Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Privacy Law (35)
- Computer Law (31)
- Internet Law (22)
- Science and Technology Law (20)
- Consumer Protection Law (9)
-
- Intellectual Property Law (8)
- Business Organizations Law (7)
- Communications Law (7)
- Computer Sciences (7)
- Physical Sciences and Mathematics (7)
- Information Security (6)
- Law and Society (6)
- Administrative Law (5)
- Contracts (5)
- Health Law and Policy (5)
- Comparative and Foreign Law (4)
- Constitutional Law (4)
- National Security Law (4)
- Law and Economics (3)
- Legislation (3)
- Social and Behavioral Sciences (3)
- Business (2)
- Business Administration, Management, and Operations (2)
- Commercial Law (2)
- Courts (2)
- Criminal Law (2)
- Databases and Information Systems (2)
- E-Commerce (2)
- First Amendment (2)
- Institution
-
- University of Michigan Law School (13)
- Boston University School of Law (11)
- Chicago-Kent College of Law (8)
- George Washington University Law School (6)
- Duke Law (4)
-
- William & Mary Law School (4)
- Cornell University Law School (3)
- Maurer School of Law: Indiana University (3)
- The Catholic University of America, Columbus School of Law (3)
- University of Colorado Law School (3)
- Georgetown University Law Center (2)
- Selected Works (2)
- University of Miami Law School (2)
- University of Pittsburgh School of Law (2)
- Vanderbilt University Law School (2)
- City University of New York (CUNY) (1)
- Cleveland State University (1)
- Columbia Law School (1)
- Embry-Riddle Aeronautical University (1)
- Fordham Law School (1)
- Maurice A. Deane School of Law at Hofstra University (1)
- Mitchell Hamline School of Law (1)
- National Law School of India University (1)
- Saint Louis University School of Law (1)
- SelectedWorks (1)
- Singapore Management University (1)
- St. Mary's University (1)
- Touro University Jacob D. Fuchsberg Law Center (1)
- U.S. Naval War College (1)
- University of Nebraska - Lincoln (1)
- Publication Year
- Publication
-
- Faculty Scholarship (10)
- Chicago-Kent Law Review (8)
- Michigan Telecommunications & Technology Law Review (7)
- GW Law Faculty Publications & Other Works (6)
- Articles by Maurer Faculty (3)
-
- Duke Journal of Comparative & International Law (3)
- Michigan Law Review (3)
- Michigan Technology Law Review (3)
- Publications (3)
- Articles (2)
- Catholic University Law Review (2)
- Cornell International Law Journal (2)
- Georgetown Law Faculty Publications and Other Works (2)
- University of Miami Law Review (2)
- Vanderbilt Journal of Entertainment & Technology Law (2)
- Books (1)
- Catholic University Journal of Law and Technology (1)
- Copyright, Fair Use, Scholarly Communication, etc. (1)
- Cornell Law Faculty Publications (1)
- Cybaris® (1)
- Duke Law Journal (1)
- Edward A. Morse (1)
- Faculty Publications (1)
- Fordham Law Review (1)
- Hofstra Law Review (1)
- Indian Journal of Law and Technology (1)
- International Law Studies (1)
- Jared A. Harshbarger (1)
- Journal of Digital Forensics, Security and Law (1)
- Journal of Law and Health (1)
- Publication Type
- File Type
Articles 1 - 30 of 88
Full-Text Articles in Law
The President’S Foreign Affairs Power Over Personal Data, Anupam Chander, Paul M. Schwartz
The President’S Foreign Affairs Power Over Personal Data, Anupam Chander, Paul M. Schwartz
Georgetown Law Faculty Publications and Other Works
This Article reveals a surprising expansion of presidential authority to control goods and services available in the United States because of the information flows that they entail. Such authority is grounded in laws focused on protecting national security, here with respect to foreign surveillance and propaganda. But broad executive powers over our information infrastructure raises significant concerns with respect to core American values of free expression and due process. Worries about unfettered foreign access to data should be coupled with worries about unfettered executive control over our information services and technologies.
Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod
Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod
University of Miami Law Review
Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …
Comparing Gdpr Against The United States’ Approach To Data Breach Notification By Examining Texas And California And The Feasibility Of A Universal Standard, Amrit Nagi
Cybaris®
No abstract provided.
National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer
National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer
Faculty Publications
This Essay contends that data infrastructure, when implemented on a national scale, can transform the way we conceptualize artificial intelligence (AI) governance. AI governance is often viewed as necessary for a wide range of strategic goals, including national security. It is widely understood that allowing AI and generative AI to remain self-regulated by the U.S. AI industry poses significant national security risks. Data infrastructure and AI oversight can assist in multiple goals, including: maintaining data privacy and data integrity; increasing cybersecurity; and guarding against information warfare threats. This Essay concludes that conceptualizing data infrastructure as a form of critical infrastructure …
The Great Scrape: The Clash Between Scraping And Privacy, Daniel J. Solove, Woodrow Hartzog
The Great Scrape: The Clash Between Scraping And Privacy, Daniel J. Solove, Woodrow Hartzog
Faculty Scholarship
Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society.
Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, …
The Future Of China's U.S.-Listed Firms: Legal And Political Perspectives On Possible Decoupling, Rebecca Parry, Qingxiu Bu
The Future Of China's U.S.-Listed Firms: Legal And Political Perspectives On Possible Decoupling, Rebecca Parry, Qingxiu Bu
William & Mary Business Law Review
There is a long history of Chinese firms raising capital on leading U.S. exchanges. These shares have proved attractive and are estimated at $1 trillion value, in spite of deep mismatches between Chinese internal approaches to corporate governance and those taken under U.S. securities regulations. Chinese listings of nonstate firms, particularly in the technology sector, had depended on a largely laissez-faire initial approach to the expansion through foreign listings, including tolerance of the opaque Variable Interest Entity (VIE) structures adopted as a means to bypass Chinese restrictions on foreign ownership. Concerns regarding data security had, however, prevented compliance by Chinese …
Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis
Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis
Faculty Scholarship
The Federal Trade Commission—with its broad, independent grant of authority and statutory mandate to identify and prevent unfair and deceptive trade practices—is uniquely situated to prevent and remedy unfair and deceptive data privacy and data security practices. In an increasingly digitized world, data collection, processing, and transfer have become integral to market interactions. Our personal and commercial experiences are now mediated by powerful, information-intensive firms who hold the power to shape what consumers see, how they interact, which options are available to them, and how they make decisions. That power imbalance exposes consumers and leaves them all vulnerable. We all …
It Outsourcing And Global Sourcing: A Comparative Approach From The Indian, U.K. And German Legal Perspectives, Ulrich Baumer, Mark Webber
It Outsourcing And Global Sourcing: A Comparative Approach From The Indian, U.K. And German Legal Perspectives, Ulrich Baumer, Mark Webber
Indian Journal of Law and Technology
Businesses today have been able to take advantage of technology in order to use models such as offshoring in order to reduce their costs without a corresponding decline in quality. However, concerns such as data confidentiality and security issues have emphasised the need for businesses to take considerable care when dealing with crossborder transactions, especially since some knowledge of the needs of different jurisdictions is necessary. This article examines the outsourcing model in the context of the information technology industry and looks at the most important clauses and legal issues in such contracts in the light of Indian, English and …
Menstrual And Fertility Tracking Apps And The Post Roe V. Wade Era, Samantha T. Campanella
Menstrual And Fertility Tracking Apps And The Post Roe V. Wade Era, Samantha T. Campanella
Undergraduate Student Research Internships Conference
In the first section of the paper, I will place current conversations about data privacy within the broader context of restrictions that have been placed on reproductive rights by examining historical trajectories. Emphasis will be placed on the historical trajectory of how past policies and ideologies have worked against Roe v. Wade, and how this trajectory contributes to a decrease in access to abortions. In addition, recent news stories have documented the overturning of Roe v. Wade in several jurisdictions within the United States, which confirms the criminalization of abortion. In light of this, experts have raised awareness about the …
Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove
Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove
Shorter Faculty Works
In the classic comedy Groundhog Day, protagonist Phil, played by Bill Murray, asks “What would you do if you were stuck in one place and every day was exactly the same, and nothing that you did mattered?” In this movie, Phil is stuck reliving the same day over and over, where the events repeat in a continual loop, and nothing he does can stop them. Phil’s predicament sounds a lot like our cruel cycle with data breaches.
Every year, organizations suffer more data spills and attacks, with personal information being exposed and abused at alarming rates. While Phil …
The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes
The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes
Washington and Lee Law Review
Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.
One byproduct of the CCP’s emphasis on controlling …
Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo
Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo
Research Collection Yong Pung How School Of Law
In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …
Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa
Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa
The Scholar: St. Mary's Law Review on Race and Social Justice
Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …
Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove
Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove
Books
Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and …
The Failure Of Data Security Law, Daniel J. Solove, Woodrow Hartzog
The Failure Of Data Security Law, Daniel J. Solove, Woodrow Hartzog
GW Law Faculty Publications & Other Works
In this book chapter, we survey the law and policy of data security and analyze its strengths and weaknesses. Broadly speaking, there are three types of data security laws: (1) breach notification laws; (2) security safeguards laws that require substantive measures to protect security; and (3) private litigation under various causes of action. We argue that despite some small successes, the law is generally failing to combat the data security threats we face.
Breach notification laws merely require organizations to provide transparency about data breaches, but the laws don’t provide prevention or a cure. Security safeguards laws are often enforced …
Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog
Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog
GW Law Faculty Publications & Other Works
Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and …
An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz
An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz
GW Law Faculty Publications & Other Works
Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition, IAPP 2022) provides an overview of information privacy law circa 2022. The chapter summarizes the common themes in privacy laws and discusses the various types of laws (federal, constitutional, state, international). It contains a list and brief summary of the most significant U.S. federal privacy laws. The heart of the chapter is an historical timeline of major developments in the law of privacy and data security, including key cases, enactments of laws, major regulatory developments, influential publications, and other significant events. The chapter also contains a curated list of important treatises and …
Data Vu: Why Breaches Involve The Same Stories Again And Again, Daniel J. Solove
Data Vu: Why Breaches Involve The Same Stories Again And Again, Daniel J. Solove
GW Law Faculty Publications & Other Works
This short essay discusses why data security law fails to effectively combat data breaches, which continue to increase. With a few exceptions, current laws about data security do not look too far beyond the blast radius of the most data breaches. Only so much marginal benefit can be had by increasing fines to breached entities. Instead, the law should target a broader set of risky actors, such as producers of insecure software and ad networks that facilitate the distribution of malware. Organizations that have breaches almost always could have done better, but there’s only so much marginal benefit from beating …
Individuals As Gatekeepers Against Data Misuse, Ying Hu
Individuals As Gatekeepers Against Data Misuse, Ying Hu
Michigan Technology Law Review
This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.
As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …
“Smart” Lawyering: Integrating Technology Competence Into The Legal Practice Curriculum, Dyane L. O'Leary
“Smart” Lawyering: Integrating Technology Competence Into The Legal Practice Curriculum, Dyane L. O'Leary
The University of New Hampshire Law Review
Technology has changed modern law practice. Ethics rules obligate lawyers to understand whether, when, and how to use it to deliver services. But most law schools do not incorporate the so-called “Duty of Technology Competence” into the required curriculum. Despite broad calls for legal education to make students more practice-ready, there is no clear path forward for how to weave this valuable professional skill into coursework for all students. This Article supplies one.
The legal practice course should pair technology competence with traditional legal writing and research work. Lawyers do not draft memos or perform legal research or manage caseloads …
Smart Cities And Sustainability: A New Challenge To Accountability?, Iria Giuffrida
Smart Cities And Sustainability: A New Challenge To Accountability?, Iria Giuffrida
William & Mary Environmental Law and Policy Review
From 1800 to today, the global population has shifted from only three percent living in an urban environment to well over fifty percent in 2020. As a result of urbanization, cities around the world struggle to manage traffic and waste, efficiently distribute utilities, and lower pollution to slow the progression of global warming. Smart city technologies have emerged as a tool to process cities’ various forms of data collected through networks of precisely placed sensors and map solutions to many of the environmental and social issues created by urbanization. For swelling metropolitan areas in the United States, China, and Europe …
Protection Of Data In Armed Conflict, Robin Geiss, Henning Lahmann
Protection Of Data In Armed Conflict, Robin Geiss, Henning Lahmann
International Law Studies
This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international …
Hipaa-Phobia Hampers Efforts To Track And Contain Covid-19, Lee Hiromoto M.D., J.D.
Hipaa-Phobia Hampers Efforts To Track And Contain Covid-19, Lee Hiromoto M.D., J.D.
SLU Law Journal Online
The Health Insurance Portability and Accountability Act (HIPAA), enacted by the US Congress 1996, laudably protects medical privacy in healthcare settings. However, this federal law has created a culture of fear that limits current efforts to address the COVID-19 pandemic. Healthcare providers, who are covered by HIPAA, may be reluctant to disclose information about outbreak clusters for fear of violating the law. Healthcare organizations, who are also covered by the law, still rely on fax machines to avoid violating HIPAA’s data security requirements. And the scrupulous rule-following in healthcare has given independent life to a HIPAA boogeyman. Thus, officials who …
Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori
Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori
Michigan Technology Law Review
The debate on government access to encrypted data, popularly known as the “going dark” debate, has intensified over the years. On the one hand, law enforcement authorities have been pushing for mandatory exceptional access mechanisms on encryption systems in order to enable criminal investigations of both data in transit and at rest. On the other hand, both technical and industry experts argue that this solution compromises the security of encrypted systems and, thus, the privacy of their users. Some claim that other means of investigation could provide the information authorities seek without weakening encryption, with lawful hacking being one of …
Healthy Data Protection, Lothar Determann
Healthy Data Protection, Lothar Determann
Michigan Technology Law Review
Modern medicine is evolving at a tremendous speed. On a daily basis, we learn about new treatments, drugs, medical devices, and diagnoses. Both established technology companies and start-ups focus on health-related products and services in competition with traditional healthcare businesses. Telemedicine and electronic health records have the potential to improve the effectiveness of treatments significantly. Progress in the medical field depends above all on data, specifically health information. Physicians, researchers, and developers need health information to help patients by improving diagnoses, customizing treatments and finding new cures.
Yet law and policymakers are currently more focused on the fact that health …
Protecting The States From Electoral Invasions, Drew Marvel
Protecting The States From Electoral Invasions, Drew Marvel
William & Mary Bill of Rights Journal
Since the 2016 U.S. presidential election, the threat of foreign interference in U.S. elections has loomed large in the minds of the American public. During the 2016 campaign season, Russian government-backed hackers infiltrated the networks and computers of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and various campaign officials, harvesting private information and installing spyware and malware for ongoing intelligence purposes. U.S. intelligence officials have indicated that, using similar tactics, the Russian hackers also targeted election systems and officials in all fifty states, successfully breaching at least two of those states’ election systems, Illinois and Florida. …
Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco
Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco
Touro Law Review
No abstract provided.
A New Frontier Facing Attorneys And Paralegals: The Promise & Challenges Of Artificial Intelligence As Applied To Law & Legal Decision-Making, Marissa Moran
Publications and Research
Artificial Intelligence/AI invisibly navigates and informs our lives today and may also be used to determine a client’s legal fate. Through executive order, statements by a U.S. Supreme Court justice and a Congressional Commission on AI, all three branches of the United States government have addressed the use of AI to resolve societal and legal matters. Pursuant to the American Bar Association Model Rules of Professional Conduct[i] and New York Rules of Professional Conduct (NYRPC), [ii] the legal profession recognizes the need for competency in technology which requires both substantive knowledge of law and competent use of technology for …
Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran
Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran
University of Miami Law Review
Although the drafters of the Employee Retirement Income Security Act of 1974 (“ERISA”) likely could not have anticipated the data security issues of the twenty-first century, ERISA’s duty of prudence almost certainly requires employee benefit plan fiduciaries to protect sensitive participant data in at least some manner. This Article suggests the Department of Labor should issue a regulation clarifying fiduciaries’ data security obligations. Given that fiduciaries are in the best positions to recognize their plans’ individual security needs and capabilities, the regulation should not attempt to micromanage fiduciaries’ substantive data security policies; rather, it should focus on the procedures by …
A Skeptical View Of Information Fiduciaries, Lina M. Khan, David E. Pozen
A Skeptical View Of Information Fiduciaries, Lina M. Khan, David E. Pozen
Faculty Scholarship
The concept of “information fiduciaries” has surged to the forefront of debates on online-platform regulation. Developed by Professor Jack Balkin, the concept is meant to rebalance the relationship between ordinary individuals and the digital companies that accumulate, analyze, and sell their personal data for profit. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, and accountants vis-à-vis their patients and clients, Balkin argues, so too should it impose special duties on corporations such as Facebook, Google, and Twitter vis-à-vis their end users. Over the past several years, this argument has garnered remarkably broad support …