Law Commons^™

Privacy Purgatory: Why The United States Needs A Comprehensive Federal Data Privacy Law, Emily Stackhouse Taetzsch

Journal of Legislation

No abstract provided.

A Sleeping Giant: Mhelath Applications, The Gdpr, And The Need For Federal Privacy Regulation In The United States, Kali Peeples

Notre Dame Journal on Emerging Technologies

An analysis of privacy regulation concerning mHealth apps is a multifaceted process that requires the examination of changes within not only the healthcare space but also the technological world, as well as the legislative history and intent of various nations.The main issue being addressed in this paper is whether the United States should create nationwide legislation that directly relates to mHealth data protection or continue with a self-regulatory method. Part I focuses on the development and rapid creation of mHealth apps within the past decade. Part II seeks to illustrate the distinct privacy concerns of mHealth apps by concentrating on …

Extended Privacy For Extended Reality: Xr Technology Has 99 Problems And Privacy Is Several Of Them, Suchismita Pahi, Calli Schroeder

Notre Dame Journal on Emerging Technologies

Americans are rapidly adopting innovative technologies which are pushing the frontiers of reality. But, when they look at how their privacy is protected within the new extended reality (XR), they will find that U.S. privacy laws fall short. The privacy risks inherent in XR are inadequately addressed by current U.S. data privacy laws or courtcreated frameworks that purport to protect the constitutional right to be free from unreasonable searches. Many scholars, including Ryan Calo, Danielle Citron, Sherry Colb, Margaret Hu, Orin Kerr, Kirsten Martin, Paul Ohm, Daniel Solove, Rebecca Wexler, Shoshana Zuboff, and others, have highlighted the gaps in U.S. …

The Limitations Of Privacy Rights, Daniel J. Solove

Notre Dame Law Review

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure (deletion), right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.

In this Article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than …

Privacy Qui Tam, Peter Ormerod

Notre Dame Law Review

Privacy law keeps getting stronger, but surveillance-based businesses have proven immune to these new legal regimes. The disconnect between privacy law in theory and in practice is a multifaceted problem, and one critical component is enforcement.

Today, most privacy laws are enforced by governmental regulators—the Federal Trade Commission, the nascent California Privacy Protection Agency, and state attorneys general. An enduring impasse for proposed privacy laws is whether to supplement public enforcement by using a private right of action to authorize individuals to enforce the law.

Both of these conventional enforcement schemes have significant shortcomings. Public enforcement has proven inadequate because …

Uncertain Terms, Leah R. Fowler, Jim Hawkins, Jessica L. Roberts

Notre Dame Law Review

Health apps collect massive amounts of sensitive consumer data, including information about users’ reproductive lives, mental health, and genetics. As a result, consumers in this industry may shop for privacy terms when they select a product. Yet our research reveals that many digital health tech companies reserve the right to unilaterally amend their terms of service and their privacy policies. This ability to make one-sided changes undermines the market for privacy, leaving users vulnerable. Unfortunately, the current law generally tolerates unilateral amendments, despite fairness and efficiency concerns. We therefore propose legislative, regulatory, and judicial solutions to better protect consumers of …

Note: The "Border" Of Constitutional Electronic Privacy Rights: Electronic Searches And Seizures At The United States' Territorial Limits, Ryan Garippo

Notre Dame Journal on Emerging Technologies

In the recent challenge brought before the First Circuit, the court was not required to directly answer what level of particularized suspicion is required for a forensic search. Although, its holding is consistent with the jurisprudence set forth by both the Fourth and Eleventh Circuits. Furthermore, it is important to note that there have been legal challenges brought on this issue in the Fifth, Seventh, and Tenth Circuits. However, in each of these cases, the court chose not to decide the constitutional question because it was not outcome determinative for the litigants in question. This disagreement between the federal circuit …

Note: Facial Recognition Technology And The Constitution, Mark Simonitis

Notre Dame Journal on Emerging Technologies

Over the past several years, we have seen an increase in the adoption and use of facial recognition technology (FRT). Both private corporations and government organizations have increasingly used this technology over the past several years, and law enforcement agencies have been just as eager to utilize FRT in their operations. The potential uses for this technology in a law enforcement capacity are numerous. For example, FRT could be used to identify criminals whose faces were caught on surveillance footage, or it could be used to help identify citizens during border crossings. However, it is easy to imagine how an …

Outsourcing Privacy, Ari Ezra Waldman

Notre Dame Law Review Reflection

An underappreciated part of the narrative of privacy managerialism—and the focus of this Essay—is the information industry’s increasing tendency to outsource privacy compliance responsibilities to technology vendors. In the last three years alone, the International Association of Privacy Professionals (IAPP) has identified more than 250 companies in the privacy technology vendor market. These companies market their products as tools to help companies comply with new privacy laws like the General Data Protection Regulation (GDPR), with consent orders from the Federal Trade Commission (FTC), and with other privacy rules from around the world. They do so by building compliance templates, pre-completed …

The Impact Of Schrems Ii: Next Steps For U.S. Data Privacy Law, Andraya Flor

Notre Dame Law Review

Schrems II invalidated Privacy Shield because the court found that it did not provide an “essentially equivalent” level of protection compared to the guarantees of the GDPR. The National Security Agency (NSA) operated surveillance programs that had the potential to infringe on the rights of EU subjects, and there was a lack of oversight and effective judicial remedies to protect rights of EU data subjects, which undermined Privacy Shield as a mechanism for data transfers. This Note sets aside the surveillance and national security issue, which would require resolution through a shift in overall U.S. national security law, and instead …

Note: Scraping Photographs, Maggie King

Notre Dame Journal on Emerging Technologies

This note explores whether any existing laws prohibit scraping photographs, as suggested by Facebook and other big tech companies’ recent actions against Clearview. After examining each potential claim, this note argues that no existing law should be construed to hold Clearview liable for scraping photographs, because doing so would create inconsistencies in existing law. But also, the apparent legality of Clearview’s scraping activity presents an argument for a reversal of the recent trend towards laws that, guided by the principle of a free and open internet, favor scraping. Rather, the apparent legality of activity that ultimately enables otherwise unrestrained modern …

Cyber-Security, Privacy, And The Covid-19 Attenuation?, Vincent J. Samar

Journal of Legislation

Large-scale data brokers collect massive amounts of highly personal consumer information to be sold to whoever will pay their price, even at the expense of sacrificing individual privacy and autonomy in the process. In this Article, I will show how a proper understanding and justification for a right to privacy, in context to both protecting private acts and safeguarding information and states of affairs for the performance of such acts, provides a necessary background framework for imposing legal restrictions on such collections. This problem, which has already gained some attention in literature, now becomes even more worrisome, as government itself …

Fisa Section 702: Does Querying Incidentally Collected Information Constitute A Search Under The Fourth Amendment?, Rachel G. Miller

Notre Dame Law Review Reflection

An inherent source of conflict in the United States exists between protecting national security and safeguarding individual civil liberties. Throughout history, Americans have consistently been skeptical and fearful of the government abusing its power by spying on Americans. In an effort to curtail government abuses through surveillance, President Carter and Congress enacted the Foreign Intelligence Surveillance Act of 1978 (FISA). The purpose of FISA was to establish a “statutory procedure authorizing the use of electronic surveillance in the United States for foreign intelligence purposes.” FISA provides the government with the authority to engage in electronic surveillance, targeted at foreign powers …

Going Rogue: Mobile Research Applications And The Right To Privacy, Stacey A. Tovino

Notre Dame Law Review

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, …

A New Third-Party Doctrine: The Telephone Metadata Program And Carpenter V. United States, Mary-Kathryn Takeuchi

Notre Dame Law Review

This Note will answer the question of whether bulk metadata collection is still defensible under the third-party doctrine. It ultimately concludes that Chief Justice Roberts incorrectly asserted that Carpenter v. United States will not impact the application of the third-party doctrine to collection techniques involving national security, and that the warrantless collection of bulk metadata under the Foreign Intelligence Surveillance Act is no longer defensible by the third-party doctrine. In Section I.A, this Note discusses traditional Fourth Amendment jurisprudence in Katz v. United States and the establishment of the third-party doctrine as a bright-line rule in United States v. Miller …

A Repeated Call For Omnibus Federal Cybersecurity Law, Carol Li

Notre Dame Law Review

In Part I, this Note discusses the concerning regularity of high-profile data breaches that have occurred within the United States’ weak and patchwork landscape of cybersecurity law. Part II discusses the challenges companies face when attempting to comply with the current cybersecurity law, and why companies who are deemed compliant are still falling victim to hackers and data breaches. Part III makes a call for federal legislation to replace the current, inadequate, fragmented, and uneven landscape of cybersecurity law. Part IV discusses numerous factors and incentives to consider in creating an omnibus federal cybersecurity law. Finally, Part V offers some …

Marketplace Of Ideas, Privacy, And The Digital Audience, Alexander Tsesis

Notre Dame Law Review

The availability of almost limitless sets of digital information has opened a vast marketplace of ideas. Information service providers like Facebook and Twitter provide users with an array of personal information about products, friends, acquaintances, and strangers. While this data enriches the lives of those who share content on the internet, it comes at the expense of privacy.

Social media companies disseminate news, advertisements, and political messages, while also capitalizing on consumers’ private shopping, surfing, and traveling habits. Companies like Cambridge Analytica, Amazon, and Apple rely on algorithmic programs to mash up and scrape enormous amounts of online and otherwise …

Protecting Users Of Social Media, Margaret Ryznar

Notre Dame Law Review Reflection

Social media platforms started as a fun way to connect with friends and family. Since then, they have become a science fiction nightmare due to their capacity to gather and misuse the data on their users.

It is not irrational for social media providers to seek to capitalize on their data when they provide the platforms for free. Indeed, their business model is to sell data to third parties for marketing and other purposes. Yet, users should be able to expect that their data is not used to hurt them or is not sent to disreputable companies. Indeed, fewer people …

The Promises And Perils Of Using Big Data To Regulate Nonprofits, Lloyd Histoshi Mayer

Journal Articles

For the optimist, government use of “Big Data” involves the careful collection of information from numerous sources. The government then engages in expert analysis of those data to reveal previously undiscovered patterns. Discovering patterns revolutionizes the regulation of criminal behavior, education, health care, and many other areas. For the pessimist, government use of Big Data involves the haphazard seizure of information to generate massive databases. Those databases render privacy an illusion and result in arbitrary and discriminatory computer-generated decisions. The reality is, of course, more complicated. On one hand, government use of Big Data may lead to greater efficiency, effectiveness, …

A Statistical Analysis Of Privacy Policy Design, Ari E. Waldman

Notre Dame Law Review Reflection

This Essay takes a further step in a developing research agenda on the design of privacy policies. As described in more detail in Part II, I created an online survey in which respondents were asked to choose one of two websites that would better protect their privacy given images of segments of their privacy policies. Some of the questions paired notices with, on the one hand, privacy protective practices displayed in difficult-to-read designs, and, on the other hand, invasive data use practices displayed in graphical, aesthetically pleasing ways. Many survey respondents seemed to make their privacy decisions based on design …

Research Handbook On Fiduciary Law, Julian Velasco, Paul B. Miller

Books

Book Chapters

Julian Velasco, Delimiting Fiduciary Status, in Research Handbook on Fiduciary Law 76 (D. Gordon Smith & Andrew Gold eds., 2018).

Paul B. Miller, Dimensions of Fiduciary Loyalty, in Research Handbook on Fiduciary Law 180 (D. Gordon Smith & Andrew Gold eds., 2018).

A familiar problem to scholars of fiduciary law is that of definition. Fiduciary law has been called “messy,” “elusive,” and “unusually vexing.” In part, this is because fiduciary law principles appear in many areas of law, but are applied differently in each. This has made the development of a unified theory difficult. Some scholars have doubted …

Baking Common Sense Into The Ferpa Cake: How To Meaningfully Protect Student Rights And The Public Interest, Zach Greenberg, Adam Goldstein

Journal of Legislation

No abstract provided.

The Privacy Policymaking Of State Attorneys General, Danielle Keats Citron

Notre Dame Law Review

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices of state attorneys general have been laboratories of privacy enforcement. State attorneys general have been nimble privacy enforcers whereas federal agencies have been more constrained by politics. Local knowledge, specialization, multistate coordination, and broad legal authority have allowed AG offices to fill in gaps in the law. State attorneys general have established baseline fair-information protections and expanded the frontiers of privacy law to cover sexual intimacy and youth. Their efforts have reinforced and strengthened federal norms, further harmonizing certain aspects of privacy and data security policy.

Although …

Solving The Information Security & Privacy Crisis By Expanding The Scope Of Top Management Personal Liability, Charles Cresson Wood

Journal of Legislation

While information security and privacy losses are now spiraling out of control, and have been demonstrably shown to threaten national sovereignty, military superiority, industrial infrastructure order, national economic competitiveness, the solvency of major businesses, faith and trust in the Internet as a platform for modern commerce, as well as political stability, the U.S. Congress has nonetheless to date refused to seriously address the root cause of these threats. The root cause is a legally reinforced incentive system that encourages, and further entrenches, top management decisions that provide inadequate resources for, and inadequate top management attention to, information security and privacy …

Police Body-Worn Camera Policy: Balancing The Tension Between Privacy And Public Access In State Law, Kyle J. Maury

Notre Dame Law Review

Body camera implementation remains in its infancy stage. As such,

there is a dearth of legal scholarship analyzing the policy considerations associated

with body cameras. Instead of raising the issues involved and assessing

arguments for and against implementation, this Note assumes body cameras

are a force for good and are here to stay for the long haul. Consequently, the

goal of this Note is to analyze various issues involved in administering body

cameras against a backdrop of recently enacted state legislation—focusing

specifically on the tension between protecting privacy interests while also

ensuring public access to recordings. This Note examines these …

Unilateral Invasions Of Privacy, Roger Allan Ford

Notre Dame Law Review

Most people seem to agree that individuals have too little privacy, and most proposals to address that problem focus on ways to give those users more information about, and more control over, how information about them is used. Yet in nearly all cases, information subjects are not the parties who make decisions about how information is collected, used, and disseminated; instead, outsiders make unilateral decisions to collect, use, and disseminate information about others. These potential privacy invaders, acting without input from information subjects, are the parties to whom proposals to protect privacy must be directed. This Article develops a theory …

Privacy And Markets: A Love Story, Ryan Calo

Notre Dame Law Review

After defining terms, Part I lays out the law and economics case against privacy, including its basis in economic thought more generally. Part II canvasses the literature responding to economic skepticism in the privacy law literature. Some scholars mount an insider critique, accepting the basic tenets of economics but suggesting that privacy actually increases efficiency in some contexts, or else noting that markets themselves will yield privacy under the right conditions. Others critique economic thinking from the outside. Markets “unravel” privacy by penalizing it, degrade privacy by treating it as just another commodity, or otherwise interfere with the values or …

Modern-Day Monitorships, Veronica Root

Journal Articles

When a sexual abuse scandal rocked Penn State, when Apple engaged in anticompetitive behavior, and when servicers like Bank of America improperly foreclosed upon hundreds of thousands of homeowners, each organization entered into a Modern-Day Monitorship. Modern-Day Monitorships are utilized in an array of contexts to assist in widely varying remediation efforts. They provide outsiders a unique source of information about the efficacy of the tarnished organization’s efforts to remediate misconduct. Yet despite their use in high-profile and serious matters of organizational wrongdoing, they are not an outgrowth of careful study and deliberate planning. Instead, Modern-Day Monitorships have been employed …

Whose Line Is It Anyway? Probable Cause And Historical Cell Site Data, Megan L. Mckeown

Notre Dame Law Review

This Note argues that the “specific and articulable facts” standard does not accord with the intent of the drafters of the Fourth Amendment to protect individuals’ reasonable expectation of privacy. Although allowing the government access to historical cell site data to use as evidence in a criminal proceeding aids law enforcement, legislators must recognize the risks that flow from allowing the government to retrieve cell phone location information without probable cause. At least one study suggests that the public is losing confidence in their ability to control personal information, ultimately creating public discomfort with and suspicion of government surveillance. If …

Online Terms Of Service: A Shield For First Amendment Scrutiny Of Government Action, Jacquelyn E. Fradette

Notre Dame Law Review

Part I of this Note will canvas popular opinions and perceptions about First Amendment rights on the Internet using examples of public outcry over recent instances of speech limitation. It will also discuss the state action doctrine generally and how the presence of this doctrine most likely renders certain popular public constitutional intuitions about the First Amendment erroneous.

Part II will provide an overview of how courts have taken an expansive and protective view of private ordering between online parties. It will discuss how courts have developed a robust freedom to contract jurisprudence in the Internet context. Because courts essentially …