Consumer Protection Law Commons^™

“Can I Have It Non-Personalised?” An Empirical Investigation Of Consumer Willingness To Share Data For Personalized Services And Ads, Monika Leszczynska, Daria Baltag

Faculty Scholarship

European regulators, courts, and scholars are currently debating the legality of data processing for personalization purposes. Should businesses require separate consent for processing user data for personalized advertising, especially when offering free services reliant on such ads for revenue? Or is general consent for the contract enough, given personalized advertising’s role in fulfilling contractual obligations? This study investigates whether these legal distinctions reflect differences in people’s willingness to share data with businesses for personalization. Are consumers less willing to share their data for personalized advertising than for personalized services that they clearly contracted for? Does that change if the service …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

The Surprising Virtues Of Data Loyalty, Neil M. Richards, Woodrow Hartzog

Scholarship@WashULaw

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Personal Data Privacy And Protective Federal Legislation: An Exploration Of Constituent Position On The Need For Legislation To Control Data Reliant Organizations Collecting And Monetizing Internet-Obtained Personal Data, Giovanni De Meo

Dissertations

In the past twenty years, the business of online personal data collection has grown at the same rapid pace as the internet itself, fostering a multibillion-dollar personal data collection and commercialization industry. Unlike many other large industries, there has been no major federal legislation enacted to monitor or control the activities of organizations dealing in this flourishing industry. The combination of these factors together with the lack of prior research encouraged this research designed to understand how much voters know about this topic and whether there is interest in seeing legislation enacted to protect individual personal data privacy.

To address …

Regulating Data Breaches: A Data Superfund Statute, Kyle Mckibbin

Vanderbilt Journal of Entertainment & Technology Law

Collecting and processing large amounts of personal data has become a fundamental feature of the modern economy. Personal data, combined with good data analytics, are valuable to businesses as they can provide highly detailed information about individual preferences and behaviors. This data collection can also be valuable to the consumer as it generates innovative products and digital platforms. The era of big data promises great rewards, but it is not without its costs. Data breaches, or the release of personal data into unwanted hands, are pervasive and increasingly massive in scale. Despite the personal privacy harm caused by data breaches, …

Consumer Bitcredit And Fintech Lending, Christopher K. Odinet

Faculty Scholarship

The digital economy is changing everything, including how we borrow money. In the wake of the 2008 crisis, banks pulled back in their lending and, as a result, many consumers and small businesses found themselves unable to access credit. A wave of online firms called fintech lenders have filled the space left vacant by traditional financial institutions. These platforms are fast making antiques out of many mainstream lending practices, such as long paper applications and face-to-face meetings. Instead, through underwriting by automation — utilizing big data (including social media data) and machine learning — loan processing that once took days …

Yershov V. Gannett: Rethinking The Vppa In The 21st Century, Ariel A. Pardee

Maine Law Review

Almost anyone with a smartphone can recall a time when an online advertisement followed them from webpage to webpage, or mobile browser to mobile application, or even jumped from a mobile device to a desktop web browser. While some people see it as a harmless—or even helpful—quirk of the online world, others find it creepy and intrusive. In the absence of significant government regulation of online advertising practices, particularly aggrieved individuals have sought relief in the courts by alleging violations of ill-fitting statutes drafted decades ago. This note explores just such a case, Yershov v. Gannett, in which the First …

Trusting Big Data Research, Neil M. Richards, Woodrow Hartzog

Scholarship@WashULaw

Although it might puzzle or even infuriate data scientists, suspicion about big data is understandable. The concept doesn’t seem promising to most people. It seems scary. This is partly because big data research is shrouded in mystery. People are unsure about organizations’ motives and methods. What do companies think they know about us? Are they keeping their insights safe from hackers? Are they selling their insights to unscrupulous parties? Most importantly, do organizations use our personal information against us? Big data research will only overcome its suspicious reputation when people can trust it.

Some scholars and commentators have proposed review …

Paying For Privacy And The Personal Data Economy, Stacy-Ann Elvy

Articles & Chapters

Growing demands for privacy and increases in the quantity and variety of consumer data have engendered various business offerings to allow companies, and in some instances consumers, to capitalize on these developments. One such example is the emerging “personal data economy” (PDE) in which companies, such as Datacoup, purchase data directly from individuals. At the opposite end of the spectrum, the “pay-for-privacy” (PFP) model requires consumers to pay an additional fee to prevent their data from being collected and mined for advertising purposes. This Article conducts a simultaneous in-depth exploration of the impact of burgeoning PDE and PFP models. It …

The Sixth Pillar Of Anti-Money Laundering Compliance: Balancing Effective Enforcement With Financial Privacy, Maria A. De Dios

Brooklyn Journal of Corporate, Financial & Commercial Law

The U.S. government has responded to the increase of financial crimes, including money laundering and terrorist financing, by requiring that financial institutions implement anti-money laundering compliance programs within their institutions. Most recently, the Financial Crimes Enforcement Network exercised its regulatory powers, as authorized by the Treasury Department, by proposing regulations that now explicitly add customer due diligence to the preexisting anti-money laundering regime. The policy behind the government’s legislative and regulatory measures is clear—financial institutions must ensure that they are protected from and not aiding in the illegal efforts of criminals. The complexity and insidiousness of these financial crimes makes …

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

When The Default Is No Penalty: Negotiating Privacy At The Ntia, Margot E. Kaminski

Publications

Consumer privacy protection is largely within the purview of the Federal Trade Commission. In recent years, however, the National Telecommunications and Information Administration (NTIA) at the Department of Commerce has hosted multistakeholder negotiations on consumer privacy issues. The NTIA process has addressed mobile apps, facial recognition, and most recently, drones. It is meant to serve as a venue for industry self-regulation. Drawing on the literature on co-regulation and on penalty defaults, I suggest that the NTIA process struggles to successfully extract industry expertise and participation against a dearth of federal data privacy law and enforcement. This problem is most exacerbated …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Regulating The Internet Of Things: First Steps Toward Managing Discrimination, Privacy, Security, And Consent, Scott R. Peppet

Publications

The consumer "Internet of Things" is suddenly reality, not science fiction. Electronic sensors are now ubiquitous in our smartphones, cars, homes, electric systems, health-care devices, fitness monitors, and workplaces. These connected, sensor-based devices create new types and unprecedented quantities of detailed, high-quality information about our everyday actions, habits, personalities, and preferences. Much of this undoubtedly increases social welfare. For example, insurers can price automobile coverage more accurately by using sensors to measure exactly how you drive (e.g., Progressive 's Snapshot system), which should theoretically lower the overall cost of insurance. But the Internet of Things raises new and difficult questions …

Watching The Watchers, Neil M. Richards

Scholarship@WashULaw

In this essay from Wired Magazine (UK)'s special edition, The Wired World in 2014, Prof. Richards argues that sousveillance–watching the watchers–is an important development that will be on the rise in 2014.

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

Flawed Transparency: Shared Data Collection And Disclosure Challenges For Google Glass And Similar Technologies, Jonathan I. Ezor

Jonathan I. Ezor

Current privacy law and best practices assume that the party collecting the data is able to describe and disclose its practices to those from and about whom the data are collected. With emerging technologies such as Google Glass, the information being collected by the wearer may be automatically shared to one or more third parties whose use may be substantially different from that of the wearer. Often, the wearer may not even know what information is being uploaded, and how it may be used. This paper will analyze the current state of U.S. law and compliance regarding personal information collection …

Privacy, Transparency & Google's Blurred Glass, Jonathan I. Ezor

Jonathan I. Ezor

No matter the context or jurisdiction, one concept underlies every view of the best practices in data privacy: transparency. The mandate to disclose what personal information is collected, how it is used, and with whom and for what purpose it is shared, is essential to enable informed consent to the collection, along with the other user rights that constitute privacy best practices. Google, which claims to support and offer transparency, is increasingly opaque about its many products and services and the information they collect for it, posing a significant privacy concern.

Three Paradoxes Of Big Data, Neil M. Richards, Jonathan H. King

Scholarship@WashULaw

Big data is all the rage. Its proponents tout the use of sophisticated analytics to mine large data sets for insight as the solution to many of our society’s problems. These big data evangelists insist that data-driven decision making can now give us better predictions in areas ranging from college admissions to dating to hiring to medicine to national security and crime prevention. But much of the rhetoric of big data contains no meaningful analysis of its potential perils, only the promise. We don’t deny that big data holds substantial potential for the future, and that large dataset analysis has …

The Perils Of Social Reading, Neil M. Richards

Scholarship@WashULaw

Our law currently treats records of our reading habits under two contradictory rules: rules mandating confidentiality and rules permitting disclosure. Recently, the rise of the social Internet has created more of these records and more pressures on when and how they should be shared. Companies like Facebook, in collaboration with many newspapers, have ushered in the era of “social reading,” in which what we read may be “frictionlessly shared” with our friends and acquaintances. Disclosure and sharing are on the rise.

This Article sounds a cautionary note about social reading and frictionless sharing. Social reading might have some appeal, but …

After Privacy: The Rise Of Facebook, The Fall Of Wikileaks, And Singapore’S Personal Data Protection Act 2012, Simon Chesterman

Simon Chesterman

This article discusses the changing ways in which information is produced, stored, and shared — exemplified by the rise of social-networking sites like Facebook and controversies over the activities of WikiLeaks — and the implications for privacy and data protection. Legal protections of privacy have always been reactive, but the coherence of any legal regime has also been undermined by the lack of a strong theory of what privacy is. There is more promise in the narrower field of data protection. Singapore, which does not recognise a right to privacy, has positioned itself as an e-commerce hub but had no …

Implementación De Políticas Corporativas Sobre Internet Y Redes Sociales En México, Rodolfo C. Rivas Rea Esq.

Rodolfo C. Rivas

The author analyzes and describes the necessary elements of a successful social media and Internet corporate policy; through citing common pitfalls and learning lessons from different jurisdictions across the world. The author then offers general guidelines on policies for Mexican enterprises under Mexican legislation.///////////////////////////////////////////////////////////////////////////////////////El autor analiza y describe los elementos necesarios de una política corporativa sobre internet y redes sociales exitosa, citando los errores más comunes y aprendiendo lecciones de las legislaciones de distintos países.

Information Revolution: “Choice Of Control” To “Choice And Control”, Subhajit Basu, Christina Munns

Subhajit Basu

Please do not cite without permission of the authors.

In this article, we critically analyse whether the ‘privacy framework’ for health records is ‘fit-for-purpose’ for the NHS’s ‘information revolution’ and argue that the NHS’s ‘proxy-individual’ information-guardian role could inadvertently mask individuals’ intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. We suggest that moving ‘choice of control’ to individuals will render ‘privacy’ redundant whilst validating ‘confidentiality’ via consent from empowered individuals. This power shift would expose the overdue need for options to increase levels of individual ‘control/privacy,’ moving from the NHS’s paternal ‘proxy-individual’ conception …

Cybercrime, Ronald C. Griffin

Journal Publications

This essay recounts campaigns against privacy; the fortifications erected against them; and hi-jinx attributable to hackers, crackers, and miscreants under the Fair Credit Reporting Act.

Privacy & The Personal Prospectus: Should We Introduce Privacy Agents Or Regulate Privacy Intermediaries, Scott R. Peppet

Publications

No abstract provided.

Personal Data Protection In The Era Of Cloud Computing. New Challenges For European Regulators., Panagiotis Kitsos, Paraskevi Pappas

Panagiotis Kitsos

It is widely aknowledged that we are entering in an era of revolutionary changes in the field of Information and Communication Technologies . The spread of broadband internet connections has led internet to function not only as a communications network but also as a platform for new computing applications. The most recent application is the so called "cloud computing", which permits the running of software applications or the storage of data to be performed at remote servers which are connected to our computers through the Internet. Examples of these applications are the web-based email services, online computer back up, data …

Coding Privacy, Lilian Edwards

Chicago-Kent Law Review

Lawrence Lessig famously and usefully argues that cyberspace is regulated not just by law but also by norms, markets and architecture or "code." His insightful work might also lead the unwary to conclude, however, that code is inherently anti-privacy, and thus that an increasingly digital world must therefore also be increasingly devoid of privacy. This paper argues briefly that since technology is a neutral tool, code can be designed as much to fight for privacy as against it, and that what matters now is to look at what incentivizes the creation of pro- rather than anti-privacy code in the mainstream …