Digital Commons Network^™

Personal Data Protection Law In Indonesia: Challenges And Opportunities, Moody Rizqy Syailendra, Gunardi Lie, Ahmad Sudiro

Indonesia Law Review

This research identifies challenges, obstacles and opportunities related to the issuance of Law No. 27 of 2022. Protection of personal data is crucial, especially in the use of information and communication technology in the current modern era. The contents of this article were analyzed using qualitative methods and secondary data in analyzing it. The research results show that: although the PDP Law was only implemented in 2022, regulations regarding PDP can actually be found in various pre-existing regulations, then there are principles and provisions that can be included in the PDP Law to better accommodate the need for protecting people's …

Conceptualizing An International Framework For Active Private Cyber Defence, Arindrajit Basu, Elonnai Hickok

Indian Journal of Law and Technology

Private sector cyber defence mechanisms are emerging despite existing legislation outlawing use of active defence by individuals and non-state entities. Thus, a key window exists for policy-makers in the possibility of establishing a framework for existing APCD practices that would enable optimal utilisation of private sector capabilities for securing cyber-space at an organizational and national level. This must happen in consonance with circumscribing their operations within the boundaries of the rule of law, both in terms of domestic legislation and international law. This paper seeks to unpack the complexities that underscore each of these challenges and identify avenues towards resolving …

Who Should Be Liable? Examining The Corporate Liability Regime For Cybersecurity Risks, Angel R. Gardner

Student Journal of Information Privacy Law

The growth of the Internet of Things (IoT) poses new and substantial security risks for individual and national security. The IoT leaves networks susceptible to hacking, a form of unauthorized access into another person’s system or device. All devices that use the IoT are at risk of unauthorized access—a few examples include vehicles or medical devices. Currently, there are no regulations requiring corporations to protect their software from unauthorized intrusions. However, the current tort landscape does not allow for individuals to recover when there are unauthorized network intrusions where there is no tangible harm. This paper discusses why cybersecurity intrusions …

Taking Matters Into Your Own Hands; Using The Private Rights Of Action In Udap Statutes To Hold Businesses Accountable For Data Breaches, Deirdre Sullivan

Student Journal of Information Privacy Law

The private rights of action in state unfair and deceptive acts and practices (UDAP) laws present a promising way for consumers to recover after a data breach. Plaintiffs’ attorneys have faced challenges in pleading data breach claims under negligence, unjust enrichment, and state data breach notification theories—significantly their challenges stem from issues with standing. UDAP statutes, modeled after s.5 of the FTC Act, present a plausible path to recovery for plaintiffs, with more success in regard to issues of standing. This paper will analyze UDAP claims in four different states and explore the success plaintiffs have had so far, and …

An Inadequate Band-Aid: Existing Privacy Law Has Uncertain Application To Web-Scraped Personal Information Used To Train Ai, Jody L. Eckman

Student Journal of Information Privacy Law

To legislate high-growth technology requires fine-tuned balance, but the current state of AI legislation swings in favor of AI providers given U.S. lawmakers near non-existent response. From healthcare to education, the financial industry to the legal field, AI has gained a grip stronger than any legal band-aid lawmakers might believe to be in place and protecting consumers. I argue that based on a survey of current U.S. legislation, AI providers are being given the chance to have their cake and eat it too at the expense of consumers’ rights. Such a perfectly permissible feast is why lawmakers must promptly and …

National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer

Fordham Law Review

This Essay contends that data infrastructure, when implemented on a national scale, can transform the way we conceptualize artificial intelligence (AI) governance. AI governance is often viewed as necessary for a wide range of strategic goals, including national security. It is widely understood that allowing AI and generative AI to remain self-regulated by the U.S. AI industry poses significant national security risks. Data infrastructure and AI oversight can assist in multiple goals, including: maintaining data privacy and data integrity; increasing cybersecurity; and guarding against information warfare threats. This Essay concludes that conceptualizing data infrastructure as a form of critical infrastructure …

On The Genealogy Of Intimate Digital Harm, Aziz Z. Huq

Michigan Law Review

A review of The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age. By Danielle Keats Citron.

The Lack Of Responsibility Of Higher Educaiton Institutions In Addressing Phishing Emails And Data Breaches, Muxuan (Muriel) Wang

Duke Law & Technology Review

Higher education institutions (HEIs) are highly susceptible to cyberattacks, particularly those facilitated through phishing, due to the substantial volume of confidential student and staff data and valuable research information they hold. Despite federal legislations focusing on bolstering cybersecurity for critical institutions handling medical and financial data, HEIs have not received similar attention. This Note examines the minimal obligations imposed on HEIs by existing federal and state statutes concerning data breaches, the absence of requirements for HEIs to educate employees and students about phishing attacks, and potential strategies to improve student protection against data breaches.

Speaking Back To Sexual Privacy Invasions, Brenda Dvoskin

Washington Law Review

Many big players in the internet ecosystem do not like hosting sexual expression. They often justify these bans as a protection of sexual privacy. For example, Meta states that it removes sexual imagery to prevent the nonconsensual distribution of sexual images. In response, this Article argues that banning digital sexual expression is counterproductive if the aim is to alleviate the harms inflicted by sexual privacy losses.

Contemporary sexual privacy theory, however, lacks analytical tools to explain why nudity bans harm the interests they intend to protect. This Article aims at building those tools. The main contribution is an invitation to …

Critical Data Theory, Margaret Hu

William & Mary Law Review

Critical Data Theory examines the role of AI and algorithmic decisionmaking at its intersection with the law. This theory aims to deconstruct the impact of AI in law and policy contexts. The tools of AI and automated systems allow for legal, scientific, socioeconomic, and political hierarchies of power that can profitably be interrogated with critical theory. While the broader umbrella of critical theory features prominently in the work of surveillance scholars, legal scholars can also deploy criticality analyses to examine surveillance and privacy law challenges, particularly in an examination of how AI and other emerging technologies have been expanded in …

Privacy Matters: Data Breach Litigation In Japan, Andrew M. Pardieck

Washington International Law Journal

In 1890, when Brandeis and Warren wrote The Right to Privacy, Japan did not have a word for privacy. Today, it is closely guarded in Japan: the European Data Protection Board has found privacy protections in Japan “equivalent” to those in the EU. This research explores the evolution of privacy law in Japan, focusing on data breach and the legal rights and obligations associated with it. The writing is broken up into two parts: This article discusses private enforcement of privacy norms, as it is the courts that first established and continue to define privacy rights in Japan. A separate …

Cyberflashing: Exposing Oklahoma’S Legal Loophole, Sara Wray

Oklahoma Law Review

No abstract provided.

China Data Flows And Power In The Era Of Chinese Big Tech, W. Gregory Voss, Emmanuel Pernot-Leplay

Northwestern Journal of International Law & Business

Personal data have great economic interest today and their possession and control are the object of geopolitics, leading to their regulation by means that vary dependent on the strategic objectives of the jurisdiction considered. This study fills a gap in the literature in this area by analyzing holistically the regulation of personal data flows both into and from China, the world’s second largest economy. In doing so, it focuses on laws and regulations of three major power blocs: the United States, the European Union, and China, seen within the framework of geopolitics, and considering the rise of Chinese big tech. …

Real-World Consequences For Online Actions: The Case For Expanding Employee Harassment Protection Via Employers’ Rights Of Action, Alexander Barnes

Seattle University Law Review

This Note argues for expanding employers’ access to legal remedies that allow them to recoup the costs of protecting their employees from swatting, doxing, and other online harassment arising from their employees’ professional activity. Part I provides a brief description and history of the online harassment problem and its potentially deadly dangers. Part II describes employers’ legal responsibility to take action to protect their employees from harassment aimed at their employees within the scope of their employment. Part III explores common legal remedies that are currently available to employers, using the state of Washington as an example. Part III also …

Regulating The Revolution: A Legal Roadmap To Optimizing Ai In Healthcare, Fazal Khan Md, Jd

Minnesota Journal of Law, Science & Technology

No abstract provided.

The Present And Future Of Ai Usage In The Banking And Financial Decision-Making Processes Within The Developing Indian Economy, Dr. Shouvik Kumar Guha, Bash Savage-Mansary, Dr. Navyajyoti Samanta

Indian Journal of Law and Technology

In course of this paper, the authors have soght to examine the extent to which technology based on artificial intelligence (AI) have made inroads into the banking and financial sectors of a developing economy like India. The paper begins with providing a contextual background to the adoption of such technology in the global financial arena. It then proceeds to identify and categorise the forms of AI currently being used in the Indian financial sector and also considers the different channels of operation where such technology is in vogue. The advantages of using such technology and the future goals for integrating …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Privacy Harm And Non-Compliance From A Legal Perspective, Suvineetha Herath, Haywood Gelman, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, …

Penyelenggaraan Pelindungan Data Pribadi Oleh Notaris Berdasarkan Undang-Undang Nomor 27 Tahun 2022 Tentang Pelindungan Data Pribadi, Intan Permata Mipon, Mohamad Fajri Mekka Putra

Jurnal Hukum & Pembangunan

The endorsement of the Personal Data Protection Law (“UU PDP”) is aimed to providing legal certainty regarding protection for Indonesian citizens against various types of digital crimes. Therefore, entities processing personal data must adhere to the rules and principles stipulated in the UU PDP. In line with this, a Notary in the execution of their services is not exempt from storing and processing their clients personal data to be included in Notarial deed. Hence, under the Notary Profession Law, a Notary has the obligation to maintain the confidentiality of their profession while carrying out their duties. This raises the question …

Accept All Cookies: Opting-In To A Comprehensive Federal Data Privacy Framework And Opting-Out Of A Disparate State Regulatory Regime, Lauren A. Di Lella

Villanova Law Review

No abstract provided.

Deep Dive Into Deepfakes—Safeguarding Our Digital Identity, Yi Yan

Brooklyn Journal of International Law

Deepfake technology is becoming increasingly sophisticated, and with it, the potential to pose a significant threat to the digital community, democratic institutions, and private individuals. With the creation of highly convincing but entirely fabricated audio, video, and images, there is a pressing need for the international community to address the vulnerabilities posed by deepfake technology in the current legal landscape through unambiguous legislation. This Note explores the ethical, legal, and social implications of deepfakes, including issues of privacy, identity theft, and political manipulation. It also reviews existing international legal frameworks, i.e., the Convention on Cybercrime (“Budapest Convention”) and proposes a …

Complying With New And Existing Biometric Data Privacy Laws, Ariel Latzer

The Journal of Business, Entrepreneurship & the Law

After providing an overview of the history behind biometric information, this article will discuss the Illinois Biometric Privacy Act (BIPA)—which laid the foundation for biometric privacy regulations in the United States—and then discuss the California Consumer Privacy Act (CCPA) and its amendments in the California Privacy Rights Act (CPRA). It will also briefly touch on biometric information regulations in other states and then delve into how some notable companies are currently using individuals’ biometric information to give readers a general idea of what is happening to their personal information and highlight areas businesses should take note of in order to …

The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro

Canadian Journal of Law and Technology

In 2018, NASA’s Jet Propulsion Laboratory was the subject of a data breach where over 500 megabytes of data from a major mission system was stolen by hackers. This attack affected NASA’s Deep Space Network, prompting the United States Johnson Space Center to disconnect the International Space Station from the affected gateway due to fears that mission systems could become compromised. NASA has acknowledged that its vast online presence, which includes thousands of publicly accessible datasets, offers a large potential target for cybercriminals. The 2018 incident was one of many, with NASA experiencing more than 6000 cyberattacks from 2017-2021 alone. …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Privacy Lost: How The Montana Supreme Court Undercuts The Right Of Privacy, Kevin Frazier

Seattle Journal of Technology, Environmental, & Innovation Law

In 1972, Montanans ratified a new constitution that included a “right of privacy.” The plain text of the provision fails to express the intent of the Framers who not only intended to afford Montanans a right, but also to impose a responsibility on the State to continuously and thoroughly examine State practices in light of evolving means of invading residents’ privacy. This intent has gone unrealized despite the fact that the intent of the Framers is clear, readily available, and the primary source state courts ought to use when interpreting the Constitution. This article delves into the transcripts of the …

Your Biometric Data Is Concrete, Your Injury Is Imminent And Particularized: Articulating A Bipa Claim To Survive Article Iii Standing After Transunion V. Ramirez, Kelsey L. Kenny

Maine Law Review

Biometric data is a digital translation of self which endures in its accuracy for one’s entire lifespan. As integral elements of modern life continue to transition their operations exclusively online, the verifiable “digital self” has become indispensable. The immutable and sensitive nature of biometric data makes it peculiarly vulnerable to misappropriation and abuse. Yet the most frightening is the unknown. For an individual who has had their digital extension-of-self covertly stolen or leaked, the dangers that lie in the technology of the future are innumerable. The Illinois legislature recognized the danger associated with the cavalier collection and handling of biometric …

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

Extended Privacy For Extended Reality: Xr Technology Has 99 Problems And Privacy Is Several Of Them, Suchismita Pahi, Calli Schroeder

Notre Dame Journal on Emerging Technologies

Americans are rapidly adopting innovative technologies which are pushing the frontiers of reality. But, when they look at how their privacy is protected within the new extended reality (XR), they will find that U.S. privacy laws fall short. The privacy risks inherent in XR are inadequately addressed by current U.S. data privacy laws or courtcreated frameworks that purport to protect the constitutional right to be free from unreasonable searches. Many scholars, including Ryan Calo, Danielle Citron, Sherry Colb, Margaret Hu, Orin Kerr, Kirsten Martin, Paul Ohm, Daniel Solove, Rebecca Wexler, Shoshana Zuboff, and others, have highlighted the gaps in U.S. …

Regulating Uncertain States: A Risk-Based Policy Agenda For Quantum Technologies, Tina Dekker, Florian Martin-Bariteau

Canadian Journal of Law and Technology

Many countries are taking a national approach to developing quantum strategies with a strong focus on innovation. However, societal, ethical, legal, and policy considerations should not be an afterthought that is pushed aside by the drive for innovation. A responsible, global approach to quantum technologies that considers the legal, ethical, and societal dimensions of quantum technologies is necessary to avoid exacerbating existing global inequalities. Quantum technologies are expected to disrupt other transformative technologies whose legal landscape is still under development (e.g., artificial intelligence [‘‘AI”], blockchain, etc.). The shortcomings of global policies regarding AI and the digital context teach lessons that …

Adopting Social Media In Family And Adoption Law, Stacey B. Steinberg, Meredith Burgess, Karla Herrera

Utah Law Review

Social media has dramatically changed the landscape facing families brought together through adoption. Just as adoptive families thirty years ago could not have predicted the impact of DNA technology on postadoption family life, adoptive families are only now beginning to grasp the impact of social media connectivity on the lives of their growing children. This change is related both to social media’s impact on family life and to fundamental shifts in our understanding of privacy more generally. Understanding the legal rights of parents and children in these circumstances is a novel and underexplored area of family law, constitutional law, and …