Brokering Safety identifies a failure of privacy law: the tendency to allocate responsibility to individuals through opt-out and deletion rights, even as informational harm is generated by distributed systems capable of reconstructing, predicting, and targeting individuals over time. Privacy self-management fails, the Article shows, because the law has assigned them a task that the architecture of the data broker ecosystem made impossible. By grounding its critique in system design, Brokering Safety reframes the problem at the right level of analysis and points toward a corresponding solution: redistribution of responsibility from individuals to the institutional actors who generate exposure at scale. This comment builds on a mechanism in the Brokering Safety analysis. That mechanism is inference: the capacity of distributed systems to generate reliable, actionable knowledge about individuals by aggregating and recombining incomplete, loosely related data. This mechanism strengthens the centralized obscurity proposal by clarifying that the inadequacy of existing regimes reflects a category error: regulating transactions in data rather than the production of knowledge.

‍Companies in the networked information economy collect personal data to provide their services. Businesses are also always keen to develop other ways to monetize this consumer information. A handful of the largest leverage their platforms to serve content or ads on behalf of paying advertisers. After all, many companies are willing to pay handsomely for targeted access to potential buyers across devices. Others sell the data to third parties who find further commercial uses for it. Current legal doctrine allows this last category—data brokers—to sell or license personal data although they are not the ones to collect it from consumers. Meanwhile, most people do not know or understand these background deals and practices, even when they consent to them. Most consumers feel that they have no choice but to click yes and accept the terms of service. To put it starkly: the prevailing regulatory approach in the United States has effectively normalized data exposure.

‍Tragically, U.S. privacy law has neglected to address a significant dimension of privacy. While lawmakers and judges have routinely recognized intrusions into our secluded spaces and breaches of our confidentiality and secrecy, they have largely failed to protect our most common yet also our most underappreciated form of privacy: the practical obscurity that allows us to live freely and with dignity. Obscurity, which is the state of protection that arises when personal information is difficult for some people to obtain or correctly interpret, serves several vital interests: (1) it safeguards our ability to express ourselves without fear that everything we say could be used against us; (2) it enables us to participate in key democratic processes like protesting without the government recording our opposition in a database; and (3) it allows us to form intimate relationships where we selectively share what is on our minds and in our hearts. Ultimately, obscurity provides the “breathing room” we need pursue self-development or establish healthy boundaries with others.