Inference, Abuse, and the Limits of Privacy Law

Brokering Safety identifies a failure of privacy law: the tendency to allocate responsibility to individuals through opt-out and deletion rights, even as informational harm is generated by distributed systems capable of reconstructing, predicting, and targeting individuals over time. Privacy self-management fails, the Article shows, because the law has assigned them a task that the architecture of the data broker ecosystem made impossible. By grounding its critique in system design, Brokering Safety reframes the problem at the right level of analysis and points toward a corresponding solution: redistribution of responsibility from individuals to the institutional actors who generate exposure at scale. This comment builds on a mechanism in the Brokering Safety analysis. That mechanism is inference: the capacity of distributed systems to generate reliable, actionable knowledge about individuals by aggregating and recombining incomplete, loosely related data. This mechanism strengthens the centralized obscurity proposal by clarifying that the inadequacy of existing regimes reflects a category error: regulating transactions in data rather than the production of knowledge.