Law Commons^™

Breaking The Fourth's Wall: The Implications Of Remote Education For Students' Fourth Amendment Rights, Sallie Hatfield

Vanderbilt Journal of Entertainment & Technology Law

As the COVID-19 pandemic forced both public K-12 and higher education institutions to transition to exclusively provide remote education, students’ homes and personal lives were exposed to the government like never before. Zoom classes and remote proctoring were suddenly the norm. Students and their families scrambled to create appropriate offices and classroom spaces in their homes, and many awkward and invasive scenarios soon followed. While many may have been harmlessly captured on camera, like classes that witness a student’s family eating lunch in the background or a dog on the couch, even these harmless instances have insidious implications for the …

Administrative Regulation Of Programmatic Policing: Why "Leaders Of A Beautiful Struggle" Is Both Right And Wrong, Christopher Slobogin

Vanderbilt Law School Faculty Publications

In Leaders of a Beautiful Struggle v. Baltimore Police Department, the Fourth Circuit Court of Appeals held that Aerial Investigation Research (AIR), Baltimore's aerial surveillance program, violated the Fourth Amendment because it was not authorized by a warrant. AIR was constitutionaly problematic, but not for the reason given by the Fourth Circuit. AIR, like many other technologically-enhanced policing programs that rely on closed-circuit television (CCTV), automated license plate readers and the like, involves the collection and retention of information about huge numbers ofpeople. Because individualized suspicion does not exist with respect to any of these people's information, an individual-specific warrant …

A Game Theoretic Approach To Balance Privacy Risks And Familial Benefits, Ellen W. Clayton, Jia Guo, Murat Kantarcioglu, Et Al.

Vanderbilt Law School Faculty Publications

As recreational genomics continues to grow in its popularity, many people are afforded the opportunity to share their genomes in exchange for various services, including third-party interpretation (TPI) tools, to understand their predisposition to health problems and, based on genome similarity, to find extended family members. At the same time, these services have increasingly been reused by law enforcement to track down potential criminals through family members who disclose their genomic information. While it has been observed that many potential users shy away from such data sharing when they learn that their privacy cannot be assured, it remains unclear how …

Aadhaar: India’S National Identification System And Consent-Based Privacy Rights, Anvitha S. Yalavarthy

Vanderbilt Journal of Transnational Law

India’s national identification program, Aadhaar, created the largest national biometric database in the world. While the program is touted as voluntary, the increasing dependence on it, and the laws surrounding it, make it de facto mandatory. This Note examines the social and legal landscapes surrounding the Aadhaar program along with the principles of data privacy and biometric data collection in the European Union and the United States to show how those principles can and should apply to the Aadhaar system.

This Note suggests that the way to strengthen the Aadhaar system’s privacy regime is by balancing the principles of necessity …

The Data Trust Solution To Data Sharing Problems, Kimberly A. Houser, John W. Bagby

Vanderbilt Journal of Entertainment & Technology Law

A small number of large companies hold most of the world’s data. Once in the hands of these companies, data subjects have little control over the use and sharing of their data. Additionally, this data is not generally available to small and medium enterprises or organizations who seek to use it for social good. A number of solutions have been proposed to limit Big Tech “power,” including antitrust actions and stricter privacy laws, but these measures are not likely to address both the oversharing and under-sharing of personal data. Although the data trust concept is being actively explored in the …

Influencing “Kidfluencing”: Protecting Children By Limiting The Right To Profit From “Sharenting”, Charlotte Yates

Vanderbilt Journal of Entertainment & Technology Law

Statistics on children’s digital presences are staggering, with an overwhelming majority of children having unique digital identities by age two. The phenomenon of “sharenting” (parents sharing content of their children on social media) can start as early as a sonogram photo or a birth video and evolve into parent-run Instagram and TikTok accounts soon after. Content is often intimate, sometimes embarrassing, and frequently shared without children’s consent. Sharenting poses a myriad of risks to children including identity theft, digital kidnapping, exposure to child predators, emotional trauma, and social isolation. In the face of such significant risks to children’s well-being, one …

Sociotechnical Safeguards For Genomic Data Privacy, Ellen W. Clayton, Zhiyu Wan, Et Al.

Vanderbilt Law School Faculty Publications

Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of genomic data that are collected, used and shared. This state of affairs raises new and challenging concerns for personal privacy, both legally and technically. This Review appraises existing and emerging threats to genomic data privacy and discusses how well current legal frameworks and technical safeguards mitigate these concerns. It concludes with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the …

Data Transfers After Schrems Ii: The Eu-Us Disagreements Over Data Privacy And National Security, Monika Zalnieriute

Vanderbilt Journal of Transnational Law

In the long-awaited Schrems II decision, the Court of Justice of the European Union (CJEU) took a radical, although not an unexpected, step in invalidating the Privacy Shield Agreement, which facilitated data transfers between the European Union and the United States. Schrems II illuminates long-lasting international disagreements between the EU and the United States over data protection, national security, and the fundamental differences between the public and private approaches to the protection of human rights in the data-driven economy and modern state. This Article approaches the decision via an interdisciplinary lens of international law and international relations and situates it …

Putting Cano On Ice – A Path Forward For Border Searches Of Electronic Devices, Davis Price Shugrue

Vanderbilt Journal of Entertainment & Technology Law

Across the country, circuit courts disagree over what level of suspicion, if any, is required for border officials to search electronic devices. This leaves law enforcement agencies in the lurch because they must craft nationwide policies that cover jurisdictions with differing rules. The Supreme Court should bring this quandary to an end by holding that no reasonable suspicion or warrant is required for border searches of electronic devices. Many scholars and litigants have called for a reasonable suspicion or warrant requirement in light of Supreme Court decisions like Riley and Carpenter that recognize the privacy concerns raised by searches of …

Big Brother Is Scanning: The Widespread Implementation Of Alpr Technology In America’S Police Forces, Yash Dattani

Vanderbilt Journal of Entertainment & Technology Law

Automatic License Plate Readers (ALPRs) are an increasingly popular tool in police departments across the United States. At its core, ALPR technology functions in a relatively simple manner. The technology has two major components: the actual scanners, which record license plates, and the databases which collect, compile, and analyze this information for officers to access at the click of a button. Although this technology first came to the United States in 1998 as a form of rudimentary border security, its purpose and capabilities have rapidly grown. Now, in 2022, ALPR has evolved into a frighteningly powerful piece of technology, potentially …

A Zebra's Trust: How Rare Disease Communities' Participation In Data Trusts' Governance Builds Trust And Drives Research, Samantha C. Smith

Vanderbilt Journal of Transnational Law

Data sharing plays an increasingly prominent role in society, but it remains a necessary component of rare disease research. Because rare diseases are--as the name indicates-- rare, researchers have only a small number of patients from whom to collect data, and the expense of cross-border data sharing to increase research data is significant. Nevertheless, the rise of artificial intelligence and precision medicine increases the need for usable rare disease data. Current legislation and regulations aimed at addressing rare diseases fall short in addressing these data sharing needs for rare disease research. While the European Union (EU) has invested in rare …

How To Make The Perfect Citizen? Lessons From China's Social Credit System, Liav Orgad, Wessel Reijers

Vanderbilt Journal of Transnational Law

"How to make the perfect citizen?" This has been one of the questions driving the construction of the Chinese Social Credit System: a technology-driven project that aims to assess, evaluate, and steer the behavior of Chinese citizens. After presenting social credit systems in China's public and private sectors (Part II), the Article provides normative standards to distinguish the Chinese system from comparable systems in liberal democracies (Part III). It then discusses the concept of civic virtue, as implemented by the Social Credit System, claiming that it creates a new form of governance, "cybernetic citizenship," which fundamentally changes the essence of …

Data Autonomy, Cesare Fracassi, William Magnuson

Vanderbilt Law Review

In recent years, “data privacy” has vaulted to the forefront of public attention. Scholars, policymakers, and the media have, nearly in unison, decried the lack of data privacy in the modern world. In response, they have put forth various proposals to remedy the situation, from the imposition of fiduciary obligations on technology platforms to the creation of rights to be forgotten for individuals. All these proposals, however, share one essential assumption: we must raise greater protective barriers around data. As a scholar of corporate finance and a scholar of corporate law, respectively, we find this assumption problematic. Data, after all, …

Regulating Data Breaches: A Data Superfund Statute, Kyle Mckibbin

Vanderbilt Journal of Entertainment & Technology Law

Collecting and processing large amounts of personal data has become a fundamental feature of the modern economy. Personal data, combined with good data analytics, are valuable to businesses as they can provide highly detailed information about individual preferences and behaviors. This data collection can also be valuable to the consumer as it generates innovative products and digital platforms. The era of big data promises great rewards, but it is not without its costs. Data breaches, or the release of personal data into unwanted hands, are pervasive and increasingly massive in scale. Despite the personal privacy harm caused by data breaches, …

Protecting Research Data Of Publicly Revealing Participants, Ellen Clayton, B. A. Malin, Kyle J. Mckibbin

Vanderbilt Law School Faculty Publications

Biomedical researchers collect large amounts of personal data about individuals, which are frequently shared with repositories and an array of users. Typically, research data holders implement measures to protect participants’ identities and unique attributes from unauthorized disclosure. These measures, however, can be less effective if people disclose their participation in a research study, which they may do for many reasons. Even so, the people who provide these data for research often understandably expect that their privacy will be protected. We discuss the particular challenges posed by self-disclosure and identify various steps that researchers should take to protect data in these …

No Exit: Ten Years Of "Privacy Vs. Speech" Post-Sorrell, G. S. Hans

Vanderbilt Law School Faculty Publications

A decade has passed since the U.S. Supreme Court held in Sorrell vs. IMS Health that a Vermont privacy law violated the First Amendment. Somewhat surprisingly, the debate about the intersection between privacy laws and free speech protections has not progressed much in the intervening years. If anything, the concerns that some privacy advocates had following Sorrell-that the First Amendment could be used as a tool to overturn privacy regulations-have extended to other areas of economic regulation. As a public interest attorney working on technology law and policy, I entered into practice not long after Sorrell was decided, when it …

A World Of Difference? Law Enforcement, Genetic Data, And The Fourth Amendment, Christopher Slobogin, J. W. Hazel

Vanderbilt Law School Faculty Publications

Law enforcement agencies are increasingly turning to genetic databases as a way of solving crime, either through requesting the DNA profile of an identified suspect from a database or, more commonly, by matching crime scene DNA with DNA profiles in a database in an attempt to identify a suspect or a family member of a suspect. Neither of these efforts implicates the Fourth Amendment, because the Supreme Court has held that a Fourth Amendment "search" does not occur unless police infringe "expectations of privacy society is prepared to recognize as reasonable" and has construed that phrase narrowly, without reference to …

Envisioning The Ftc As A Facilitator Of Blockchain Technology Adoption In The Direct-To-Consumer Genetic Testing Industry, Noah Spector

Vanderbilt Journal of Entertainment & Technology Law

Seemingly overnight, the kingpins of the direct-to-consumer genetic testing (DTC-GT) industry shifted their focus from exploring their customers’ DNA to commodifying it. Companies like Ancestry or 23andMe that were once exclusively known as mere sources of “infotainment” now regularly sell consenting customers’ genetic data to pharmaceutical researchers or use it to develop drugs of their own. To gain these customers’ consent, both firms employ a series of long, complex clickwrap contracts that largely fail to apprise their readers of the potential risks of sharing their genetic data. Nor do these agreements provide any form of compensation to those consumers whose …

Privacy Beyond Possession: Solving The Access Conundrum In Digital Dollars, Nerenda N. Atako

Vanderbilt Journal of Entertainment & Technology Law

The advent of a retail central bank digital currency (CBDC) could reshape the US payments system. A retail CBDC would be a digital representation of the US dollar in the form of an account or token that is widely accessible to the general public. It would be a third form of US fiat money that is created and issued by the Federal Reserve and complementary to physical cash. CBDC proposals have suggested a myriad of retail CBDC design models with an overwhelming interest in a retail CBDC that either implements a centralized ledger system or some form of a distributed …

Watching Androids Dream Of Electric Sheep: Immersive Technology, Biometric Psychography, And The Law, Brittan Heller

Vanderbilt Journal of Entertainment & Technology Law

Virtual reality and augmented reality present exceedingly complex privacy issues because of the enhanced user experience and reality-based models. Unlike the issues presented by traditional gaming and social media, immersive technology poses inherent risks, which our legal understanding of biometrics and online harassment is simply not prepared to address. This Article offers five important contributions to this emerging space. It begins by introducing a new area of legal and policy inquiry raised by immersive technology called “biometric psychography.” Second, it explains how immersive technology works to a legal audience and defines concepts that are essential to understanding the risks that …

"The New Weapon Of Choice": Law's Current Inability To Properly Address Deepfake Pornography, Anne Pechenik Gieseke

Vanderbilt Law Review

Deepfake technology uses artificial intelligence to realistically manipulate videos by splicing one person’s face onto another’s. While this technology has innocuous usages, some perpetrators have instead used it to create deepfake pornography. These creators use images ripped from social media sites to construct—or request the generation of—a pornographic video showcasing any woman who has shared images of herself online. And while this technology sounds complex enough to be relegated to Hollywood production studios, it is rapidly becoming free and easy-to-use. The implications of deepfake pornography seep into all facets of victims’ lives. Not only does deepfake pornography shatter these victims’ …

The Standing Of Article Iii Standing For Data Breach Litigants: Proposing A Judicial And A Legislative Solution, Devin Urness

Vanderbilt Law Review

Data breaches are not going away. Yet victims still face uncertainty when deciding whether and where to file cases against companies or other institutions that may have mishandled their information. This is especially true if the victims have not yet experienced a financial harm, like identity theft, as a result of a data breach. Much of the uncertainty revolves around the standing doctrine and the Supreme Court’s guidance (or lack thereof) on what constitutes a substantial risk of harm sufficient to establish an injury in fact. Federal circuit courts have come to divergent results in data breach cases based on …

Data Imperialism: The Gdpr's Disastrous Impact On Africa's E-Commerce Markets, Cara Mannion

Vanderbilt Journal of Transnational Law

The European Union (EU) recently passed the General Data Protection Regulation--a sweeping regulatory framework that sets a new global standard for the collection, storage, and use of personal data. To ensure far-reaching compliance with the GDPR, the EU has adopted a strict take-it-or-leave-it approach--countries that wish to engage with digital users in the EU must either comply with the GDPR's expansive data obligations or risk losing access to the world's largest trading block.

This presents significant obstacles for several African nations. Notably, no African country currently has domestic laws that comply with the GDPR. Even if they did, several African …

Privative Copyright, Shyamkrishna Balganesh

Vanderbilt Law Review

“Privative” copyright claims are infringement actions brought by authors for the unauthorized public dissemination of works that are private, unpublished, and revelatory of the author’s personal identity. Driven by considerations of authorial autonomy, dignity, and personality rather than monetary value, these claims are almost as old as Anglo-American copyright law itself. Yet modern thinking has attempted to undermine their place within copyright law and sought to move them into the domain of privacy law. This Article challenges the dominant view and argues that privative copyright claims form a legitimate part of the copyright landscape. It shows how privative copyright claims …

The Law Of The Tetrapods, Henry T. Greely

Vanderbilt Journal of Entertainment & Technology Law

Should there be such a thing as "Technology Law"? This Article explores that question in two ways. It first looks at four substantive issues that appear across many different areas of technology law: privacy, security, property, and responsibility. It then examines five questions that frequently recur about how to regulate very different new technologies. These questions include which agency should regulate, whether regulation should focus on before or after marketing, what jurisdiction should regulate, how relevant new information will be gained and used, and how-politically-good regulation can be enacted. This Article concludes that it may make sense to develop a …

The Missing Regulatory State: Monitoring Businesses In An Age Of Surveillance, Rory V. Loo

Vanderbilt Law Review

An irony of the information age is that the companies responsible for the most extensive surveillance of individuals in history-large platforms such as Amazon, Facebook, and Google-have themselves remained unusually shielded from being monitored by government regulators. But the legal literature on state information acquisition is dominated by the privacy problems of excess collection from individuals, not businesses. There has been little sustained attention to the problem of insufficient information collection from businesses. This Article articulates the administrative state's normative framework for monitoring businesses and shows how that framework is increasingly in tension with privacy concerns. One emerging complication is …

The Law Of Genetic Privacy: Applications, Implications, And Limitations, Ellen Wright Clayton, Barbara J. Evans, James W. Hazel, Mark A. Rothstein

Vanderbilt Law School Faculty Publications

Recent advances in technology have significantly improved the accuracy of genetic testing and analysis, and substantially reduced its cost, resulting in a dramatic increase in the amount of genetic information generated, analysed, shared, and stored by diverse individuals and entities. Given the diversity of actors and their interests, coupled with the wide variety of ways genetic data are held, it has been difficult to develop broadly applicable legal principles for genetic privacy. This article examines the current landscape of genetic privacy to identify the roles that the law does or should play, with a focus on federal statutes and regulations, …

Policing, Databases, And Surveilance: Five Regulatory Categories, Christopher Slobogin

Vanderbilt Law School Faculty Publications

Databases are full of personal information that law enforcement might find useful. Government access to these databases can be divided into five categories: suspect-driven; profile-driven; event-driven; program-driven and volunteer-driven. This chapter recommends that, in addition to any restrictions imposed by the Fourth Amendment (which currently are minimal), each type of access should be subject to its own regulatory regime. Suspect-driven access should depend on justification proportionate to the intrusion. Profile-driven access should likewise abide by a proportionality principle but should also be subject to transparency, vetting, and universality restrictions. Event-driven access should be cabined by the time and place of …

The States Have Spoken: Allow Expanded Media Coverage Of The Federal Courts, Mitchell T. Galloway

Vanderbilt Journal of Entertainment & Technology Law

Since the advent of film and video recording, society has enjoyed the ability to capture the lights and sounds of moments in history. This innovation left courts to determine what place, if any, such technology should have inside the courtroom. Refusing to constrain the future capacity of this technology, the Supreme Court "punted" on this issue until a time when this technology evolved past its initial disruptive nature. Throughout the past forty-five years, the vast majority of state courts have embraced the potential of cameras in the courtroom and have created policies governing such use. In contrast, the federal judiciary …

Keeping It Off The Record: Student Social Media Monitoring And The Need For Updated Student Records Laws, Alice Haston

Vanderbilt Journal of Entertainment & Technology Law

An increasing number of school districts work with private companies to monitor public social media and to notify administrators of alarming student information. Although these services help address challenging school safety issues, the Family Educational Rights and Privacy Act (FERPA) and state law offer little guidance on how districts should store student social media data. This Note encourages states to pass student records laws similar to recent California legislation and urges the Department of Education to clarify the relationship between student social media and education records under FERPA. New state and federal initiatives would help ensure that third parties may …