Georgetown Law
Technology Review

The law often treats vulnerability as a binary status: a person or a group is vulnerable based on their fulfillment of certain conditions. Those deemed vulnerable are thus afforded heightened legal protections. The Children’s Online Privacy Protection Act, for example, imposes stricter requirements on the collection of personal information of those under the age of thirteen. Several federal and state laws safeguard against elder abuse. And the doctrine of contractual incapacity gives those with mental disabilities a legal defense to their contractual obligations.

But vulnerability is neither an a priori nor a dichotomous status. A person and/or group can be made vulnerable to varying degrees. This is increasingly true in digitally mediated environments. Algorithms interfere with our decision-making abilities and social robots engage our emotions to induce disclosure of sensitive information.

The goal of this Note is to explore the relationship between platforms and user vulnerability and consider whether and how the law should respond. To do so, it brings three areas of study into conversation and assigns each area a functional role, each mapping onto the three Parts. Part I discusses the conceptual contribution of vulnerability theory. While the literature is rich in discussions on the influence of digital technology on autonomy, I take vulnerability as the entry point. Doing so scaffolds two ideas. First, because the law recognizes vulnerability as meriting a response, spotlighting vulnerability rather than autonomy gives us a better opening to demand legal protection. Second, vulnerability theory reframes the interest warranting protection from a designated static category to a relational, context-dependent condition that admits of degrees. This gives us a thicker description of the problem. Feminist theory marries vulnerability to a relational account of autonomy. The harm then is not threats to traditional notions of autonomy, which are predicated on atomistic conceptions of selfhood, but to socially constituted capacities. Pressures on these capacities lead to what I call “imposed vulnerability.”

Part II draws from platform studies to offer a descriptive claim. I locate the platform as a distinct actor that imposes vulnerability. Many have written about the contributions of different features of digital environments, such as data flows and technology design, to impairing autonomy, but few have offered a detailed account of the unique role of platforms. This Note builds on those accounts and bridges them to vulnerability. Platforms are not just a new economic model. They are also much more than the facilitators of data flows. Rather, as the architects of the information economy, they decide what information can constitute data and what choices are available in the first place, limiting the possible forms that the self takes in the digital world. In doing so, they constrain the range of options necessary for the full development and exercise of relational autonomy and impose vulnerability on the self.

Finally, building on the conceptual and descriptive claims, Part III looks to the Commission’s Section 5 authority to regulate unfair or deceptive trade acts or practices. Examination of case law and legislative history shows whether and how the Commission might be able to wield its authority to address the power of platforms to render users vulnerable.

Continue Reading