The Legal Imperative to Protect Human Dignity from the Dehumanization of Electronic Surveillance

by J.R. Howell

A person wakes before dawn and reaches for a phone. A prayer app opens, and a map records movement to work. Throughout the day, a search engine receives an anxious medical question, while a browser silently notices which article held attention and which headline was skipped. In the background, a workplace platform logs keystrokes, location, productivity, and pauses, just as a child’s video app learns precisely what holds the child still. By nightfall, a credit model, an advertising exchange, a data broker, an employer, a platform, and perhaps the government itself may each receive some fragment of this ordinary day. The visible experience is convenient and unremarkable, but the hidden systems are not. Beneath the convenience lies a system designed to convert human life into location trails, inference profiles, auction signals, risk scores, behavioral forecasts, and commercial categories. You are being used.

The injury in this modern reality is not only that secrecy has been lost. The deeper injury is that personhood has been thinned into something administrable. A person becomes a monetized dossier with a pulse. 

This reduction is the moral and legal problem that must be confronted. Digital privacy invasions—online electronic surveillance, commercial data extraction, and algorithmic profiling—are not merely informational harms. They dehumanize when they treat the human person as raw material for prediction, manipulation, scoring, and sale. The law should protect privacy not only because information can be sensitive, but because the person is not an object to be harvested. If a person bears an inherent dignity that precedes usefulness, productivity, and consent, then the law must place strict limits on the conditions under which human life may be watched, modeled, and sold.[1] 

Magnifica Humanitas as the Moral Frame

Pope Leo XIV’s encyclical Magnifica Humanitas, issued in 2026 on the human person in the age of artificial intelligence, offers a powerful moral vocabulary for this claim. While the encyclical is not American law, it asks a foundational question that any legal order cannot avoid: what kind of creature does the law think a human being is? The text begins from the conviction that social, economic, and technological systems must be judged by their treatment of the human person. It outlines an account of ontological dignity belonging to every person simply by virtue of existing.[4] Consequently, a person’s worth cannot be measured by engagement, influence, creditworthiness, or predictive utility, and human dignity does not rise simply because a digital profile becomes profitable.

The encyclical is careful not to condemn technology as such, recognizing its capacity to heal, connect, and educate. Yet, it refuses to treat technological progress as self-justifying, insisting that society must ask whether technology serves the person or reorganizes society around extraction, control, and efficiency.[2] The phrase "technology is never neutral"[3] captures this dynamic perfectly, as systems take shape through human choices, financing, design, and use. The machine arrives through institutions, not from the clouds. The text is particularly alert to the ways in which algorithmic systems affect rights, opportunities, and status. It notes that vital decisions about employment, credit, and reputation are increasingly mediated by systems whose operations may be opaque even to those who deploy them.[5] 

Furthermore, the encyclical offers a piercing critique of the attention economy, arguing that digital environments designed to capture time can exploit vulnerability, weaken interior freedom, and become a form of "control over consciences."[6] The text warns against data colonialism, a dynamic in which data extraction becomes an inescapable economic structure. When banking, communication, and civic life require submission to surveillance, consent becomes a polite legal word for dependency. The encyclical’s moral framework is directly intelligible to secular law: when technology becomes the ultimate criterion, the person risks reduction to data and a commodified object.[7] A legal system fails when it permits human beings to be treated primarily as commercial inventory, which undermines the fundamental principles of human worth and dignity upon which all law rests.

The Jurisprudence of Dignity and Legitimate Law

Pope Leo XIV’s moral anthropology harmonizes effortlessly with leading secular jurisprudence. Legitimate law must treat human beings as subjects of rights and bearers of equal worth. Dignity becomes legally functional when it is specified and connected to concrete interests such as decisional autonomy, informational privacy, identity, reputation, equal status, and freedom from objectification. Jeremy Waldron powerfully describes modern dignity as a universalized high rank, meaning every human being bears a high status that law must recognize.[8] Pervasive surveillance directly affronts this high rank, treating the watched person less as a rights-bearing citizen than as an administrative subject whose profile is merely a file of vulnerabilities.

Aharon Barak adds a constitutional vocabulary to this concept, treating human dignity as a constitutional value, an interpretive principle, and a foundation that informs the structure of legal rights.[9] While the United States Constitution lacks a freestanding dignity clause, dignity can guide interpretation and illuminate why some forms of exploitation are intolerable even when they are economically efficient. Christopher McCrudden supplies a necessary caution here: although dignity possesses a common core in human rights discourse, legal systems often disagree sharply about its application.[10] This warning against vague rhetoric is vital because dignity can become ornamental if invoked only as an abstraction.

Leslie Meltzer Henry’s study of the Supreme Court confirms that dignity references are real but varied across American law, emphasizing the need for precision.[11] The dignity at stake in digital surveillance is not mere etiquette, but rather a fundamental status of the person as a moral and legal subject. Erin Daly and Michael Rosen further demonstrate that dignity is bound up with human worth, control over one’s life, participation in society, and a rich philosophical history.[12][13] Supported by Ronald Dworkin’s demand for equal concern and respect, and Lon Fuller’s insistence that the rule of law must respect human agency, this jurisprudential bridge leads to a clear legal proposition: a legal order worthy of authority must refuse to classify persons as mere instruments. Privacy law recognizes that human beings have an interior and relational life that cannot be fully converted into data and sold without limit.

U.S. Constitutional Law: Privacy and Dignity as Legal Values

American constitutional law, while not always explicitly or clearly naming dignity, consistently utilizes dignity and privacy as intertwined legal values when confronting technological overreach. In Katz v. United States, the Supreme Court established the foundational principle that the Fourth Amendment protects people, not merely places.[14] This shift acknowledged that an electronic ear could invade a person’s protected sphere without physical entry. The Court expanded this insight in Kyllo v. United States, holding that the use of sense-enhancing technology to obtain details of the home as a search.[15] This principle is larger than its facts: technology can pierce privacy without breaking a door, just as digital systems constantly infer, aggregate, and reveal.

As surveillance capabilities grew, the Court began addressing the mosaic problem of long-term tracking. United States v. Jones dealt with GPS tracking. While the majority focused on physical trespass, the concurring opinions recognized the deeper threat, noting that long-term tracking generates a precise record of a person's movements and associations.[16] This concern anticipated the modern digital environment, leading to the landmark decision in Riley v. California, where the Court rejected the analogy between a cell phone and a physical container. The Court declared that cell phones contain the privacies of life.[17] The device is intimately close to the person because it holds fragments of the person’s existence, from medical questions to relationships.

This reasoning culminated in Carpenter v. United States, addressing cell-site location information. The Court held that acquiring historical cell-site records constitutes a search because location data provides near-perfect surveillance, and carrying a cell phone is practically indispensable to modern life.[18] By limiting the traditional third-party doctrine established in cases like Smith v. Maryland and United States v. Miller—where information voluntarily conveyed to third parties lost Fourth Amendment protection.[19] Carpenter recognized that digital life makes absolute forfeiture of privacy untenable. While informational privacy under the Constitution remains limited and uncertain, as seen in Whalen v. Roe and NASA v. Nelson, these cases demonstrate that constitutional privacy becomes more urgent when technology makes observation inescapable.[20] Furthermore, cases like Lawrence v. Texas and Obergefell v. Hodges rely heavily on dignity-inflected terms and speak of equal dignity under law.[21][22] Although not surveillance cases, they confirm that American constitutional reasoning already recognizes that law degrades persons when it misdescribes their humanity. 

Put another way, the Supreme Court has a long history of interpreting the Constitution in a manner that protects us from dehumanization.

Federal Statutory Privacy Law as Partial Dignity Protection

Federal privacy law is famously fragmented, yet its various components reveal a recurring intuition: people should not be secretly intercepted, profiled, judged, manipulated, or exposed without legal limits. The Electronic Communications Privacy Act, which includes the Wiretap Act, the Stored Communications Act, and pen register and trap-and-trace provisions, protects communications in transit and storage and regulates surveillance metadata collection.[23] Communications privacy protects persons in relation as intercepting a call or reading stored correspondence intrudes upon the channels through which people love, confess, deliberate, and organize.

The Federal Trade Commission Act supplies another critical tool, as Section 5 prohibits unfair or deceptive acts or practices.[24] The FTC has utilized this authority to address broken privacy promises, dark patterns, and data-security failures. Recent actions against data brokers underscore the dignity problem. Selling precise geolocation data that reveals visits to places of worship or reproductive-health facilities treats deeply personal human movement as inventory.[25] The Fair Credit Reporting Act addresses a different form of reduction, mandating that consumer reporting agencies exercise grave responsibilities with fairness, impartiality, and respect for privacy.[26] The dignity harm lies in being judged by inaccurate or opaque information, where a person becomes a mere score that blocks a doorway to housing or employment.

Federal law also recognizes that some relationships involve vulnerability so profound that ordinary market consent is inadequate. The Children’s Online Privacy Protection Act requires parental control over children's information and restricts the monetization of children's data through targeted advertising disclosures.[27] Sectoral laws reinforce this dignity logic. HIPAA protects individually identifiable health information held by covered entities and business associates.[28], the Gramm-Leach-Bliley Act requires safeguards for customer financial information.[29], and the Video Privacy Protection Act restricts the disclosure of video-viewing records and creates a private civil remedy.[30] Exposure in these specific zones of health, finance, and intellectual curiosity can severely distort freedom and opportunity. Finally, statutes like the Crime Victims’ Rights Act explicitly grant victims the right to be treated with fairness and with respect for dignity and privacy.[31] This linguistic choice proves that dignity is not an alien or theological word in American law, but a functional requirement for respecting the person.

California as a Dignity and Privacy Laboratory

California offers the most comprehensive domestic model for bridging privacy and dignity. Article I, section 1 of the California Constitution expressly names privacy among the inalienable rights of all people.[32] The California Supreme Court treats this guarantee seriously. Consider White v. Davis where the court emphasized that the privacy amendment was aimed in part at the government’s collection and retention of unnecessary information about citizens.[33] In Hill v. NCAA, the court established the basic framework for privacy claims, requiring a legally protected interest, a reasonable expectation of privacy, a serious invasion, and a balancing against legitimate competing interests.[34] This confirms that a dignity-centered privacy law must be capable of proportion and context. Furthermore, Marsy’s Law explicitly provides that victims are to be treated with fairness and respect for privacy and dignity.[35] 

California’s statutory law confronts technological threats directly. The California Invasion of Privacy Act operates on legislative findings that advances in science and technology have produced new devices that invade privacy and threaten the free exercise of personal liberties.[36] Its all-party consent rules reflect a conviction that technologically mediated listening degrades liberty. Similarly, the California Electronic Communications Privacy Act generally requires a warrant, wiretap order, or consent for government access to electronic communications and device information, channeling power through legal process and minimization requirements.[37] 

In the consumer market, the California Consumer Privacy Act, amended by the California Privacy Rights Act, creates robust rights to know, access, delete, correct, opt out of sale or sharing, limit sensitive information, and avoid discrimination for exercising privacy rights.[38] Crucially, California law provides that contracts purporting to waive or limit CCPA rights are contrary to public policy and unenforceable.[39] Privacy rights are not disposable bargaining chips. The California Privacy Protection Agency continues to build on this, adopting regulations addressing risk assessments, cybersecurity audits, and automated decisionmaking technology, effective January 1, 2026.[40] 

California also vigorously defends identity against commercial exploitation. Civil Code section 3344 creates liability for the unauthorized commercial use of a person’s name, voice, signature, photograph, or likeness, subject to important exceptions.[42] Section 3344.1 extends these protections to deceased personalities and covers digital replicas in specified contexts.[43] Recent laws like AB 2602 make provisions allowing the creation of a digital replica unenforceable when the agreement lacks specific description and the individual lacked counsel or union representation.[44] AB 1836 strengthens postmortem protections against unauthorized commercial digital replicas of deceased performers, subject to expressive-use exceptions.[45] These laws demonstrate a vital principle: even when a contract exists, the law may refuse to enforce a bargain that turns the person into a reusable asset without dignity-respecting limits.

Consent and Dehumanization

The concept of consent is central to privacy, but it requires nuanced treatment. Consent remains essential, as autonomy demands that adults be free to make choices about their data, identity, publicity, employment, services, and technology. Privacy law must not infantilize the person by treating every disclosure as victimization. However, consent is not a universal solvent that dissolves every dignity concern. In digital environments, consent is often buried, bundled, unavoidable, manipulated, or extracted through design. Users face screens no one reads and take-it-or-leave-it terms they cannot negotiate, authorizing downstream uses and model training that even experts struggle to trace.

Daniel Solove’s critique of privacy self-management highlights this structural failure: notice-and-choice regimes ask individuals to manage a data ecosystem of impossible complexity, utilizing consent to legitimize practices that people cannot practically refuse.[46] Julie Cohen further explains that privacy shelters the development of subjectivity from efforts to render people fixed, predictable, and programmable.[47] Neil Richards frames privacy as a matter of power, identity, freedom, and trust.[48], while Danielle Citron points out the devastation when exposure is targeted at vulnerable people.[49] Anita Allen argues that some privacy protections are justified even when people do not demand them, because the conditions of freedom sometimes require more than expressed preference.[50] 

The encyclical’s account of ontological dignity gives this legal argument moral force. A person may license their data or image, but the law should resist the claim that a person can be made into a thing by contract. The law routinely refuses to enforce contracts that violate public policy, limits waivers in employment and civil rights contexts, oversees children’s consent, and imposes fiduciary duties. The law continually affirms that personhood is not just another commodity. Digital dehumanization can therefore occur even under the banner of consent. When social participation requires surrendering one’s movements, vulnerabilities, attention, and identity to invisible systems, consent becomes less a manifestation of freedom than a toll charged for entry into ordinary life. Dignity must set the outer limits on what may be demanded as the price of participation.

Counterarguments and Responses

To construct a durable framework, several counterarguments must be addressed. The first is that dignity is too vague for law. The response is to specify the dignity interest at stake. Courts should not invoke dignity as a decorative word, but must tie it to concrete legal interests: informational privacy, bodily integrity, decisional autonomy, identity, reputation, equal status, and freedom from objectification. McCrudden and Rao are right to warn against indeterminacy[51], but this warning strengthens the argument by forcing legal precision.

The second counterargument asserts that people voluntarily trade data for services. While some exchanges are legitimate, this ignores structural reality. Consent loses moral force when refusal excludes people from work, school, finance, health care, or public participation, and when the user cannot know what is being inferred or retained to make consequential decisions.

Third, critics note that data-driven services create convenience, innovation, and economic value. The response is not anti-technology, but rather anti-reduction. The law should favor innovation that heals, educates, and empowers, while resisting innovation that monetizes vulnerability and makes human behavior programmable for profit. Technology must serve persons rather than consume them.

Fourth, proponents of surveillance argue it protects safety and enforces law. The dignity-based answer is not to ban every search or warrant, but to require proportion, legal authority, accountability, minimization, and recourse. California's electronic privacy laws show that access can be permitted while subject to warrant, particularity, handling, and destruction requirements.[52] 

Finally, privacy can conflict with speech and public information. This serious objection requires tailoring the claim specifically toward invasive surveillance, exploitation, opaque scoring, and unauthorized commercialization of identity. The argument does not seek to suppress journalism, criticism, or legitimate expression, just as California’s digital-replica laws preserve exceptions for news, commentary, scholarship, satire, parody, documentary, and related expressive uses.[53] 

Protecting the Dignity of Human Existence

The law’s task is not to make digital life unseen. Human beings live in community, and visibility can be part of love, work, justice, and democratic life. The legal problem begins when being seen becomes being harvested, and being known becomes being owned. A dignity-centered digital law would begin with strict data minimization and purpose limitation, ensuring organizations collect only what is needed for legitimate purposes and do not silently repurpose it for manipulation or resale.

Such a law must impose strong limits on the sale and sharing of sensitive data, including location, health, biometric, and child-related information. It must mandate usable, meaningful deletion and opt-out rights. Special protection must be afforded to people whose dependence weakens consent: workers, tenants, patients, students, and minors. Furthermore, the law must restrict the government's ability to purchase commercially collected data that would otherwise require legal process, ensuring constitutional rights are not outsourced to the data-broker market.

A dignity-centered law demands algorithmic transparency, explanation, and recourse for consequential automated decisions affecting employment, credit, housing, or health care. Dignity impact assessments, such as risk assessments and cybersecurity audits, are necessary steps in that direction. Finally, enforcement mechanisms must provide real, painful remedies to deter profitable violations. Courts need a legal vocabulary capable of naming the injury when surveillance reduces the person to an object.

The person who opened the phone before dawn should not have to choose between digital participation and human dignity. The law cannot promise that no one will ever be observed. But it can, and must, insist that observation be bounded by purpose, proportion, accountability, and respect. The law can unequivocally state that the human being is not a mere data object, not a behavioral quarry, not a score, not a signal, and not a commodity. By refusing to let digital life become an unregulated market in the person, the law can protect the fundamental dignity of human existence.

Endnotes

[1] Pope Leo XIV, Encyclical Letter Magnifica Humanitas ¶¶ 1-10, 50-53, 101-05, 170-80 (May 15, 2026) (framing artificial intelligence and digitalization through Catholic social teaching’s account of inherent human dignity and the common good). 

[2] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶¶ 4-10 (describing digitalization, artificial intelligence, robotics, and private technological power as transformative social forces that can serve or harm human flourishing). 

[3] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶ 10 (explaining that technology bears the marks of those who design, finance, regulate, and use it). 

[4] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶¶ 50-53 (rejecting accounts of human worth based on achievement, productivity, efficiency, or usefulness). 

[5] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶¶ 101-05 (warning that AI systems increasingly affect rights, opportunities, status, freedom, employment, credit, public services, and reputation). 

[6] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶¶ 170-72 (criticizing the digital attention economy, profiling, prediction, social control, conformity, self-censorship, and manipulation of conscience). 

[7] Pope Leo XIV, Magnifica Humanitas, supra note 1, ¶¶ 178-80 (warning against data colonialism and the reduction of the person to data, machine part, or commodity). 

[8] Jeremy Waldron, Dignity, Rank, and Rights 33-59 (Meir Dan-Cohen ed., Oxford Univ. Press 2012) (arguing that modern dignity universalizes a high legal status once associated with rank). 

[9] Aharon Barak, Human Dignity: The Constitutional Value and the Constitutional Right 103-21, 221-35 (Cambridge Univ. Press 2015) (treating human dignity as constitutional value, constitutional right, interpretive principle, and source of rights). 

[10] Christopher McCrudden, Human Dignity and Judicial Interpretation of Human Rights, 19 Eur. J. Int’l L. 655, 679-724 (2008) (identifying a basic common core of dignity while warning that applications diverge across legal systems). 

[11] Leslie Meltzer Henry, The Jurisprudence of Dignity, 160 U. Pa. L. Rev. 169, 175-82 (2011) (showing that the Supreme Court invokes dignity in varied ways and arguing for greater conceptual precision). 

[12] Erin Daly, Dignity Rights: Courts, Constitutions, and the Worth of the Human Person 1-21 (Univ. of Pa. Press 2012) (describing dignity rights as protecting human worth, control over life, and social existence). 

[13] Michael Rosen, Dignity: Its History and Meaning 1-30 (Harvard Univ. Press 2012) (tracing the philosophical and religious history of dignity and its modern legal uses). 

[14] Katz v. United States, 389 U.S. 347, 351-53 (1967) (holding that electronic eavesdropping on a phone booth implicated Fourth Amendment protections because the Amendment protects people, not merely places). 

[15] Kyllo v. United States, 533 U.S. 27, 34-40 (2001) (holding that use of sense-enhancing technology to obtain information about the interior of a home can constitute a search). 

[16] United States v. Jones, 565 U.S. 400, 404-05, 415-18, 430-31 (2012) (holding that GPS installation and monitoring was a search and, in concurring opinions, identifying the privacy threat of long-term location aggregation). 

[17] Riley v. California, 573 U.S. 373, 393-97, 403 (2014) (requiring a warrant to search digital information on a cell phone seized incident to arrest because phones contain immense quantities of private life). 

[18] Carpenter v. United States, 585 U.S. 296, 309-17 (2018) (holding that acquisition of historical cell-site location information was a Fourth Amendment search due to the depth, breadth, and automatic nature of location records). 

[19] Smith v. Maryland, 442 U.S. 735, 743-46 (1979) (holding that use of a pen register did not violate a reasonable expectation of privacy). United States v. Miller, 425 U.S. 435, 442-44 (1976) (holding that bank records held by a third party were not protected by the Fourth Amendment). 

[20] Whalen v. Roe, 429 U.S. 589, 598-605 (1977) (recognizing privacy interests in medical information while upholding a state prescription database). NASA v. Nelson, 562 U.S. 134, 147-59 (2011) (assuming without deciding a constitutional informational privacy interest while upholding government background checks). 

[21] Lawrence v. Texas, 539 U.S. 558, 567, 574-78 (2003) (using dignity-inflected liberty reasoning to invalidate criminal punishment of private consensual intimate conduct). 

[22] Obergefell v. Hodges, 576 U.S. 644, 663-64, 681 (2015) (linking marriage, liberty, equality, autonomy, and equal dignity under law). 

[23] Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848, codified as amended at 18 U.S.C. §§ 2510-2523, 2701-2713, 3121-3127 (regulating interception, stored communications, and pen register or trap-and-trace surveillance). 

[24] 15 U.S.C. § 45(a)(1) (prohibiting unfair or deceptive acts or practices in or affecting commerce). 

[25] Complaint for Permanent Injunction and Other Relief, Fed. Trade Comm’n v. Kochava Inc., No. 2:22-cv-00377 (D. Idaho Aug. 29, 2022) (alleging unfair sale of precise geolocation data revealing sensitive visits and movements). Fed. Trade Comm’n, FTC Sues Kochava for Selling Data that Tracks People at Reproductive Health Clinics, Places of Worship, and Other Sensitive Locations (Aug. 29, 2022) (summarizing the agency’s theory of harm from location-data sales). 

[26] 15 U.S.C. § 1681(a)-(b) (finding that consumer reporting agencies exercise grave responsibilities and requiring fairness, impartiality, confidentiality, accuracy, relevance, and proper use). 

[27] Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (regulating online collection of personal information from children under thirteen). Fed. Trade Comm’n, FTC Finalizes Changes to Children’s Privacy Rule Limiting Companies’ Ability to Monetize Kids’ Data (Jan. 16, 2025) (describing amendments strengthening parental control and limiting targeted advertising disclosures). 

[28] 45 C.F.R. pts. 160, 164 (2026) (establishing HIPAA privacy rules for protected health information held or transmitted by covered entities and business associates). U.S. Dep’t of Health & Hum. Servs., Summary of the HIPAA Privacy Rule (Mar. 14, 2025) (explaining that the rule protects individually identifiable health information in electronic, paper, and oral forms). 

[29] 15 U.S.C. §§ 6801-6809 (establishing privacy and safeguard obligations for financial institutions). 16 C.F.R. pt. 314 (2026) (requiring reasonable administrative, technical, and physical safeguards for customer information under the FTC Safeguards Rule). 

[30] 18 U.S.C. § 2710(b)-(c) (restricting disclosure of personally identifiable video-viewing information and creating a civil remedy). 

[31] 18 U.S.C. § 3771(a)(8) (granting crime victims the right to be treated with fairness and with respect for dignity and privacy). 

[32] Cal. Const. art. I, § 1 (recognizing privacy among the inalienable rights of all people). 

[33] White v. Davis, 13 Cal. 3d 757, 773-76 (1975) (allowing claims challenging covert police surveillance and explaining that the California privacy amendment sought to limit unnecessary government collection of personal information). 

[34] Hill v. Nat’l Collegiate Athletic Ass’n, 7 Cal. 4th 1, 35-40 (1994) (establishing the elements and balancing framework for California constitutional privacy claims). 

[35] Cal. Const. art. I, § 28(b)(1) (recognizing crime victims’ right to fairness and respect for privacy and dignity). 

[36] Cal. Penal Code § 630 (West 2026) (declaring that advances in technology and eavesdropping devices threaten personal liberties and privacy). 

[37] Cal. Penal Code §§ 1546.1, 1546.2 (West 2026) (requiring legal process or specified exceptions for government access to electronic communications and device information and imposing particularity and handling requirements). 

[38] Cal. Civ. Code §§ 1798.100-.199.100 (West 2026) (creating consumer rights to notice, access, deletion, correction, opt out of sale or sharing, limit sensitive personal information, and non-discrimination). Cal. Off. of the Att’y Gen., California Consumer Privacy Act (CCPA) (describing consumer privacy rights under the statute). 

[39] Cal. Civ. Code § 1798.192 (West 2026) (making contractual waivers or limitations of CCPA rights, remedies, and enforcement contrary to public policy and void). 

[40] Cal. Priv. Prot. Agency, Updates to the CCPA Regulations (Sept. 22, 2025) (describing adoption and approval of regulations addressing risk assessments, cybersecurity audits, automated decisionmaking technology, and insurance regulations, effective January 1, 2026). 

[41] Cal. Priv. Prot. Agency, Delete Request and Opt-out Platform (DROP) (2026) (describing the single-request system for directing registered data brokers to delete and not sell personal information, with data-broker processing obligations beginning August 1, 2026). 

[42] Cal. Civ. Code § 3344(a), (d) (2026) (creating liability for unauthorized commercial use of name, voice, signature, photograph, or likeness while preserving news, public affairs, and related exceptions). 

[43] Cal. Civ. Code § 3344.1(a), (q) (2026) (protecting deceased personalities against specified unauthorized commercial uses, including digital replicas, subject to expressive-use exceptions). 

[44] Cal. Lab. Code § 927 (2026) (making certain digital-replica provisions unenforceable when they lack reasonably specific intended uses and the individual lacked counsel or union representation). 

[45] Cal. Civ. Code § 3344.1 (2026) (as amended by AB 1836 to address unauthorized commercial digital replicas of deceased performers while preserving specified expressive uses). 

[46] Daniel J. Solove, Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880, 1880-1903 (2013) (arguing that notice-and-choice regimes place impossible burdens on individuals and make consent do more legitimating work than it can bear). 

[47] Julie E. Cohen, What Privacy Is For, 126 Harv. L. Rev. 1904, 1904-33 (2013) (arguing that privacy protects dynamic subjectivity against systems that render persons fixed, transparent, predictable, and programmable). Julie E. Cohen, Configuring the Networked Self: Law, Code, and the Play of Everyday Practice 1-28 (Yale Univ. Press 2012) (developing a structural account of privacy and networked personhood). 

[48] Neil M. Richards, Why Privacy Matters 1-23 (Oxford Univ. Press 2021) (framing privacy as a question of power and as a condition for identity, freedom, trust, and human flourishing). 

[49] Danielle Keats Citron, The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age 1-18 (W.W. Norton 2022) (linking privacy invasions to dignity, identity, intimacy, equality, and civil rights). 

[50] Anita L. Allen, Unpopular Privacy: What Must We Hide? 3-24 (Oxford Univ. Press 2011) (defending privacy protections that may be justified even when individuals do not actively demand them). 

[51] McCrudden, supra note 10, at 679-724 (warning that dignity often diverges in application). Neomi Rao, On the Use and Abuse of Dignity in Constitutional Law, 14 Colum. J. Eur. L. 201, 204-11 (2008) (arguing that dignity can be indeterminate and can conflict with American liberty-based constitutional reasoning). 

[52] Cal. Penal Code §§ 1546.1-.2 (West 2026) (showing how electronic-information access can be permitted while subject to warrant, particularity, handling, and destruction requirements). 

[53] Cal. Civ. Code §§ 3344(d), 3344.1(q) (West 2026) (preserving exceptions for news, public affairs, commentary, criticism, scholarship, satire, parody, documentary, and related expressive uses).