Over the last few years, data privacy has been a concern among legal practitioners and citizens worldwide. The widespread use of the internet and the advancement of technology have inevitably raised issued regarding data privacy. We have all heard about doxxing, which is when people intentionally publish private information about others on the internet without their consent. Worse, we have been warned about how tech behemoths collaborate with powerful governments that are supposed to protect us, allowing them to effortlessly and legally access and exploit our private information without us even realizing. Despite a general trust in these valued modern tools, particularly among younger generations who are unaware of any alternative, these stories have woken up some of us.

Because we live in such a globalized environment, no one is immune to the risks associated with sharing (or simply storing) information online. Everyone should be worried that their personal information is secure at this time. However, citizens of powerful and globalized countries, such as the United States, may be a more attractive target for so-called data thieves or their own governments. We have all read about US government using the pretext of national security to violate nearly any law, national or international, with no repercussions and impose authority not just over other countries but even on their own population. Many of us wonder how they manage do it. It raises the question of whether there is indeed any data privacy law in the United States that protects us.

At first glance, it may appear that the absence of a federal data protection law creates a regulatory void, making individuals vulnerable to exploitation and misuse of their personal information. However, this perception contradicts the reality of a carefully constructured legal structure designed to provide a form of legal repulsion or immunity. This immunity, like a subsidy, shields certain entities from legal costs and exposures, thereby facilitating their dominance within the digital landscape.

Central to this legal engineering is Section 230 of the Communications Decency Act, a key piece of legislation that has significantly shaped the online ecosystem. Section 230 represents demonstrates that there is no such thing as a lack of regulation, but rather a deliberate intervention by Congress, administrations, and independent agencies to immunize online platforms from liability for user-generated content. As a result, section 230 has empowered these entities to reshape not only the digital sphere but also the broader geopolitical and economic interests of the United States.

The implications of this legal engineering extend far beyond the digital sphere, affecting the society and democracy at its core. While the platform industries have made enormous fortunes, concerns remain about the impact on individual privacy rights, democratic values, and national security. The existence of the "no-law" zone raises profound questions about the balance between innovation and regulation, individual freedoms and corporate interests, and the role of government in safeguarding the public interest.

As we navigate the complexities of data privacy in the digital age, we must go beyond the arguments of absence and face the reality of legal and administrative engineering. By critically examining the implications of the "no-law" zone, we can begin to understand the intricacies of data privacy in the United States and pave the way for informed policymaking and social debate.

Simply put, the absence of a federal data protection law in the United States is not merely an oversight but a carefully constructed legal framework designed to serve specific interests. By reframing the debate around data privacy within the context of the "no-law" zone, we can gain a deeper understanding of the challenges and opportunities inherent in the digital age. Only through a critical examination of this legal and administrative engineering we hope to address the complexities of data privacy and safeguard the fundamental rights of individuals in an increasingly interconnected world.

It appears convenient that in certain cases, federal governments have fought and succeeded to heavily regulate certain individual's activities in the internet that, according to them, may represent a threat to national security, but have not made the same effort with regards to platform industries, as it does not serve their own interests. Take the press or media industry as an example. News or media companies have been heavily regulated for years, with a particular license required to carry out this activity due to the potential of public misinformation. Again, we ask how data protection cannot be as relevant to federal government when it comes to people's right to privacy, which is guaranteed by the Fourth and First Amendments of US Constitution and should be protected at all times. Indeed, according to Supreme Court Justice Louis Brandeis's famous dissent in Olmstead v. United States, even before modern technology threats, "the makers of our Constitution, conferred, as against the government, THE RIGHT TO BE LET ALONE, the most comprehensive of rights and the right most valued by civilized men"

Sources: Pittman, F.P., Hafiz, A. and Hamm, A. (2023). "Relevant Legislation and Competent Authorities", in Data Protection Laws and Regulations USA 2023-2024. Global Legal Group. Available at: https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa (Accessed: 27 February 2024).

Class discussions on February 28, 2024 at professor's Eben Moglen course Computers, Privacy and the Law.

Constitutional Origin of the Right to Privacy (2009). American Library Association. Available at: https://www.ala.org/ala/washoff/contactwo/oitp/emailtutorials/privacya/05.htm (Accessed February 29, 2024).