Internet Law Commons^™

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Responding To Deficiencies In The Architecture Of Privacy: Co-Regulation As The Path Forward For Data Protection On Social Networking Sites, Laurent Cre ́Peau

Canadian Journal of Law and Technology

Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

The Shaky Ground Of The Right To Be Delisted, Miquel Peguera

Miquel Peguera

It has long been discussed whether individuals should have a “right to be forgotten” online to suppress old information that could seriously interfere with their privacy and data protection rights. In the landmark case of Google Spain v AEPD, the Court of Justice of the European Union addressed the particular question of whether, under EU Data Protection Law, individuals have a right to have links delisted from the list of search results, in searches made on the basis of their name. It found that they do have this right – which can be best described as a “right to be …

In The Middle: Creating A Middle Road Between U.S. And Eu Data Protection Policies, Carolyn Hoang

Journal of the National Association of Administrative Law Judiciary

The first section of this paper examines the historical differences that have led to the American approach to privacy and the European approach to privacy. The second section will examine the current U.S. model, and the third section will examine the EU model. Next, the fourth section will compare and contrast the two models. Finally, the last section will argue that the U.S. should have a regulatory agency and describe how that should look and run.

After Privacy: The Rise Of Facebook, The Fall Of Wikileaks, And Singapore’S Personal Data Protection Act 2012, Simon Chesterman

Simon Chesterman

This article discusses the changing ways in which information is produced, stored, and shared — exemplified by the rise of social-networking sites like Facebook and controversies over the activities of WikiLeaks — and the implications for privacy and data protection. Legal protections of privacy have always been reactive, but the coherence of any legal regime has also been undermined by the lack of a strong theory of what privacy is. There is more promise in the narrower field of data protection. Singapore, which does not recognise a right to privacy, has positioned itself as an e-commerce hub but had no …

Social Networking: A Conceptual Analysis Of A Data Controller, Rebecca Wong

Dr Rebecca Wong

This article updates a working party looking at the definition of a "data controller" under the Data Protection Directive 95/46/EC within the context of a social networking environment. In brief, the article considers twhether the phenomenom of social networking (through Facebook (FB), MySpace and Bebo) has produced unintended consequences in the interpretation and application of the Data Protection Directive 95/46/EC to the online environment. The Data Protection Directive 95/46/EC defines a "data controller" broadly to refer to the 'natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means …

Ip Addresses And Personal Data: K.U. V Finland, Karen Mccullagh

Karen McCullagh

Classifying IP addresses as personal data could have serious implications for search engines and many other electronic businesses, in particular, the personalised advertising business model of the Internet. Recent court decisions have not clarified the position, so businesses that log IP addresses should proceed with caution.

What Is 'Private' Data?, Karen Mccullagh

Karen McCullagh

The development of a frontier-free Internal Market and of the so-called 'information society' have resulted in an increase in the flow of personal data between EU Member States. To remove potential obstacles to such transfers data protection legislation was introduced. One of the underpinning principles of Directive 95/46/EC is the protection of privacy. Yet, the legislation does not provide a conclusive understanding of the terms ‘privacy’ or ‘private’ data. Rather, privacy protection is to be achieved through the regulation of the conditions under which personal data may be processed. An assessment of whether, 10 years after the enactment of the …

Personal Medical Information: Privacy Or Personal Data Protection?, Wilhelm Peekhaus

Canadian Journal of Law and Technology

Some of the existing literature concerning the privacy of health information seems to suggest that medical information has a particularly special nature; either through its oft-cited association with dignity or the need for its ‘‘unobstructed’’ use by health care practitioners for a variety of reasons. It is against such a backdrop that this paper will review and compare a number of legislative mechanisms that have been designed to meet the challenge of safeguarding the privacy of personal information without completely hindering the continued flow of information required by economic and health care systems. An attempt will be made to situate …

'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes

Michigan Telecommunications & Technology Law Review

The notion of software code replacing legal code as a mechanism to control human behavior--"code as law"--is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of "code as law" on privacy. To what extent is privacy-related "code" being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it …

The Changing Face Of Privacy Protection In The European Union And The United States, Fred H. Cate

Articles by Maurer Faculty

Among the wide variety of national and multinational legal regimes for protecting privacy, two dominant models have emerged, reflecting two very different approaches to the control of information. The European Union has enacted a sweeping data protection directive that imposes significant restrictions on most data collection, processing, dissemination, and storage activities, not only within Europe, but throughout the world if the data originates in a member state. The United States has taken a very different approach that extensively regulates government processing of data, while facilitating private, market-based initiatives to address private sector data processing.

Under the EU data protection directive, …