Law Commons^™

Pay For (Privacy) Performance: Holding Social Network Executives Accountable For Breaches In Data Privacy Protection, Lital Helman

Brooklyn Law Review

Social networking has proliferated over the past years and is now being utilized by a large percentage of the world’s population. Social networks substantially contribute to enhanced speech, creativity, and communication. Yet, their practices of collecting and monetizing personal data of users pose severe privacy risks. Compelling social networks to internalize these risks is crucial for the healthy evolution of social networking. This article proposes a novel approach to address this challenge: to link executive compensation in social networking firms to the quality of data protection the company provides to its users. This proposal is different from other solutions that …

The Right To Explanation, Explained, Margot E. Kaminski

Publications

Many have called for algorithmic accountability: laws governing decision-making by complex algorithms, or AI. The EU’s General Data Protection Regulation (GDPR) now establishes exactly this. The recent debate over the right to explanation (a right to information about individual decisions made by algorithms) has obscured the significant algorithmic accountability regime established by the GDPR. The GDPR’s provisions on algorithmic accountability, which include a right to explanation, have the potential to be broader, stronger, and deeper than the preceding requirements of the Data Protection Directive. This Essay clarifies, largely for a U.S. audience, what the GDPR actually requires, incorporating recently released …

Genetic Data Privacy Solutions In The Gdpr, Kristi Harbord

Texas A&M Law Review

The intersection of healthcare and technology is a rapidly growing area. One thriving field at this intersection involves obtaining, processing, and storing genetic data. While the benefits have been great, genetic information can reveal a great deal about individuals and their families. And the information that can be conveyed from genetic data appears limitless and is constantly growing and changing. Many entities have begun storing, processing, and sharing genetic data on a very large scale. This creates many privacy concerns that the current regulatory framework does not account for. The line between patient data and consumer data is blurred; many …

Medical Records And Privacy Rights: The Unintended Consequences Of Aggregated Data In Electronic Health Records, Andrea C. Maciejewski

University of Colorado Law Review

In an era of rapid-pace technological innovation and political focus on healthcare, the federal government is pushing for nationwide interoperability of electronic health records. While there are many benefits from such a program, the lack of federal or state privacy regulations for patients' personal data opens up the possibility of widespread dissemination of private and sensitive information. This inattention to privacy will cause major problems if exploited.

Currently, there are no federal or Colorado laws that protect against potential privacy violations and provide recourse for a patient if a medical professional decides to insert nonmedical information, such as information about …

Antidiscriminatory Privacy, Ignacio Cofone

SMU Law Review

Law often blocks sensitive personal information to prevent discrimination. It does so, however, without a theory or framework to determine when doing so is warranted. As a result, these measures produce mixed results. This article offers a theoretical framework for determining, with a view of preventing discrimination, when personal information should flow and when it should not. It examines the relationship between precluded personal information, such as race, and the proxies for precluded information, such as names and zip codes. It proposes that the success of these measures depends on what types of proxies exist for the information blocked and …

“Hashing” In The Cloud: The Private Search Defense Is Active And Potent, Tri T. Truong

SMU Law Review

No abstract provided.

Commercial Clicks: Advertising Algorithms As Commercial Speech, Kerri A. Thompson

Vanderbilt Journal of Entertainment & Technology Law

Congressional hearings have finally called for the "right regulation" of social media platforms. The First Amendment, however, has shielded internet companies from regulation since the birth of social media. Even if Congress enacts legislation now, internet companies will be able to defend against the "wrong regulation" by claiming the regulation unconstitutionally limits their freedom of speech. This Article uses Facebook's advertising algorithms as a case study of how Congress can properly regulate Facebook by analyzing the advertising algorithms as commercial speech, which receives less protection under First Amendment jurisprudence. In doing so, Congress can protect the strong public interest in …

Facebook V. Sullivan: Public Figures And Newsworthiness In Online Speech, Thomas E. Kadri, Kate Klonick

Faculty Publications

In the United States, there are now two systems to adjudicate disputes about harmful speech. The first is older and more established: the legal system in which judges apply constitutional law to limit tort claims alleging injuries caused by speech. The second is newer and less familiar: the content-moderation system in which platforms like Facebook implement the rules that govern online speech. These platforms are not bound by the First Amendment. But, as it turns out, they rely on many of the tools used by courts to resolve tensions between regulating harmful speech and preserving free expression—particularly the entangled concepts …

Privacy In The Age Of Medical Big Data, W. Nicholson Price Ii, I. Glenn Cohen

Articles

Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has promised to revolutionize medical practice from the allocation of resources to the diagnosis of complex diseases. But with big data comes big risks and challenges, among them significant questions about patient privacy. Here, we outline the legal and ethical challenges big data brings to patient privacy. We discuss, among other topics, how best to conceive of health privacy; the importance of equity, consent, and patient governance in data collection; discrimination in data uses; and how to handle …

The Federalism Challenges Of Protecting Medical Privacy In Workers' Compensation, Ani B. Satz

Faculty Articles

This Article is the first to address the challenges of federalism in protecting medical privacy in workers’ compensation after the promulgation of the HPR and to propose legal change. The Article argues that workers’ compensation programs must align with the federal privacy protections of the HPR and proposes actions for the U.S. Department of Health and Human Services (HHS) and states to remedy departures. Part I discusses the complex relationship between the HPR and workers’ compensation. This relationship is often misunderstood by legislatures and courts, compounding the challenges of federalism in this area. Specifically, Part I addresses the HPR’s § …

When Data Comes Home: Next Steps In International Taxation’S Information Revolution, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

Over the last decade, there has been a revolution in cross-border tax information exchange and reporting. While this dramatic shift was the product of multiple forces and events, a fundamental reality is that politics, technology, and law intersected to drive the shift to the point where nation-states will now transmit and receive from each other significant ongoing flows of taxpayer information. States can now expect to accumulate large stashes of data on cross-border income, assets, and activities on a scale and level of comprehensiveness unmatched by previous information exchange regimes.

This article examines the pressing follow-up question of how this …

From Innovation To Abuse: Does The Internet Still Need Section 230 Immunity?, Benjamin Volpe

Catholic University Law Review

In 1996, Congress passed the Communications Decency Act to allow the screening of offensive material from the internet, while preserving the continued development of the internet economy without burdensome regulation. However, for years, online intermediaries have successfully used the Act as a shield from liability when third parties use their online services to commit tortious or criminal acts. This Comment argues that a wholly-unregulated internet is no longer necessary to preserve the once-fledgling internet economy. After evaluating various approaches to intermediary liability, this Comment also argues that Congress should take a more comprehensive look at consumer protection online and establish …

The Promises And Perils Of Using Big Data To Regulate Nonprofits, Lloyd Histoshi Mayer

Journal Articles

For the optimist, government use of “Big Data” involves the careful collection of information from numerous sources. The government then engages in expert analysis of those data to reveal previously undiscovered patterns. Discovering patterns revolutionizes the regulation of criminal behavior, education, health care, and many other areas. For the pessimist, government use of Big Data involves the haphazard seizure of information to generate massive databases. Those databases render privacy an illusion and result in arbitrary and discriminatory computer-generated decisions. The reality is, of course, more complicated. On one hand, government use of Big Data may lead to greater efficiency, effectiveness, …

Introducing The Global Data Privacy Prize, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Discipline And Policing, Kate Levine

Faculty Publications

A prime focus of police-reform advocates is the transparency of police discipline. Indeed, transparency is one of, the most popular accountability solutions for a wide swath of policing problems. This Article examines the “transparency cure” as it applies to Police Disciplinary Records (“PDRs”). These records are part of an officer’s personnel file and contain reported wrongdoing from supervisors, Internal Affairs Bureaus, and Citizen Complaint Review Boards.

This Article argues that making PDRs public is worthy of skeptical examination. It problematizes the notion that transparency is a worthy end goal for those who desire to see police-reform in general. Transparency is …

Does What Happens In Vegas Really Stay In Vegas?: The Potential Impact Of The Las Vegas Massacre On Domestic Hotel Security And Individual Privacy Rights In Home-Like Places, Ashley J. Puchalski

Duquesne Law Review

No abstract provided.

If The Legislature Had Been Serious About Data Privacy..., Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

A Secret Weapon?: Applying Privacy Doctrine To The Second Amendment, Jody L. Madeira

Articles by Maurer Faculty

No abstract provided.

Hardware, Heartware, Or Nightmare: Smart-City Technology And The Concomitant Erosion Of Privacy, Leila Lawlor

Faculty Publications By Year

Smart city technology is being adopted in cities all around the world to simplify our lives, save us time, ease traffic, improve education, reduce energy usage and keep us safe. This article discusses smart city projects being utilized in crime prevention and investigations. Specifically, this article highlights examples of gunshot detection devices and surveillance that have led to improvements in public safety in Cape Town, Chicago and Atlanta, and discusses their impacts to privacy.

Redefining The Third-Party Doctrine: Carpenter's Effect On Dna Privacy, Drew M. Baldwin

Kentucky Law Journal

No abstract provided.

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …

The Future Of Facial Recognition Is Not Fully Known: Developing Privacy And Security Regulatory Mechanisms For Facial Recognition In The Retail Sector, Elias Wright

Fordham Intellectual Property, Media and Entertainment Law Journal

In recent years, advances in facial recognition technology have resulted in a rapid expansion in the prevalence of private sector biometric technologies. Facial recognition, while providing new potentials for safety and security and personalized marketing by retailers implicates complicated questions about the nature of consumer privacy and surveillance where a “collection imperative” incentivize corporate actors to accumulate increasingly massive reservoirs of consumer data. However, the law has not yet fully developed to address the unique risks to consumers through the use of this technology. This Note examines existing regulatory mechanisms, finding that consumer sensitivities and the opaque nature of the …

Shadow Health Records Meet New Data Privacy Laws, W. Nicholson Price Ii, Margot E. Kaminski, Timo Minssen, Kayte Spector-Bagdady

Articles

Large sets of health data can enable innovation and quality measurement but can also create technical challenges and privacy risks. When entities such as health plans and health care providers handle personal health information, they are often subject to data privacy regulation. But amid a flood of new forms of health data, some third parties have figured out ways to avoid some data privacy laws, developing what we call “shadow health records”—collections of health data outside the health system that provide detailed pictures of individual health—that allow both innovative research and commercial targeting despite data privacy rules. Now that space …

Towards A New California Revised Uniform Fiduciary Access To Digital Assets Act, Michael T. Yu

Faculty Scholarship

California enacted the Revised Uniform Fiduciary Access to Digital Assets Act (the California RUFADAA) to govern the disclosure (or nondisclosure) of digital assets when a California resident dies. Digital assets include not just emails and social media accounts but may also include online files and assets, digital currencies, domain names, and blogs. The California RUFADAA ostensibly governs the disclosure of digital assets only when a California resident dies, and it, therefore, does not govern the scenario when a California resident becomes incapacitated and can no longer handle his or her digital assets. This scenario is likely to become more common …

The Value Of Deviance: Understanding Contextual Privacy, Timothy Casey

Faculty Scholarship

Recent decisions by the Supreme Court in Carpenter v. United States and the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corporation signal a shift in the traditional understanding of what exactly is protected by a privacy interest. Carpenter distinguished between a police officer’s observation of a suspect’s location and a perpetual catalogue of a person’s movements obtained through cell site location information (CSLI). The pervasive and vast quantity of information from CSLI exposed a protected privacy interest. In Rosenbach, the Illinois Supreme Court found the unique and personal quality of biometric information meant that consent and disclosure requirements …

Global Platform Governance: Private Power In The Shadow Of The State, Hannah Bloch-Wehba

Faculty Scholarship

Online intermediaries—search engines, social media platforms, even e-commerce businesses—are increasingly required to make critical decisions about free expression, individual privacy, and property rights under domestic law. These requirements arise in contexts that include the right to be forgotten, hate speech, “terrorist” speech, and copyright and intellectual property. At the same time, these disputes about online speech are increasingly borderless. Many laws targeting online speech and privacy are explicitly extraterritorial in scope. Even when not, some courts have ruled that they have jurisdiction to enforce compliance on a global scale. And governments are also demanding that platforms remove content—on a global …

Empiricism And Privacy Policies In The Restatement Of Consumer Contract Law, Gregory Klass

Georgetown Law Faculty Publications and Other Works

The Draft Restatement of the Law of Consumer Contracts includes a quantitative study of judicial decisions concerning businesses’ online privacy policies, which it cites in support of a claim that most courts treat privacy policies as contract terms. This Article reports an attempt to reproduce that study’s results. Using the Reporters’ data, this study was unable to reproduce their numerical findings. This study found in the data fewer relevant decisions, and a lower proportion of decisions supporting the Draft Restatement position. It also found little support for the Draft’s claim that there is a clear trend recognizing privacy policies as …

Secrets Of The Deep: Defining Privacy Underwater, Annie Brett

UF Law Faculty Publications

The drones are coming, But not just to your neighborhood skies – to the world’s oceans. From recreational robots designed to autonomously follow divers and record video of them to low-cost, remotely operated submersibles that put ocean exploration in the hands of the general public to sophisticated military submersibles able to autonomously gather intelligence throughout the oceans, the underwater drone market is exploding. But unlike on land, this explosion has not been accompanied by similar discussion of privacy concerns. Instead, the ocean’s rapid shift away from an inaccessible operational sanctuary is one that is happening largely silently. And it is …

Drone Invasion: Unmanned Aerial Vehicles And The Right To Privacy, Rebecca L. Scharf

Scholarly Works

Since the birth of the concept of a legally-recognized right to privacy in Samuel D. Warren and Louis D. Brandeis’ influential 1890 law review article, The Right to Privacy, common law – with the aid of influential scholars -- has massaged the concept of privacy torts into actionable claims. But now, one of the most innovative technological advancements in recent years, the unmanned aerial vehicle, or drone, has created difficult challenges for plaintiffs and courts navigating common law privacy tort claims.

This Article explores the challenges of prosecution of the specific privacy tort of intrusion into seclusion involving non-governmental use …

Florida Law, Mobile Research Applications, And The Right To Privacy, Stacey A. Tovino

Scholarly Works

This Article investigates whether state law contains comprehensive privacy, security, and breach notification standards that could apply to independent scientists who conduct mobile app mediated health research. Focusing only on Florida law, this Article assesses potentially relevant and applicable sources of privacy, security, and breach notification standards for health data of the type obtained during mobile app mediated health research studies. This Article concludes that, with one exception, Florida law tends to fall into one of two categories: (1) the law contains at least one data privacy, security, or breach notification standard, but the standard is limited in application to …