Law Commons^™

The Limitations Of Privacy Rights, Daniel J. Solove

Notre Dame Law Review

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure (deletion), right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.

In this Article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than …

Uncertain Terms, Leah R. Fowler, Jim Hawkins, Jessica L. Roberts

Notre Dame Law Review

Health apps collect massive amounts of sensitive consumer data, including information about users’ reproductive lives, mental health, and genetics. As a result, consumers in this industry may shop for privacy terms when they select a product. Yet our research reveals that many digital health tech companies reserve the right to unilaterally amend their terms of service and their privacy policies. This ability to make one-sided changes undermines the market for privacy, leaving users vulnerable. Unfortunately, the current law generally tolerates unilateral amendments, despite fairness and efficiency concerns. We therefore propose legislative, regulatory, and judicial solutions to better protect consumers of …

The Impact Of Schrems Ii: Next Steps For U.S. Data Privacy Law, Andraya Flor

Notre Dame Law Review

Schrems II invalidated Privacy Shield because the court found that it did not provide an “essentially equivalent” level of protection compared to the guarantees of the GDPR. The National Security Agency (NSA) operated surveillance programs that had the potential to infringe on the rights of EU subjects, and there was a lack of oversight and effective judicial remedies to protect rights of EU data subjects, which undermined Privacy Shield as a mechanism for data transfers. This Note sets aside the surveillance and national security issue, which would require resolution through a shift in overall U.S. national security law, and instead …

Going Rogue: Mobile Research Applications And The Right To Privacy, Stacey A. Tovino

Notre Dame Law Review

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, …

De Facto State: Social Media Networks And The First Amendment, Paul Domer

Notre Dame Law Review

In Marsh v. Alabama, a Jehovah’s Witness was arrested and convicted of trespassing for proselytizing on a public sidewalk that nonetheless was, like everything else in the “company town,” privately owned. The Court reversed, holding that the First and Fourteenth Amendments applied against a private actor if it exercised all the powers and responsibilities traditionally associated with a government—policing, utilities, and traffic control, for example. Writing for the majority, Justice Black declared, “The more an owner, for his advantage, opens up his property for use by the public in general, the more do his rights become circumscribed by the …

A Repeated Call For Omnibus Federal Cybersecurity Law, Carol Li

Notre Dame Law Review

In Part I, this Note discusses the concerning regularity of high-profile data breaches that have occurred within the United States’ weak and patchwork landscape of cybersecurity law. Part II discusses the challenges companies face when attempting to comply with the current cybersecurity law, and why companies who are deemed compliant are still falling victim to hackers and data breaches. Part III makes a call for federal legislation to replace the current, inadequate, fragmented, and uneven landscape of cybersecurity law. Part IV discusses numerous factors and incentives to consider in creating an omnibus federal cybersecurity law. Finally, Part V offers some …

No Internet Does Not Mean No Protection Under The Cfaa: Why Voting Machines Should Be Covered Under 18 U.S.C. § 1030, Jack Dahm

Notre Dame Law Review

The U.S. Attorney General established a Cyber-Digital Task Force within the Department of Justice (DOJ) in February 2018. This newly created task force released its first public report on July 19, 2018. Then–Attorney General Jeff Sessions announced the release of the report, while promising that “[a]t the Department of Justice, we take these threats seriously.” The report was designed to answer the following question: “How is the Department [of Justice] responding to cyber threats?” The report begins by discussing the threat of foreign influence operations, described by the Task Force as “one of the most pressing cyber-enabled threats our Nation …

Marketplace Of Ideas, Privacy, And The Digital Audience, Alexander Tsesis

Notre Dame Law Review

The availability of almost limitless sets of digital information has opened a vast marketplace of ideas. Information service providers like Facebook and Twitter provide users with an array of personal information about products, friends, acquaintances, and strangers. While this data enriches the lives of those who share content on the internet, it comes at the expense of privacy.

Social media companies disseminate news, advertisements, and political messages, while also capitalizing on consumers’ private shopping, surfing, and traveling habits. Companies like Cambridge Analytica, Amazon, and Apple rely on algorithmic programs to mash up and scrape enormous amounts of online and otherwise …

Extremist Speech, Compelled Conformity, And Censorship Creep, Danielle Keats Citron

Notre Dame Law Review

Silicon Valley has long been viewed as a full-throated champion of First Amendment values. The dominant online platforms, however, have recently adopted speech policies and processes that depart from the U.S. model. In an agreement with the European Commission, the dominant tech companies have pledged to respond to reports of hate speech within twenty-four hours, a hasty process that may trade valuable expression for speedy results. Plans have been announced for an industry database that will allow the same companies to share hashed images of banned extremist content for review and removal elsewhere. These changes are less the result of …

Online Terms Of Service: A Shield For First Amendment Scrutiny Of Government Action, Jacquelyn E. Fradette

Notre Dame Law Review

Part I of this Note will canvas popular opinions and perceptions about First Amendment rights on the Internet using examples of public outcry over recent instances of speech limitation. It will also discuss the state action doctrine generally and how the presence of this doctrine most likely renders certain popular public constitutional intuitions about the First Amendment erroneous.

Part II will provide an overview of how courts have taken an expansive and protective view of private ordering between online parties. It will discuss how courts have developed a robust freedom to contract jurisprudence in the Internet context. Because courts essentially …