Skip to content

A General Defense of Information Fiduciaries


Andrew Tuch is Professor of Law at Washington University School of Law.

This post is part of our series on “information fiduciaries” and data governance.

In 2016, Jack Balkin introduced the highly influential idea of making digital companies “information fiduciaries” of their users (see here and here). This reform would impose fiduciary duties of loyalty, confidentiality, and care, intended to ensure that social media companies like Facebook, Google, and Twitter do not betray the confidence users place in them. The information fiduciary model is under review in draft laws at state and federal levels.

But while there is enthusiasm behind this model, it faces powerful opposition from scholars. In A Skeptical View of Information Fiduciaries, Lina Khan and David Pozen trenchantly criticize Balkin’s proposal, arguing that it “could cure at most a small fraction of the problems associated with online platforms—and to the extent it does, only by undercutting directors’ duties to shareholders, undermining foundational principles of fiduciary law, or both.” Summarizing the critique, Pozen calls Balkin’s proposal “flawed—likely beyond repair—on conceptual, legal, and normative grounds”. This blog organized a symposium around Khan and Pozen’s then-draft article, publishing posts largely unquestioning of its criticisms. Indeed, these criticisms have been broadly accepted; it is now rare to see commentary of Balkin’s proposal without a qualifying reference to or discussion of A Skeptical View of Information Fiduciaries.

In A General Defense of Information Fiduciaries, I argue that neither of Khan and Pozen’s primary criticisms of the information fiduciary model holds water. My purpose is not to promote the information fiduciary model but to ensure that unsound objections to it do not stand, so that the model might be examined on its own terms. By exposing and highlighting flaws in Khan and Pozen’s criticisms, I also hope to prevent potentially pernicious consequences in other spheres of regulation which may follow if policymakers accept these criticisms. This concern exists because, on their face, Khan and Pozen’s arguments extend to fiduciary regimes in other industries, with similarly troubling consequences.

Claimed Incompatibility with Corporate Law

Khan and Pozen’s primary objection is that Balkin’s proposal is incompatible with corporate law in Delaware, where the relevant companies incorporate. According to Khan and Pozen, Balkin would impose user-regarding duties on Facebook and its ilk while corporate law already imposes shareholder-regarding duties on corporate directors, creating “the problem of conflicting fiduciary obligations,” a problem they fault Balkin for “never [having] squarely addressed.” Khan and Pozen worry that Facebook’s directors will face the “untenable position of having to violate their fiduciary duties (to stockholders) under Delaware law in order to fulfill their fiduciary duties (to end users) under the new body of law that Balkin proposes—at least barring some sort of ‘heavy-handed government intervention’ that clearly prioritizes the latter set of duties.”

Khan and Pozen’s analysis is mistaken in key ways. As a threshold matter, Khan and Pozen frequently overlook, or mistake, the identities of the fiduciaries themselves. Under Balkin’s proposal, fiduciary obligations would be imposed on distinct actors: corporations would be information fiduciaries while directors would continue to be corporate fiduciaries under Delaware law. Khan and Pozen seem to think that both fiduciary obligations would be owed by the same actors, though they are not not clear about which. Sometimes they claim both obligations would be owed by Facebook while other times they claim both would be owed by Facebook’s directors. One source of the allegedly irreconcilable conflict thus seems to be their own confusion.

More importantly, the “problem” of conflicting interests managed by distinct fiduciary duties occurs routinely in corporate law. It arises whenever fiduciary obligations (beyond those owed to shareholders) are imposed on a Delaware corporation. For instance, it arises in the financial services industry when Goldman Sachs or BlackRock act as investment advisers (and therefore as fiduciaries to investors). And when fiduciary obligations are imposed on a Delaware corporation, those duties do not conflict with directors’ duties. Delaware corporate law requires directors to exercise their discretion within legal limits imposed on the corporation; it does not license or excuse non-compliance with corporate obligations, even if directors believe that doing so would maximize shareholder value. And Delaware law offers no suggestion that a corporation’s duties or responsibilities should be diluted or otherwise shaped by the content of directors’ duties. Rather, case law indicates clearly that directors must act “within the law.” As the Delaware Chancery Court once put it, “one cannot act loyally as a corporate director by causing the corporation to violate the positive laws it is obliged to obey.”

Khan and Pozen offer no reason to doubt that the “problem” afflicting social media companies would be any different. Indeed, the plausible outcome of an information fiduciary regime is exactly the opposite of what Khan and Pozen fear: corporate law would create incentives for digital companies’ directors to favor users’ interests over those of shareholders. Similar regulatory tools to Balkin’s apply to constrain corporate conduct in other industries, including financial services, with no suggestion—by courts, regulators, or scholars—of any incompatibility with basic corporate law principles.

(For more detailed reasoning, see here and here.)

Claimed Incompatibility with Self-Interest

Khan and Pozen’s other core objection is that the information fiduciary model is incompatible with digital companies’ powerful self-interests. The objection reflects twin concerns. According to the first, Facebook and other digital companies have such powerful self-regarding incentives that these companies may not properly be characterized as fiduciaries of their users; such incentives should be seen “as an insuperable obstacle to a fiduciary relationship,” Khan and Pozen suggest. Under the related concern, digital companies could not satisfy fiduciary duties unless their business models were fundamentally transformed. To impose user-regarding duties on digital companies, Khan and Pozen write, “and wind up with anything recognizable as a fiduciary relationship, it seems to us that the legislators would have to force fundamental changes in the companies’ business practices . . . and preempt or dilute the stockholder-regarding norms under which the companies currently operate.”

However, fiduciary law can, and often does, operate in settings in which fiduciaries’ have powerful self-interests. Fiduciary duties may be, and frequently are, imposed on actors with powerful incentives to serve their own interests rather than those of their customers. This is because self-interested incentives themselves are not a barrier to the imposition of fiduciary duties. In fact, it is often the very drive to serve self-interest at the expense of another that creates the need for fiduciary protection.

It is also no barrier to the information fiduciary model to assert that digital companies currently fall short of fiduciary standards. To the extent Khan and Pozen argue that digital companies cannot now act with fiduciary loyalty, this suggests that firms’ existing practices would need to change under the force of fiduciary duties, not that fiduciary duties could not be imposed. As fiduciaries, digital companies would hardly be unique in having powerful self-regarding motivations and relying on business practices that create opportunities and incentives for firms to act contrary to customers’ interests.

The concern that these companies could not satisfy fiduciary duties without “fundamental changes in the companies’ business practices” is similarly overstated. Khan and Pozen do not specify what “fundamental changes” may be required under a fiduciary regime, although, importantly, they never claim that these firms could not continue to operate or earn profits under a strong fiduciary regime.

If Khan and Pozen’s point is that a particularly strong version of fiduciary duties may require significant changes of digital firms’ practices, I agree. But the need for such changes should not be seen as necessarily undermining the information fiduciary model; it is entirely possible that these changes in firms’ practices would be desirable, since they would be the product of strongly user-protective duties. These changes might also be consistent with the “more ambitious approaches” to regulatory reform that Khan and Pozen favor. Accordingly, if an information fiduciary model were to require “fundamental changes” of digital companies, this might give Khan and Pozen reason to support, rather than oppose, particularly robust fiduciary duties. After all, don’t they think these firms should fundamentally change their business practices?


Once one clears away Khan and Pozen’s primary criticisms, the information fiduciary model remains subject to an array of questions about calibration, fit, and comparison. Is the model framed too widely or not widely enough? Would it tackle the most serious problems posed by digital companies? Would an information fiduciary regime be cost-effective? How does it weigh against alternatives? How well would it fit with other regulatory strategies? These are reasonable questions, many of which Khan and Pozen also raise in response to Balkin’s proposal. Such questions may equally be asked of other proposals, as well. My purpose is not to consider these questions, or to dismiss discussion of other reforms, including structural solutions. I seek instead to ensure that all viable options—including the information fiduciary model—remain on the table for consideration and that we do not let stand those criticisms that may also have adverse consequences for stakeholder protections in other spheres of regulation.