Helen Nissenbaum, Katherine Strandburg, Salome Viljoen

This Article considers how the current regulatory paradigm in privacy law enables digital technology companies to “dodge” privacy regulations with which other companies offering similar services must comply. Analyzing how the current regime facilitates such effects is important for diagnosing the shortcomings of existing laws, for revealing harmful effects on individuals and social institutions, and for developing effective alternatives. These questions gain urgency in light of the growing consensus among scholars and policymakers around the need for privacy law reform. 
 
 With carefully drawn case studies, the Article applies the framework of contextual integrity to highlight properties of technical systems, practices, and business models that allow such cases to dodge relevant privacy law. It explains why recent efforts to limit anticompetitive (monopolistic) practices are not attuned to these dodges, even though they may be protective against other harms. It also argues that omnibus privacy laws, while promising, may fail to address challenges of the “dodge,” without properly targeted efforts. 
 
 Although it is not unusual for corporate actors to engage in regulatory avoidance, the Article demonstrates how powerful industry counterforces exploit technical affordances to expose the distinctive vulnerabilities of our tenuous privacy regime. Recognizing these vulnerabilities to “dodge” is a first step; the Article suggests further steps to address and fortify against them.