financial services industry and that Khan and Pozen’s arguments find no support in that setting. In fact, the problem of conflicting fiduciary obligations as described by Khan and Pozen has not been addressed or even identified by courts, policymakers, or commentators in the financial services setting. Nor have corporations themselves identified the issue or suggested that corporate duties have to be diluted in the face of “higher” directors’ duties. In short, the crude, shareholders-first-and-only version of corporate law critics seem to take for granted does not exist today. The claimed tension between the information fiduciary model and Delaware corporate law is illusory.

Claimed Incompatibility with Digital Companies’ Self-Interest

Here, critics express two related concerns. The first is that Facebook and other digital companies have such powerful self-regarding incentives that these companies may not properly be characterized as fiduciaries of their users. The second is that these companies could not satisfy fiduciary duties unless their business models were transformed.

I reject these concerns. Briefly put, self-interested incentives themselves are not a barrier to the imposition of fiduciary duties. In fact, it may well be the drive to serve self-interest that creates the need for fiduciary protection, and fiduciary constraints on self-interest may be most valuable when parties would otherwise be likely to act on their self-serving incentives.

As for the potential breakup of firms, it is an open question whether an information fiduciary model would disrupt digital companies’ business models. Much depends on the content and scope of any duties imposed (greater specificity is required from advocates of the model on these questions). Fiduciary law has proven itself adaptable enough to survive such challenges in other settings: financial services regulation includes examples of fiduciary law operating in the presence of the conflicting interests and tensions much like those that critics claim beset the relationships between social media companies and their users. And even if organizational change were required, the question would be whether such change is desirable; the need for change would not itself be fatal to the imposition of user-regarding fiduciary duties.

The paper is available here.

Both comments and trackbacks are currently closed.