Law Commons^™

Europe's Digital Constitution, Anu Bradford

Faculty Scholarship

This Article uncovers the fundamental values underlying the European Union’s expansive set of digital regulations, which in aggregate can be viewed as Europe’s “digital constitution.” This constitution engrains Europe’s human-centric, rights-preserving, democracy-enhancing, and redistributive vision for the digital economy into binding law. This vision stands in stark contrast to the United States, which has traditionally placed its faith in markets and tech companies’ self-regulation. As a result, American tech companies today are regulated primarily by Brussels and not by Washington. By highlighting the distinctiveness and the global reach of the European digital constitution, this Article challenges the common narrative that …

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Spotlight Report #6: Proffering Machine-Readable Personal Privacy Research Agreements: Pilot Project Findings For Ieee P7012 Wg, Noreen Y. Whysel, Lisa Levasseur

Publications and Research

What if people had the ability to assert their own legally binding permissions for data collection, use, sharing, and retention by the technologies they use? The IEEE P7012 has been working on an interoperability specification for machine-readable personal privacy terms to support this ability since 2018. The premise behind the work of IEEE P7012 is that people need technology that works on their behalf—i.e. software agents that assert the individual’s permissions and preferences in a machine-readable format.

Thanks to a grant from the IEEE Technical Activities Board Committee on Standards (TAB CoS), we were able to explore the attitudes of …

Me2b Alliance Validation Testing Report: Consumer Perception Of Legal Policies In Digital Technology, Noreen Y. Whysel, Karina Alexanyan, Shaun Spaulting, Julia Little

Publications and Research

Our relationship with technology involves legal agreements that we either review or enter into when using a technology, namely privacy policies and terms of service or terms of use (“TOS/TOU”). We initiated this research to understand if providing a formal rating of the legal policies (privacy policies and TOS/TOUs) would be valuable to consumers (or Me-s). From our early qualitative discussions, we noticed that people were unclear on whether these policies were legally binding contracts or not. Thus, a secondary objective emerged to quantitatively explore whether people knew who these policies protected (if anyone), and if the policies were perceived …

Privacy Losses As Wrongful Gains, Bernard Chao

Sturm College of Law: Faculty Scholarship

Perhaps nowhere has the pace of technology placed more pressure on the law than in the area of data privacy. Huge data breaches fill our headlines. Companies often violate their own privacy policies by selling customer data, or by using the information in ways that fall outside their policy. Yet, even when there is indisputable misconduct, the law generally does not hold these companies accountable. That is because traditional legal claims are poorly suited for handling privacy losses.

Contract claims fail when privacy policies are not considered contractual obligations. Misrepresentation claims cannot succeed when customers never read and rely on …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Open Banking: Regulatory Challenges For A New Form Of Financial Intermediation In A Data-Driven World, Nydia Remolina

Centre for AI & Data Governance

Data has taken immense importance in the last years. Consider the amount of data that is being collected worldwide every day, industries are reshaping their activities into a data-driven business. The digital transformation of all industries, portent of the fourth industrial revolution, is creating a new kind of economy based on the datafication of almost any aspect of human social, political and economic activity as a result of the information generated by the numerous daily routines of digitally connected individuals and technology. The financial services industry is part of this trend. Embracing the digital revolution and creating the right foundations …

Facebook-Cambridge Analytica Data Harvesting: What You Need To Know, Ikhlaq Ur Rehman

Library Philosophy and Practice (e-journal)

In 2018, it became public knowledge that millions of Facebook users’ data had been harvested without their consent. At the heart of the issue was Cambridge Analytica (CA) which in partnership with Cambridge researcher, Aleksandr Kogan harvested data from millions of Facebook profiles. Kogan had developed an application called “thisisyourdigitallife” which featured a personality quiz and CA paid for people to take it. The app recorded results of each quiz, collected data from quiz taker’s Facebook account such as personal information and Facebook activity (e.g., what content was “liked”) as well as their Facebook friends which led to data harvesting …

The Inadequate, Invaluable Fair Information Practices, Woodrow Hartzog

Faculty Scholarship

For the past thirty years, the general advice for those seeking to collect, use, and share people’s personal data in a responsible way was relatively straightforward: follow the fair information practices, often called the “FIPs.” These general guidelines were designed to ensure that data processors are accountable for their actions and that data subjects are safe, secure, and endowed with control over their personal information. The FIPs have proven remarkably sturdy against the backdrop of near-constant technological change. Yet in the age of social media, big data, and artificial intelligence, the FIPs have been pushed to their breaking point. We …

Property And Probable Cause: The Fourth Amendment's Principled Protection Of Privacy, Ricardo J. Bascuas

Articles

No abstract provided.

Data Privacy, Data Piracy: Can India Provide Adequate Protection For Electronically Transferred Data?, Vinita Bali

Faculty Publications

Three employees of Mphasis, a business process outsourcing ("BPO") firm, which runs call center services for Citibank's U.S. customers in Bangalore, India, were arrested for allegedly siphoning $350,000 from the accounts of Citibank's U.S. customers. These employees used their positions, which provided them access to Citibank customers, to induce four customers into giving out the personal identification numbers to their accounts, allowing the employees to illegally siphon funds out of those accounts. Outsourcing is a growing trend among budgetconscious U.S. companies and institutions. Information being outsourced includes personal data and confidential proprietary information. For example, Unisys Corporation, a company that …

Twilight Of The Idols? Eu Internet Privacy And The Post Enlightenment Paradigm, Mark F. Kightlinger

Law Faculty Scholarly Articles

This Article provides a timely examination of the European Union's approach to information privacy on the internet, an approach that some legal scholars have held up as a model for law reform in the United States. Building on the author's recent piece discussing the U.S. approach to internet privacy, this Article applies to the EU's internet privacy regime a theoretical framework constructed from the writings of philosopher and social theorist Alasdair MacIntyre on the failures of Enlightenment and post-Enlightenment thought. The EU internet privacy regime is shown to reflect and reinforce three key elements of the "post-Enlightenment paradigm," i.e., the …

The Gathering Twilight? Information Privacy On The Internet In The Post-Enlightenment Era, Mark F. Kightlinger

Law Faculty Scholarly Articles

The steady stream of news reports about violations of privacy on the Internet has spawned a growing body of literature discussing the legal protections available for personally identifiable information—i.e., information about identified or identifiable persons—collected via the Internet. This Article takes the discussion of Internet privacy protection in a new and very different direction by reexamining the U.S. Internet privacy regime from the perspective of a broader cultural/historical analysis and critique. The perspective adopted is that of Alasdair MacIntyre's account of the disarray in Enlightenment and post-Enlightenment discourse about morality and human nature and the accompanying disappearance of rational justifications …

Spyware And The Limits Of Surveillance Law, Patricia L. Bellia

Journal Articles

For policymakers, litigants, and commentators seeking to address the threats digital technology poses for privacy, electronic surveillance law remains a weapon of choice. The debate over how best to respond to the spyware problem provides only the most recent illustration of that fact. Although there is much controversy over how to define spyware, that label encompasses at least some software that monitors a computer user's electronic communications. Federal surveillance statutes thus present an intuitive fit for responding to the regulatory challenges of spyware, because those statutes bar the unauthorized acquisition of electronic communications and related data in some circumstances. Indeed, …