Law Commons^™

The President’S Foreign Affairs Power Over Personal Data, Anupam Chander, Paul M. Schwartz

Georgetown Law Faculty Publications and Other Works

This Article reveals a surprising expansion of presidential authority to control goods and services available in the United States because of the information flows that they entail. Such authority is grounded in laws focused on protecting national security, here with respect to foreign surveillance and propaganda. But broad executive powers over our information infrastructure raises significant concerns with respect to core American values of free expression and due process. Worries about unfettered foreign access to data should be coupled with worries about unfettered executive control over our information services and technologies.

The Trade Origins Of Privacy Law, Anupam Chander

Georgetown Law Faculty Publications and Other Works

The desire for trade propelled the growth of data privacy law across the world. Countries with strong privacy laws sought to ensure that their citizens’ privacy would not be compromised when their data traveled to other countries. Even before this vaunted Brussels Effect pushed privacy law across the world through the enticement of trade with the European Union, Brussels had to erect privacy law within the Union itself. And as the Union itself expanded, privacy law was a critical condition for accession.

But this coupling of privacy and trade leaves a puzzle: how did the U.S. avoid a comprehensive privacy …

Against Engagement, Neil Richards, Woodrow Hartzog

Faculty Scholarship

In this Article, we focus on a key dimension of commercial surveillance by data-intensive digital platforms that is too often treated as a supporting cast member instead of a star of the show: the concept of engagement. Engagement is, simply put, a measure of time, attention, and other interactions with a service. The economic logic of engagement is simple: more engagement equals more ads watched equals more revenue. Engagement is a lucrative digital business model, but it is problematic in several ways that lurk beneath the happy sloganeering of a “free” internet

Our goal in this Article is to isolate …

Collective Data Rights And Their Possible Abuse, Asaf Lubin

Articles by Maurer Faculty

No abstract provided.

Data Privacy In The Time Of Plague, Cason Schmit, Brian N. Larson, Hye-Chung Kum

Faculty Scholarship

Data privacy is a life-or-death matter for public health. Beginning in late fall 2019, two series of events unfolded, one everyone talked about and one hardly anyone noticed: The greatest world-health crisis in at least 100 years, the COVID-19 pandemic; and the development of the Personal Data Protection Act Committee by the Uniform Law Commissioners (ULC) in the United States. By July 2021, each of these stories had reached a turning point. In the developed, Western world, most people who wanted to receive the vaccine against COVID- 19 could do so. Meanwhile, the ULC adopted the Uniform Personal Data Protection …

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

Data Privacy, Human Rights, And Algorithmic Opacity, Sylvia Lu

Fellow, Adjunct, Lecturer, and Research Scholar Works

Decades ago, it was difficult to imagine a reality in which artificial intelligence (AI) could penetrate every corner of our lives to monitor our innermost selves for commercial interests. Within just a few decades, the private sector has seen a wild proliferation of AI systems, many of which are more powerful and penetrating than anticipated. In many cases, AI systems have become “the power behind the throne,” tracking user activities and making fateful decisions through predictive analysis of personal information. Despite the growing power of AI, proprietary algorithmic systems can be technically complex, legally claimed as trade secrets, and managerially …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

Towards A Calibrated Trust-Based Approach To The Use Of Facial Recognition Technology, Gary Kok Yew Chan

Research Collection Yong Pung How School Of Law

The use of facial recognition technology has given rise to much debate relating to issues concerning privacy infringements, bias and inaccuracies of data and outputs, possibilities of covert use, the lack of data security and the problem of function creep. Certain states and jurisdictions have called for bans and moratoria on the use of facial recognition technology. This paper argues that a blanket ban on facial recognition technology would be overly precautionary without fully considering the wide range of uses and benefits of the innovation. To promote its acceptance, trust in facial recognition technology should be developed in a calibrated …

Tiktok Might Stop: Why The Ieepa Cannot Regulate Personal Data Privacy And The Need For A Comprehensive Solution, Alicia Faison

Duke Journal of Constitutional Law & Public Policy Sidebar

In August 2020, President Trump announced a ban on the popular app TikTok, citing the risk that TikTok could be sharing Americans’ personal data with the Chinese government. In doing so, President Trump used his powers under the International Emergency Economic Powers Act (IEEPA), which authorizes Presidents to impose economic sanctions in the face of a national emergency. Associating TikTok’s data mining practices with a national emergency raises interesting questions about the governance of our personal data: is there a national security risk and if so, how should data be protected? This Note argues that ineffective personal data privacy regulation …

Achieving Privacy: Costs Of Compliance And Enforcement Of Data Protection Regulation, Anupam Chander, Meaza Abraham, Sandeep Chandy, Yuan Fang, Dayoung Park, Isabel Yu

Georgetown Law Faculty Publications and Other Works

Is privacy a luxury for the rich world? Remarkably, there is a dearth of literature evaluating whether data privacy is too costly for companies to implement, or too expensive for governments to enforce. This paper is the first to offer a review of surveys of costs of compliance, and to summarize national budgets for enforcement. The study shows that while privacy may indeed prove costly for companies to implement, it is not too costly for governments to enforce. This study will help inform governments as they fashion and implement privacy laws to address the “privacy enforcement gap”—the disparity between the …

The Norms Of Algorithmic Credit Scoring, Nikita Aggarwal

Articles

This article examines the growth of algorithmic credit scoring and its implications for the regulation of consumer credit markets in the UK. It constructs a frame of analysis for the regulation of algorithmic credit scoring, bound by the core norms underpinning UK consumer credit and data protection regulation: allocative efficiency, distributional fairness and consumer privacy (as autonomy). Examining the normative trade-offs that arise within this frame, the article argues that existing data protection and consumer credit frameworks do not achieve an appropriate normative balance in the regulation of algorithmic credit scoring. In particular, the growing reliance on consumers' personal data …

Meaningful Choice: A History Of Consent And Alternatives To The Consent Myth, Charlotte A. Tschider

Faculty Publications & Other Works

Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing …

Ai's Legitimate Interest: Towards A Public Benefit Privacy Model, Charlotte A. Tschider

Faculty Publications & Other Works

Health data uses are on the rise. Increasingly more often, data are used for a variety of operational, diagnostic, and technical uses, as in the Internet of Health Things. Never has quality data been more necessary: large data stores now power the most advanced artificial intelligence applications, applications that may enable early diagnosis of chronic diseases and enable personalized medical treatment. These data, both personally identifiable and de-identified, have the potential to dramatically improve the quality, effectiveness, and safety of artificial intelligence.

Existing privacy laws do not 1) effectively protect the privacy interests of individuals and 2) provide the flexibility …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …

The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …

What Is Privacy? That’S The Wrong Question, Woodrow Hartzog

Faculty Scholarship

Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”

In this short essay reflecting upon Solove’s impact on the modern study of information privacy, I argue that the chaos and futility of competing conceptualizations of privacy is why Solove’s …

"Slack" In The Data Age, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

This Article examines how increasingly ubiquitous data and information affect the role of “slack” in the law. Slack is the informal latitude to break the law without sanction. Pockets of slack exist for various reasons, including information imperfections, enforcement resource constraints, deliberate nonenforcement of problematic laws, politics, biases, and luck. Slack is important in allowing flexibility and forbearance in the legal system, but it also risks enabling selective and uneven enforcement. Increasingly available data is now upending slack, causing it to contract and exacerbating the risks of unfair enforcement.

This Article delineates the various contexts in which slack arises and …

Stealing (Identity) From The Poor, Sara S. Greene

Faculty Scholarship

The law of data breaches is new, dynamic, and evolving. The number and complexity of breaches increases each year and legal scholars, courts, and policymakers scramble to respond. In 2019, 14.4 million consumers became victims of identity theft, the most problematic consequence of data breaches for consumers. Indeed, one-third of all Americans have experienced identity theft at some point in their lives. Yet despite low-income groups comprising at least thirty percent of all identity theft victims, existing discourse and debate on the regulatory regime governing data breaches and identity theft primarily reflects the experiences and concerns of middle- and high-income …

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection Yong Pung How School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection Yong Pung How School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.

Regulatory Approaches To Consumer Protection In The Financial Sector And Beyond: Toward A Smart Disclosure Regime?, Nydia Remolina, Aurelio Gurrea-Martinez, Yvonne Ai-Chi Loh, David R. Hardoon

Centre for AI & Data Governance

Traditionally, consumer and data protection policies evolved from issues of consent and information disclosure. The purpose of these regulatory approaches is the protection of consumers by reducing some contracting failures, such as asymmetries of information and a lower bargaining power, especially in transactions involving complex issues such as financial products and sensitive personal data. In the past, regulators have responded to privacy and consumer protection by adopting what this paper refers to as an “imperfectly informed regime”, in which consumers do not receive full information about the risks associated with their decisions, even if they are still protected through a …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Privacy's Constitutional Moment And The Limits Of Data Protection, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

America’s privacy bill has come due. Since the dawn of the Internet, Congress has repeatedly failed to build a robust identity for American privacy law. But now both California and the European Union have forced Congress’s hand by passing the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). These data protection frameworks, structured around principles for Fair Information Processing called the “FIPs,” have industry and privacy advocates alike clamoring for a “U.S. GDPR.” States seemed poised to blanket the country with FIP-based laws if Congress fails to act. The United States is thus in the midst …

Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans

Faculty Scholarship

What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …

A Recent Renaissance In Privacy Law, Margot Kaminski

Publications

Considering the recent increased attention to privacy law issues amid the typically slow pace of legal change.