Document Type


Publication Title

Notre Dame Law Review


Privacy law keeps getting stronger, but surveillance-based businesses have proven immune to these new legal regimes. The disconnect between privacy law in theory and in practice is a multifaceted problem, and one critical component is enforcement.

Today, most privacy laws are enforced by governmental regulators—the Federal Trade Commission, the nascent California Privacy Protection Agency, and state attorneys general. An enduring impasse for proposed privacy laws is whether to supplement public enforcement by using a private right of action to authorize individuals to enforce the law.

Both of these conventional enforcement schemes have significant shortcomings. Public enforcement has proven inadequate because resource-constrained regulators only rarely bring enforcement actions, and the resulting consent decrees tend to entrench the status quo. Meanwhile, private enforcement is increasingly infeasible thanks to defendant- friendly Supreme Court decisions about the Federal Arbitration Act, Article III standing, and class action certification.

This Article proposes a hybrid approach: policymakers should enact privacy laws that authorize qui tam enforcement. A qui tam is an ancient legal action that authorizes a private plaintiff called a relator to redress an injury suffered by society, and successful relators are entitled to a portion of the recovery. A privacy qui tam is responsive to the shortcomings with both public and private enforcement: individuals are empowered to sue lawbreakers, but these suits don’t face the same obstacles as private rights of action.

Qui tam has traditionally protected collective rights, so a crucial question about the viability of a privacy qui tam is whether violations of privacy law could be considered collective injuries amendable to qui tam enforcement. Fortunately, privacy scholars in recent years have convincingly shown that privacy is a social phenomenon that requires policy intervention at a structural level. A privacy qui tam therefore operationalizes privacy theory and promises to fill the enforcement void left by overwhelmed regulators and infeasible private rights of action.

First Page


Last Page


Publication Date



College of Law

Suggested Citation

Peter Ormerod, Privacy Qui Tam, 98 Notre Dame L. Rev. 267 (2022).

Included in

Law Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.