Law Commons^™

Privacy Purgatory: Why The United States Needs A Comprehensive Federal Data Privacy Law, Emily Stackhouse Taetzsch

Journal of Legislation

No abstract provided.

The Limitations Of Privacy Rights, Daniel J. Solove

Notre Dame Law Review

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure (deletion), right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.

In this Article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than …

Uncertain Terms, Leah R. Fowler, Jim Hawkins, Jessica L. Roberts

Notre Dame Law Review

Health apps collect massive amounts of sensitive consumer data, including information about users’ reproductive lives, mental health, and genetics. As a result, consumers in this industry may shop for privacy terms when they select a product. Yet our research reveals that many digital health tech companies reserve the right to unilaterally amend their terms of service and their privacy policies. This ability to make one-sided changes undermines the market for privacy, leaving users vulnerable. Unfortunately, the current law generally tolerates unilateral amendments, despite fairness and efficiency concerns. We therefore propose legislative, regulatory, and judicial solutions to better protect consumers of …

The Impact Of Schrems Ii: Next Steps For U.S. Data Privacy Law, Andraya Flor

Notre Dame Law Review

Schrems II invalidated Privacy Shield because the court found that it did not provide an “essentially equivalent” level of protection compared to the guarantees of the GDPR. The National Security Agency (NSA) operated surveillance programs that had the potential to infringe on the rights of EU subjects, and there was a lack of oversight and effective judicial remedies to protect rights of EU data subjects, which undermined Privacy Shield as a mechanism for data transfers. This Note sets aside the surveillance and national security issue, which would require resolution through a shift in overall U.S. national security law, and instead …

Going Rogue: Mobile Research Applications And The Right To Privacy, Stacey A. Tovino

Notre Dame Law Review

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, …

De Facto State: Social Media Networks And The First Amendment, Paul Domer

Notre Dame Law Review

In Marsh v. Alabama, a Jehovah’s Witness was arrested and convicted of trespassing for proselytizing on a public sidewalk that nonetheless was, like everything else in the “company town,” privately owned. The Court reversed, holding that the First and Fourteenth Amendments applied against a private actor if it exercised all the powers and responsibilities traditionally associated with a government—policing, utilities, and traffic control, for example. Writing for the majority, Justice Black declared, “The more an owner, for his advantage, opens up his property for use by the public in general, the more do his rights become circumscribed by the …

Why Section 230 Is Better Than The First Amendment, Eric Goldman

Notre Dame Law Review Reflection

47 U.S.C. § 230 (“Section 230”) immunizes Internet services from liability for third-party content. This immunity acts as a crucial legal foundation for the modern Internet. However, growing skepticism about the Internet has placed the immunity in regulators’ sights.

If the First Amendment mirrors Section 230’s speech protections, narrowing Section 230 would be inconsequential. This Essay explains why that is not the case. Section 230 provides defendants with more substantive and procedural benefits than the First Amendment does. Because the First Amendment does not backfill these benefits, reductions to Section 230’s scope pose serious risks to Internet speech.

A Repeated Call For Omnibus Federal Cybersecurity Law, Carol Li

Notre Dame Law Review

In Part I, this Note discusses the concerning regularity of high-profile data breaches that have occurred within the United States’ weak and patchwork landscape of cybersecurity law. Part II discusses the challenges companies face when attempting to comply with the current cybersecurity law, and why companies who are deemed compliant are still falling victim to hackers and data breaches. Part III makes a call for federal legislation to replace the current, inadequate, fragmented, and uneven landscape of cybersecurity law. Part IV discusses numerous factors and incentives to consider in creating an omnibus federal cybersecurity law. Finally, Part V offers some …

Marketplace Of Ideas, Privacy, And The Digital Audience, Alexander Tsesis

Notre Dame Law Review

The availability of almost limitless sets of digital information has opened a vast marketplace of ideas. Information service providers like Facebook and Twitter provide users with an array of personal information about products, friends, acquaintances, and strangers. While this data enriches the lives of those who share content on the internet, it comes at the expense of privacy.

Social media companies disseminate news, advertisements, and political messages, while also capitalizing on consumers’ private shopping, surfing, and traveling habits. Companies like Cambridge Analytica, Amazon, and Apple rely on algorithmic programs to mash up and scrape enormous amounts of online and otherwise …

No Internet Does Not Mean No Protection Under The Cfaa: Why Voting Machines Should Be Covered Under 18 U.S.C. § 1030, Jack Dahm

Notre Dame Law Review

The U.S. Attorney General established a Cyber-Digital Task Force within the Department of Justice (DOJ) in February 2018. This newly created task force released its first public report on July 19, 2018. Then–Attorney General Jeff Sessions announced the release of the report, while promising that “[a]t the Department of Justice, we take these threats seriously.” The report was designed to answer the following question: “How is the Department [of Justice] responding to cyber threats?” The report begins by discussing the threat of foreign influence operations, described by the Task Force as “one of the most pressing cyber-enabled threats our Nation …

Warning! Tiered Internet Ahead: Expect Delays, Courtney Loyack

Notre Dame Law Review Reflection

As the topic of net neutrality becomes increasingly polarized, the question becomes: Who should decide how consumers use the internet? Are usage determinations best left unregulated and to the discretion of massive corporations, or should usage be determined by regulations that aim to ensure an open and freely accessible internet? The answer to this question has far-reaching and deeply meaningful implications for the lives of every American.

The ways in which consumers communicate, access information, and participate in social media are all subject to change as the future of net neutrality regulation becomes uncertain. Part I of this Essay will …

Protecting Users Of Social Media, Margaret Ryznar

Notre Dame Law Review Reflection

Social media platforms started as a fun way to connect with friends and family. Since then, they have become a science fiction nightmare due to their capacity to gather and misuse the data on their users.

It is not irrational for social media providers to seek to capitalize on their data when they provide the platforms for free. Indeed, their business model is to sell data to third parties for marketing and other purposes. Yet, users should be able to expect that their data is not used to hurt them or is not sent to disreputable companies. Indeed, fewer people …

A Statistical Analysis Of Privacy Policy Design, Ari E. Waldman

Notre Dame Law Review Reflection

This Essay takes a further step in a developing research agenda on the design of privacy policies. As described in more detail in Part II, I created an online survey in which respondents were asked to choose one of two websites that would better protect their privacy given images of segments of their privacy policies. Some of the questions paired notices with, on the one hand, privacy protective practices displayed in difficult-to-read designs, and, on the other hand, invasive data use practices displayed in graphical, aesthetically pleasing ways. Many survey respondents seemed to make their privacy decisions based on design …

Extremist Speech, Compelled Conformity, And Censorship Creep, Danielle Keats Citron

Notre Dame Law Review

Silicon Valley has long been viewed as a full-throated champion of First Amendment values. The dominant online platforms, however, have recently adopted speech policies and processes that depart from the U.S. model. In an agreement with the European Commission, the dominant tech companies have pledged to respond to reports of hate speech within twenty-four hours, a hasty process that may trade valuable expression for speedy results. Plans have been announced for an industry database that will allow the same companies to share hashed images of banned extremist content for review and removal elsewhere. These changes are less the result of …

Solving The Information Security & Privacy Crisis By Expanding The Scope Of Top Management Personal Liability, Charles Cresson Wood

Journal of Legislation

While information security and privacy losses are now spiraling out of control, and have been demonstrably shown to threaten national sovereignty, military superiority, industrial infrastructure order, national economic competitiveness, the solvency of major businesses, faith and trust in the Internet as a platform for modern commerce, as well as political stability, the U.S. Congress has nonetheless to date refused to seriously address the root cause of these threats. The root cause is a legally reinforced incentive system that encourages, and further entrenches, top management decisions that provide inadequate resources for, and inadequate top management attention to, information security and privacy …

#Academicfreedom: Twitter And First Amendment Rights For Professors, Michael H. Leroy

Notre Dame Law Review Reflection

This Essay asks: is every tweet from a professor protected as a form of academic freedom by the First Amendment? Professor Salaita’s watershed case poses sharply conflicting positions on academic freedom for faculty members. In support of Professor Salaita, a faculty committee at the University of Illinois asserts: “Regardless of the tweets’ tone and content, they are political speech—part of the robust free play of ideas in the political realm that the [University] Statutes insulate from institutional sanction, even in the case of ideas we may detest.”

To answer my research question, I explore how courts rule on First Amendment …

Protecting Freedom Of Expression Over The Internet: An International Approach, Alan Sears

Notre Dame Journal of International & Comparative Law

Writing primarily in 2013, Alan Sears examines different aspects of the international legal framework as to how freedom of expression over the Internet may be protected. Even though the Internet has largely incorporated the concept of freedom of expression from its inception, the need for such protection has become increasingly evident. States around the world have progressively cracked down on Internet speech, a trend highlighted by recent events occurring during the Arab Spring. Alan thus focuses on the Middle East when exploring how Internet governance may be shaped, and human rights and trade agreements may be utilized, in order to …

Online Terms Of Service: A Shield For First Amendment Scrutiny Of Government Action, Jacquelyn E. Fradette

Notre Dame Law Review

Part I of this Note will canvas popular opinions and perceptions about First Amendment rights on the Internet using examples of public outcry over recent instances of speech limitation. It will also discuss the state action doctrine generally and how the presence of this doctrine most likely renders certain popular public constitutional intuitions about the First Amendment erroneous.

Part II will provide an overview of how courts have taken an expansive and protective view of private ordering between online parties. It will discuss how courts have developed a robust freedom to contract jurisprudence in the Internet context. Because courts essentially …

Pornography As Pollution, John C. Nagle

Journal Articles

Pornography is often compared to pollution. But little effort has been made to consider what it means to describe pornography as a pollution problem, even as many legal scholars have concluded that the law has failed to control internet pornography. Opponents of pornography maintain passionate convictions about how sexually-explicit materials harm both those who are exposed to them and the broader cultural environment. Viewers of pornography may generally hold less fervent beliefs, but champions of free speech and of a free internet object to anti-pornography regulations with strong convictions of their own. The challenge is how to address the widespread …

Federalization In Information Privacy Law, Patricia L. Bellia

Journal Articles

In Preemption and Privacy, Professor Paul Schwartz argues that it would be unwise for Congress to adopt a unitary federal information privacy statute that both eliminates the sector-specific distinctions in federal information privacy law and blocks the development of stronger state regulation. That conclusion, though narrow, rests on descriptive and normative claims with broad implications for the state-federal balance in information privacy law. Descriptively, Professor Schwartz sees the current information privacy law landscape as the product of successful experimentation at the state level. That account, in turn, fuels his normative claims, and in particular his sympathy with theories of competitive …

Fourth Amendment Protection For Stored E-Mail, Patricia L. Bellia, Susan Freiwald

Journal Articles

The question of whether and how the Fourth Amendment regulates government access to stored e-mail remains open and pressing. A panel of the Sixth Circuit recently held in Warshak v. United States, 490 F.3d 455 (6th Cir. 2007), that users generally retain a reasonable expectation of privacy in the e-mails they store with their Internet Service Providers (ISPs), which implies that government agents must generally acquire a warrant before they may compel ISPs to disclose their users' stored e-mails. The Sixth Circuit, however, is reconsidering the case en banc. This Article examines the nature of stored e-mail surveillance and argues …

The Memory Gap In Surveillance Law, Patricia L. Bellia

Journal Articles

U.S. information privacy laws contain a memory gap: they regulate the collection and disclosure of certain kinds of information, but they say little about its retention. This memory gap has ever-increasing significance for the structure of government surveillance law. Under current doctrine, the Fourth Amendment generally requires government agents to meet high standards before directly and prospectively gathering a target's communications. The law takes a dramatically different approach to indirect, surveillance-like activities, such as the compelled production of communications from a third party, even when those activities yield the same information as, or more information than, direct surveillance activities. Because …

The Fourth Amendment Status Of Stored E-Mail: The Law Professors' Brief In Warshak V. United States, Susan Freiwald, Patricia L. Bellia

Journal Articles

This paper contains the law professors' brief in the landmark case of Warshak v. United States, the first federal appellate case to recognize a reasonable expectation of privacy in electronic mail stored with an Internet Service Provider (ISP). While the 6th circuit's opinion was subsequently vacated and reheard en banc, the panel decision will remain extremely significant for its requirement that law enforcement agents must generally acquire a warrant before compelling an ISP to disclose its subscriber's stored e-mails. The law professors' brief, co-authored by Susan Freiwald (University of San Francisco) and Patricia L. Bellia (Notre Dame) and signed by …

Spyware And The Limits Of Surveillance Law, Patricia L. Bellia

Journal Articles

For policymakers, litigants, and commentators seeking to address the threats digital technology poses for privacy, electronic surveillance law remains a weapon of choice. The debate over how best to respond to the spyware problem provides only the most recent illustration of that fact. Although there is much controversy over how to define spyware, that label encompasses at least some software that monitors a computer user's electronic communications. Federal surveillance statutes thus present an intuitive fit for responding to the regulatory challenges of spyware, because those statutes bar the unauthorized acquisition of electronic communications and related data in some circumstances. Indeed, …

Defending Cyberproperty, Patricia L. Bellia

Journal Articles

This Article explores how the law should treat legal claims by owners of Internet-connected computer systems to enjoin unwanted uses of their systems. Over the last few years, this question has become increasingly urgent and controversial, as system owners have sought protection from unsolicited commercial e-mail and from robots that extract data from Web servers for competitive purposes. In the late 1990s and early 2000s, courts utilizing a wide range of legal doctrines upheld claims by network resource owners to prevent unwanted access to their computer networks. The vast weight of legal scholarship has voiced strong opposition to these cyberproperty …

Surveillance Law Through Cyberlaw's Lens, Patricia L. Bellia

Journal Articles

The continuing controversy over the surveillance-related provisions of the USA Patriot Act highlights the depth of Americans' concern about internet privacy. Although calls to limit the government's surveillance powers strike a chord with the public, the legal framework governing surveillance activities is highly technical and poorly understood. The Patriot Act's sunset date provides Congress with an opportunity to revisit that framework.

This Article seeks to contribute to the debate over the appropriate scope of internet surveillance in two ways. First, the Article explores the intricacies of the constitutional and statutory frameworks governing electronic surveillance, and particularly surveillance to acquire electronic …

Chasing Bits Across Borders, Patricia L. Bellia

Journal Articles

As computer crime becomes more widespread, countries increasingly confront difficulties in securing evidence stored in electronic form outside of their borders. These difficulties have prompted two related responses. Some states have asserted a broad power to conduct remote cross-border searches - that is, to use computers within their territory to access and examine data physically stored outside of their territory. Other states have pressed for recognition of a remote cross-border search power in international fora, arguing that such a power is an essential weapon in efforts to combat computer crime. This Article explores these state responses and develops a framework …