Law Commons^™

The Path To Standing: Asserting The Inherent Injury Of The Data Breach, Jennifer M. Joslin

Utah Law Review

Data breaches are on the rise as consumers continue to exchange personally identifiable information for goods and services in sectors from retail to healthcare. In the aftermath of a data breach, it has been difficult for victims of the breach to establish Article III standing to sue in federal courts. The primary hurdle for those seeking a remedy for the theft of their data has been showing that they have suffered an injury-in-fact. Plaintiffs typically assert an injury based on the increased risk of identity theft following a breach. However, courts have divided on whether such an injury satisfies the …

Cell Phones Are Orwell's Telescreen: The Need For Fourth Amendment Protection In Real-Time Cell Phone Location Information, Matthew Devoy Jones

Cleveland State Law Review

Courts are divided as to whether law enforcement can collect cell phone location information in real-time without a warrant under the Fourth Amendment. This Article argues that Carpenter v. United States requires a warrant under the Fourth Amendment prior to law enforcement’s collection of real-time cell phone location information. Courts that have required a warrant prior to the government’s collection of real-time cell phone location information have considered the length of surveillance. This should not be a factor. The growing prevalence and usage of cell phones and cell phone technology, the original intent of the Fourth Amendment, and United States …

The Necessity Of Human Rights Legal Protections In Mutual Legal Assistance Treaty Reform, Christine Galvagna

Notre Dame Journal of International & Comparative Law

Mutual legal assistance treaty (MLAT) reform is a transnational legal movement aimed at facilitating more rapid law enforcement access to cross-border data, while also preventing violations of state sovereignty through the exercise of extraterritorial jurisdiction over data. Efforts primarily focus on the United States (U.S.) mutual legal assistance (MLA) process, as it is exceedingly slow and convoluted, but also unavoidable, given that most major tech companies have their bases in the U.S. Recently proposed or enacted legal instruments include the U.S. CLOUD Act, the European Union’s (EU) e-Evidence proposal, Council of Europe’s forthcoming Additional Protocol to the Convention on Cybercrime, …

The Genetic Information Nondiscrimination Act At Age 10: Gina’S Controversial Assertion That Data Transparency Protects Privacy And Civil Rights, Barbara J. Evans

William & Mary Law Review

The genomic testing industry is an edifice built on data transparency: transparent and often unconsented sharing of our genetic information with researchers to fuel scientific discovery, transparent sharing of our test results to help regulators infer whether the tests are safe and effective, and transparent sharing of our health information to help treat other patients on the premise that we gain reciprocity of advantage when each person’s health care is informed by the best available data about all of us. Transparency undeniably confers many social benefits but creates risks to the civil rights of the people whose genetic information is …

The Normative Fourth Amendment, Matthew Tokson

Utah Law Faculty Scholarship

For decades, courts have used a “reasonable expectation of privacy” standard to determine whether a government action is a Fourth Amendment search. Scholars have convincingly argued that this test is incoherent, arbitrary, and incapable of protecting privacy against modern forms of surveillance. Yet few alternatives have been proposed, and those alternatives pose many of the same problems as the current standard.

This Article offers a new theoretical approach for determining the scope of the Fourth Amendment. It develops a normative model of Fourth Amendment searches, one that explicitly addresses the balance between law enforcement effectiveness and citizens’ interests inherent in …

Keep Your Friends Close And Your Medical Records Closer: Defining The Extent To Which A Constitutional Right To Informational Privacy Protects Medical Records, Lauren Newman

Journal of Law and Health

The following Article discusses the extent to which the constitutional right to informational privacy protects medical data from improper acquisition or dissemination by state agents. Part I provides background on Whalen v. Roe, the Supreme Court case that has been understood to establish the right to informational privacy. Part I also discusses the variations across the circuit courts as to what medical information is afforded protection by the right. Part II analyzes the well-established approaches adopted by the Second and Third Circuits as they present opposing interpretations of Whalen, one wholly protecting medical information and the other protecting …

Privacy, Freedom, And Technology—Or “How Did We Get Into This Mess?”, Alex Alben

Seattle University Law Review

Can we live in a free society without personal privacy? The question is worth pondering, not only in light of the ongoing debate about government surveillance of private communications, but also because new technologies continue to erode the boundaries of our personal space. This Article examines our loss of freedom in a variety of disparate contexts, all connected by the thread of erosion of personal privacy. In the scenarios explored here, privacy reducing activities vary from government surveillance, personal stalking conducted by individuals, and profiling by data-driven corporations, to political actors manipulating social media platforms. In each case, new technologies …

Gdpr Compliance—It Takes A Village, Susy Mendoza

Seattle University Law Review

When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the …

Footprints: Privacy For Enterprises, Processors, And Custodians…Oh My!, Blair Witzel, Carrie Mount

Seattle University Law Review

Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of …

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Alexa, Amazon Assistant Or Government Informant?, Julia R. Shackleton Esq.

University of Miami Business Law Review

Alexa, are you listening to me? Technology has become an integral part of one’s everyday life with voice-controlled devices pervading our most intimate interactions and spaces within the home. The answers to our questions are now at our fingertips with the simple roll of the tongue “Alexa,” your very own personal intelligence assistant. This futuristic household tool can perform tasks that range from answering simple voice commands to ordering any online shopping. However, the advent of voice technology presents a myriad of problems. Concerns arise as these new devices live in the privacy of our homes while quietly listening for …

Jewish Law And Socially Responsible Corporate Conduct, Steven H. Resnicoff

Steven Resnicoff

No abstract provided.

Rights On Publicity As Remarkably Insignificant, R. George Wright

Cleveland State Law Review

This Article introduces the right of publicity through a brief consideration of high-profile cases involving, respectively, Paris Hilton, human cannonball Hugo Zacchini, and the famous actress Olivia de Havilland. With this background understanding, the Article considers the supposed risks to freedom of speech posed by recognizing rights of publicity in a private party. From there, the Article addresses the nagging concern that the publicity rights cases promote a harmful "celebrification" of culture. Finally, the Article considers whether allowing for meaningful damage recoveries in publicity rights cases appropriately compensates victims in ways promoting the broad public interest.

Data Re-Use And The Problem Of Group Identity, Leslie Francis, John G. Francis

Utah Law Faculty Scholarship

Reusing existing data sets of health information for public health or medical research has much to recommend it. Much data repurposing in medical or public health research or practice involves information that has been stripped of individual identifiers but some does not. In some cases, there may have been consent to the reuse but in other cases consent may be absent and people may be entirely unaware of how the data about them are being used. Data sets are also being combined and may contain information with very different sources, consent histories, and individual identifiers. Much of the ethical and …

Deputizing Family: Loved Ones As A Regulatory Tool In The "Drug War" And Beyond, Matthew J.B. Lawrence

Faculty Scholarly Works

Many laws use family members as a regulatory tool to influence the decisions or behavior of their loved ones, i.e., they deputize family. Involuntary treatment laws for substance use disorder are a clear example; such laws empower family members to use information shared by their loved ones to petition to force their loved ones into treatment without consent. Whether such deputization is helpful or harmful for a patient’s health is a crucial and dubious question discussed in existing literature, but use of family members as a regulatory tool implicates important considerations beyond direct medical impacts that have not been as …

United States V. Sweeney, Melissa Toback

NYLS Law Review

No abstract provided.

Cashless Societies And The Rise Of The Independent Cryptocurrencies: How Governments Can Use Privacy Laws To Compete With Independent Cryptocurrencies, Matla Garcia Chavolla

Pace International Law Review

Many individuals (including governments) envision living in a future world where physical currency is a thing of the past. Many countries have made great strides in their efforts to go cashless. At the same time, there is increasing awareness among citizens of the decreasing amount of privacy in their lives. The potential hazards cashless societies pose to financial privacy may incentivize citizens to hold some of their money in independent cryptocurrencies. This article argues that in order for governments in cashless societies to keep firm control over their money supply, they should enact stronger privacy law protections for its citizens …

Nowhere To Run, Nowhere To Hide.* Applying The Fourth Amendment To Connected Cars In The Internet-Of-Things Era, Gregory C. Brown, Jr.

Journal of Civil Rights and Economic Development

(Excerpt)

Part I of this Note will briefly discuss the key components of a Connected Car, identify who collects the data from the Car, and examine the various uses for the data. Part I also explores whether Car owners consent to the collection of their Car’s data. Part II-A will trace the historical development of the automobile exception to the Fourth Amendment, which generally permits law-enforcement officers to conduct a warrantless search of a vehicle. Part II-B will discuss how the Supreme Court has applied the Fourth Amendment to pre-Internet technologies. Part II-C will discuss two recent Fourth Amendment Supreme …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Christopher Slobogin

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Ellen Wright Clayton

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Law School News: A Spring Break That Teaches - And Gives Back 03/11/2019, Edward Fitzpatrick

Life of the Law School (1993- )

No abstract provided.

Bytes Bite: Why Corporate Data Breaches Should Give Standing To Affected Individuals, Caden Hayes

Washington and Lee Journal of Civil Rights and Social Justice

High-profile data hacks are not uncommon. In fact, according to the Privacy Rights Clearinghouse, there have been at least 7,961 data breaches, exposing over 10,000,000,000 accounts in total, since 2005. These shocking numbers are not particularly surprising when taking into account the value of information stolen. For example, cell phone numbers, as exposed in a Yahoo! hack, are worth $10 a piece on the black market, meaning the hackers stood to make $30,000,000,000 from that one hack. That dollar amount does not even consider copies the hackers could make and later resell. Yet while these hackers make astronomical payoffs, the …

When A Tent Is Your Castle: Constitutional Protection Against Unreasonable Searches Of Makeshift Dwellings Of Unhoused Persons, Evanie Parr

Seattle University Law Review

This Note will argue that all jurisdictions should follow the Washington State Court of Appeals, Division II in validating makeshift dwellings used by people experiencing homelessness as spaces protected from unwarranted police intrusions by shifting evaluations of “reasonable expectations of privacy” to a more equitable standard that appreciates the realities of economic disparity. This approach to constitutional protections against unreasonable searches and seizures is imperative to protect the rights of people experiencing homelessness, given that such individuals are regularly subjected to invasions of privacy and heightened exposure to the criminal justice system.

Younger Generations Are Infected By Continuous Socialization To Accept Diminished Privacy: A Global Analysis Of How The United States' Constitutional Doctrine Is A Main Contributor To Eroded Privacy, Tiffany Kim

Indiana Journal of Global Legal Studies

Since the nineteenth century, privacy concerns have increased with the growth of technology. The invention of instantaneous photography, coupled with the enlarged presence of press, was met with concerns of degraded privacy. Society has formed expectations of privacy, but as time passes, those expectations continue to diminish. Younger generations have been socialized to accept lessened levels of privacy in this digitalized world of mass data and connectivity.

Individual privacy expectations vary globally. The construction of China's government and culture produces a lesser expectation of individual privacy than that of the United States. As outlined in the U.S. Constitution, U.S. citizens …

The Employee Right To Disconnect, Paul M. Secunda

Notre Dame Journal of International & Comparative Law

U.S. workers are increasingly finding it difficult to escape from work. Through their smartphones, e-mail, and social media, work tethers them to their workstations well after the work day has ended. Whether at home or in transit, employers are asking or requiring employees to complete assignments, tasks, and projects outside of working hours. This practice has a profound detrimental impact on employee privacy and autonomy, safety and health, productivity and compensation, and rest and leisure. France and Germany have responded to this emerging workplace issue by taking different legal approaches to providing their employees a right to disconnect from the …

In Defense Of The American Community Survey, Michael Lewyn

Scholarly Works

Discusses policy and constitutional arguments against the ACS, a yearly survey administered by the Census Bureau.

Consumer Protection—Exploring Private Causes Of Action For Victims Of Data Breaches, Justin H. Dion, Nicholas M. Smith

Faculty Scholarship

Data breaches are becoming a norm in modern life. Every year it seems that bigger and bigger attacks are launched, and more and more individuals are harmed. The law has responded by increasing states’ ability to prosecute cybercriminals. A glaring hole exists in this protection though. The state is largely an unharmed party. The real harm is done to individual citizens affected by the breaches. Their data is compromised, their identities are stolen, and their livelihoods are placed at risk. This Article will analyze the issue and propose a solution for increased consumer protection in addition to the current criminal …

Data Subjects' Privacy Rights: Regulation Of Personal Data Retention And Erasure, Alexander Tsesis

Faculty Publications & Other Works

The European Union's right to erasure came into effect May 25, 2018, as Article 17 of the General Data Protection Regulation ("GDPR"). Unlike the U.S. "marketplace of ideas" model of free speech, the GDPR gives greater weight to data subjects' privacy interests than to audiences' curiosity about others' intimate lives. The U.S. and EU models advance human thirst for knowledge through open and uninhibited debates, whereas the internet marketplace tends to favor social media companies' commercial interests: put more specifically, free speech is not entirely harmonious with the interests of social media intermediaries whose algorithms tend to favor companies' bottom …

Marketplace Of Ideas, Privacy, And The Digital Audience, Alexander Tsesis

Faculty Publications & Other Works

The availability of almost limitless sets of digital information has opened a vast marketplace of ideas. Information service providers like Facebook and Twitter provide users with an array of personal information about products, friends, acquaintances, and strangers. While this data enriches the lives of those who share content on the internet, it comes at the expense of privacy. Social media companies disseminate news, advertisements, and political messages, while also capitalizing on consumers' private shopping, surfing, and traveling habits. Companies like Cambridge Analytica, Amazon, and Apple rely on algorithmic programs to mash up and scrape enormous amounts of online and otherwise …