Internet Law Commons^™

Comparing Gdpr Against The United States’ Approach To Data Breach Notification By Examining Texas And California And The Feasibility Of A Universal Standard, Amrit Nagi

Cybaris®

No abstract provided.

Collective Data Rights And Their Possible Abuse, Asaf Lubin

Articles by Maurer Faculty

No abstract provided.

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

The Right To Privacy And Data Protection In Times Of Armed Conflict, Asaf Lubin, Russell Buchan

Books & Book Chapters by Maurer Faculty

Contemporary warfare yields a profound impact on the rights to privacy and data protection. Technological advances in the fields of electronic surveillance, predictive algorithms, big data analytics, user-generated evidence, artificial intelligence, cloud storage, facial recognition, and cryptography are redefining the scope, nature, and contours of military operations. Yet, international humanitarian law offers very few, if any, lex specialis rules for the lawful processing, analysis, dissemination, and retention of personal information. This edited anthology offers a pioneering account of the current and potential future application of digital rights in armed conflict.

In Part I Mary Ellen O’Connell, Tal Mimran and Yuval …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Responding To Deficiencies In The Architecture Of Privacy: Co-Regulation As The Path Forward For Data Protection On Social Networking Sites, Laurent Cre ́Peau

Canadian Journal of Law and Technology

Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

Regulatory Approaches To Consumer Protection In The Financial Sector And Beyond: Toward A Smart Disclosure Regime?, Nydia Remolina, Aurelio Gurrea-Martinez, Yvonne Ai-Chi Loh, David R. Hardoon

Centre for AI & Data Governance

Traditionally, consumer and data protection policies evolved from issues of consent and information disclosure. The purpose of these regulatory approaches is the protection of consumers by reducing some contracting failures, such as asymmetries of information and a lower bargaining power, especially in transactions involving complex issues such as financial products and sensitive personal data. In the past, regulators have responded to privacy and consumer protection by adopting what this paper refers to as an “imperfectly informed regime”, in which consumers do not receive full information about the risks associated with their decisions, even if they are still protected through a …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Open Banking: Regulatory Challenges For A New Form Of Financial Intermediation In A Data-Driven World, Nydia Remolina

Centre for AI & Data Governance

Data has taken immense importance in the last years. Consider the amount of data that is being collected worldwide every day, industries are reshaping their activities into a data-driven business. The digital transformation of all industries, portent of the fourth industrial revolution, is creating a new kind of economy based on the datafication of almost any aspect of human social, political and economic activity as a result of the information generated by the numerous daily routines of digitally connected individuals and technology. The financial services industry is part of this trend. Embracing the digital revolution and creating the right foundations …

Digital Colonialism: The 21st Century Scramble For Africa Through The Extraction And Control Of User Data And The Limitations Of Data Protection Laws, Danielle Coleman

Michigan Journal of Race and Law

As Western technology companies increasingly rely on user data globally, extensive data protection laws and regulations emerged to ensure ethical use of that data. These same protections, however, do not exist uniformly in the resource-rich, infrastructure-poor African countries, where Western tech seeks to establish its presence. These conditions provide an ideal landscape for digital colonialism.

Digital colonialism refers to a modern-day “Scramble for Africa” where largescale tech companies extract, analyze, and own user data for profit and market influence with nominal benefit to the data source. Under the guise of altruism, large scale tech companies can use their power and …

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

The Safe Harbor Solution: Is It An Effective Mechanism For International Data Transfers Between The United States And The European Union, Alexander Zinser

Oklahoma Journal of Law and Technology

No abstract provided.

Reshaping Ability Grouping Through Big Data, Yoni H. Carmel, Tammy H. Ben-Shahar

Vanderbilt Journal of Entertainment & Technology Law

This Article examines whether incorporating data mining technologies in education can promote equality. Following many other spheres in life, big data technologies that include creating, collecting, and analyzing vast amounts of data about individuals are increasingly being used in schools. This process has already elicited widespread interest among scholars, parents, and the public at large. However, this attention has largely focused on aspects of student privacy and data protection and has overlooked the profound effects data mining may have on educational equality. This Article analyzes the effects of data mining on education equality by focusing on one educational practice--ability grouping--that …

Protecting One's Own Privacy In A Big Data Economy, Anita L. Allen

All Faculty Scholarship

Big Data is the vast quantities of information amenable to large-scale collection, storage, and analysis. Using such data, companies and researchers can deploy complex algorithms and artificial intelligence technologies to reveal otherwise unascertained patterns, links, behaviors, trends, identities, and practical knowledge. The information that comprises Big Data arises from government and business practices, consumer transactions, and the digital applications sometimes referred to as the “Internet of Things.” Individuals invisibly contribute to Big Data whenever they live digital lifestyles or otherwise participate in the digital economy, such as when they shop with a credit card, get treated at a hospital, apply …

The Shaky Ground Of The Right To Be Delisted, Miquel Peguera

Vanderbilt Journal of Entertainment & Technology Law

It has long been discussed whether individuals should have a "right to be forgotten" online to suppress old information that could seriously interfere with their privacy and data protection rights. In the landmark case of Google Spain v. Agencia Espafiola de Proteccion de Datos, the Court of Justice of the European Union (CJEU) addressed the particular question of whether, under EU Data Protection Law, individuals have a right to have links delisted from the list of search results in searches made on the basis of their name. It found that they do have this right--which can be best described as …

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

The Shaky Ground Of The Right To Be Delisted, Miquel Peguera

Miquel Peguera

It has long been discussed whether individuals should have a “right to be forgotten” online to suppress old information that could seriously interfere with their privacy and data protection rights. In the landmark case of Google Spain v AEPD, the Court of Justice of the European Union addressed the particular question of whether, under EU Data Protection Law, individuals have a right to have links delisted from the list of search results, in searches made on the basis of their name. It found that they do have this right – which can be best described as a “right to be …

Is There Anybody Out There? Analyzing The Regulation Of Children’S Privacy Online In The United States Of America And The European Union According To The Tbgi Analytical Framework By Eberlein Et Al, Nachshon Goltz

Transnational Business Governance Interactions Working Papers

This article analyzes the regulation of children’s privacy online, especially in the context of personal information collection as a commodity, in the United States of America (USA) and the European Union (EU) according to the Transnational Business Governance Interactions analytical framework proposed by Eberlein et al. This article reviews the regulatory structure of the field in these two jurisdictions, including global organizations, according to Elberlein et al components and questions. In the analysis, a map of the regulatory interactions within this global realm will be presented and discussed. Analysis of the influence of each interacting party and the degree of …

A Methodological Proposal For A National Survey Of Data Protection In E-Government In Mexico, Teresa M. G. Da Cunha Lopes

Teresa M. G. Da Cunha Lopes

The present research paper is an attempt to study the aspects related to e-government and data protection in Mexico, and at the same time, in view of the lack of empirical data presents a methodological proposal for the urgent implementation of a national survey. We focus in the protection of personal data used by public administrators to provide public services.

European Union Data Privacy Law Developments, W. Gregory Voss

W. Gregory Voss

This article explores recent developments in European Union data privacy and data protection law, through an analysis of European Union advisory guidance, independent administrative agency enforcement action, case law, and legislative reform in the areas of digital technologies, the internet, telecommunications and personal data. In the first case, Article 29 Working Party guidance on anonymization techniques – so important in the field of big data – is discussed and distinguished from pseudonymization. Next, Google privacy policy enforcement action by various EU Member State data protection agencies (inter alia, France, Germany, Italy, the Netherlands and Spain) is chronicled, with lessons being …

In The Middle: Creating A Middle Road Between U.S. And Eu Data Protection Policies, Carolyn Hoang

Journal of the National Association of Administrative Law Judiciary

The first section of this paper examines the historical differences that have led to the American approach to privacy and the European approach to privacy. The second section will examine the current U.S. model, and the third section will examine the EU model. Next, the fourth section will compare and contrast the two models. Finally, the last section will argue that the U.S. should have a regulatory agency and describe how that should look and run.

After Privacy: The Rise Of Facebook, The Fall Of Wikileaks, And Singapore’S Personal Data Protection Act 2012, Simon Chesterman

Simon Chesterman

This article discusses the changing ways in which information is produced, stored, and shared — exemplified by the rise of social-networking sites like Facebook and controversies over the activities of WikiLeaks — and the implications for privacy and data protection. Legal protections of privacy have always been reactive, but the coherence of any legal regime has also been undermined by the lack of a strong theory of what privacy is. There is more promise in the narrower field of data protection. Singapore, which does not recognise a right to privacy, has positioned itself as an e-commerce hub but had no …

Survey Of Recent European Union Privacy Developments, W. Gregory Voss

W. Gregory Voss

The Spanish law implementing the European Union (EU) Data Protection Directive, advisory guidance on consent, facial recognition and biometric technologies from the European Union Article 29 Data Protection Working Party (WP29) , and proposals for EU data protection law reform are analyzed in this survey piece. EU legislative processes are illustrated by a specific occurence: Spanish Organic Law 15/1999 on the Protection of Personal Data is reviewed in the context of Court of Justice of the European Union (ECJ) joined cases, Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) v. Administración del Estado, and Federación de Comercio Electrónico y Marketing …

Service-Oriented Foreign Direct Investment: Legal And Policy Frameworks Protecting Digital Assets In Offshoring Information Technology (It) - Enabled Services, Tilahun Mishago

Theses and Dissertations

This thesis examines challenges caused by global cyberspace, which continues to undermine the ability of regulatory instruments aimed at cyber security and deterring cybercrime so that digital assets including those associated with Foreign Direct Investment (FDI) are protected. Progress in information and communication technology (ICT) has brought about both challenges and opportunities for mankind. While ICT has enabled seamless communication on cyberspace, it has also made every phenomenon, positive or negative on cyberspace possible. The good side of ICT is the endless opportunities provided to harness multiple features and capabilities of associated technologies while its side effect being the enormous …

Laws Relating To Data Protection In India, Mubashshir Sarshar

Mubashshir Sarshar

No abstract provided.

Social Networking: A Conceptual Analysis Of A Data Controller, Rebecca Wong

Dr Rebecca Wong

This article updates a working party looking at the definition of a "data controller" under the Data Protection Directive 95/46/EC within the context of a social networking environment. In brief, the article considers twhether the phenomenom of social networking (through Facebook (FB), MySpace and Bebo) has produced unintended consequences in the interpretation and application of the Data Protection Directive 95/46/EC to the online environment. The Data Protection Directive 95/46/EC defines a "data controller" broadly to refer to the 'natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means …