Privacy Law Commons^™

The Trade Origins Of Privacy Law, Anupam Chander

Georgetown Law Faculty Publications and Other Works

The desire for trade propelled the growth of data privacy law across the world. Countries with strong privacy laws sought to ensure that their citizens’ privacy would not be compromised when their data traveled to other countries. Even before this vaunted Brussels Effect pushed privacy law across the world through the enticement of trade with the European Union, Brussels had to erect privacy law within the Union itself. And as the Union itself expanded, privacy law was a critical condition for accession.

But this coupling of privacy and trade leaves a puzzle: how did the U.S. avoid a comprehensive privacy …

Unavoidability In U.S. Privacy Law, Laura M. Moy

Georgetown Law Faculty Publications and Other Works

Why is U.S. privacy law structured the way it is, with a series of sectoral laws rather than a cross-sectoral law or laws? Why does U.S. privacy law protect information shared in certain contexts—such as information shared with an attorney, a healthcare provider, or a financial provider—rather than particular types of information? One possibility is that sectoral laws apply to contexts in which people typically share highly “sensitive” information containing intimate secrets or with the potential to harm them financially or psychologically.

But this Article argues that there is something else at play—that in fact, an under-discussed and underappreciated factor …

Direct To Consumer Or Direct To All: Home Dna Tests And Lack Of Privacy Regulations In The United States, Karen J. Kukla

IP Theory

Although the U.S. has some measures of privacy protection for genetic data, the lack of a comprehensive approach to protecting direct-to-consumer genetic testing results in privacy violations for both consumers and their relatives. This essay explores the critical need for the U.S. government to address these privacy violations and argues that the U.S. should approach the problem and strategize a solution similar to the European Union’s (EU) General Data Protection Regulation (GDPR). Part I identifies current United States law, both federal and state regulations that address DTC-GT and genetic privacy. Part II examines the lack of regulation surrounding current DTC-GT …

Encouraging Public Access To Pharmaceuticals Through Modified Protection Of Clinical Trial Data, Scott M. Nolan Ii

IP Theory

Part I of this Article investigates the development of pharmaceuticals and clinical trial data with a focus on patent and data protection. Part II evaluates the effects of protection and the challenges it poses to widespread public pharmaceutical access. Part III discusses two scholarly approaches to the public access issue that focus on clinical data protection and their associated challenges. In light of these scholarly works, Part IV suggests a new approach to clinical trial data protection that aims to improve public pharmaceutical access while maintaining the incentives to invent for drug developers.

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

Confused About Copyright?, Sara Anne Hook

Graduate Scholarship and Professional Work

No abstract provided.

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

The Data Trust Solution To Data Sharing Problems, Kimberly A. Houser, John W. Bagby

Vanderbilt Journal of Entertainment & Technology Law

A small number of large companies hold most of the world’s data. Once in the hands of these companies, data subjects have little control over the use and sharing of their data. Additionally, this data is not generally available to small and medium enterprises or organizations who seek to use it for social good. A number of solutions have been proposed to limit Big Tech “power,” including antitrust actions and stricter privacy laws, but these measures are not likely to address both the oversharing and under-sharing of personal data. Although the data trust concept is being actively explored in the …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

Securing Patent Law, Charles Duan

Articles in Law Reviews & Other Academic Journals

A vigorous conversation about intellectual property rights and national security has largely focused on the defense role of those rights, as tools for responding to acts of foreign infringement. But intellectual property, and patents in particular, also play an arguably more important offense role. Foreign competitor nations can obtain and assert U.S. patents against U.S. firms and creators. Use of patents as an offense strategy can be strategically coordinated to stymie domestic innovation and technological progress. This Essay considers current and possible future practices of patent exploitation in this offense setting, with a particular focus on China given the nature …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Data Privacy, Human Rights, And Algorithmic Opacity, Sylvia Lu

Fellow, Adjunct, Lecturer, and Research Scholar Works

Decades ago, it was difficult to imagine a reality in which artificial intelligence (AI) could penetrate every corner of our lives to monitor our innermost selves for commercial interests. Within just a few decades, the private sector has seen a wild proliferation of AI systems, many of which are more powerful and penetrating than anticipated. In many cases, AI systems have become “the power behind the throne,” tracking user activities and making fateful decisions through predictive analysis of personal information. Despite the growing power of AI, proprietary algorithmic systems can be technically complex, legally claimed as trade secrets, and managerially …

Navigating The Identity Thicket: Trademark's Lost Theory Of Personality, The Right Of Publicity, And Preemption, Jennifer E. Rothman

All Faculty Scholarship

Both trademark and unfair competition laws and state right of publicity laws protect against unauthorized uses of a person’s identity. Increasingly, however, these rights are working at odds with one another, and can point in different directions with regard to who controls a person’s name, likeness, and broader indicia of identity. This creates what I call an "identity thicket" of overlapping and conflicting rights over a person’s identity. Current jurisprudence provides little to no guidance on the most basic questions surrounding this thicket, such as what right to use a person’s identity, if any, flows from the transfer of marks …

Privacy Vs. Transparency: Handling Protected Materials In Agency Rulemaking, Christopher S. Yoo, Kellen Mccoy

Indiana Law Journal

Agencies conducting informal rulemaking proceedings increasingly confront conflicting duties with respect to protected materials included in information submitted in public rulemaking dockets. They must reconcile the broad commitment to openness and transparency reflected in federal law with the duty to protect confidential business information (CBI) and personally identifiable information (PII) against improper disclosure.

This Article presents an analysis of how agencies can best balance these often countervailing considerations. Part I explores the statutory duties to disclose and withhold information submitted in public rulemaking dockets placed on agencies. It also examines judicial decisions and other legal interpretations regarding the proper way …

Legal Opacity: Artificial Intelligence’S Sticky Wicket, Charlotte A. Tschider

Faculty Publications & Other Works

Proponents of artificial intelligence (“AI”) transparency have carefully illustrated the many ways in which transparency may be beneficial to prevent safety and unfairness issues, to promote innovation, and to effectively provide recovery or support due process in lawsuits. However, impediments to transparency goals, described as opacity, or the “black-box” nature of AI, present significant issues for promoting these goals.

An undertheorized perspective on opacity is legal opacity, where competitive, and often discretionary legal choices, coupled with regulatory barriers create opacity. Although legal opacity does not specifically affect AI only, the combination of technical opacity in AI systems with legal opacity …

Data As The New Oil: A Slippery Slope Of Trade Secret Implications Greased By The California Consumer Privacy Act, Megan Marie Miller

Cybaris®

Following the European model of the General Data Protection Regulation (GDPR), the state of California implemented the California Consumer Privacy Act (CCPA) on January 1, 2020. The CCPA allows any California consumer to demand to see all of the information that a company has saved on them; consumers can also request a full list of all the third parties that their data is shared with, sold to, and for what commercial purpose. This paper reviews the implications of a new law on the disclosure of trade secrets like client lists and algorithms that manipulate consumers’ data. Ultimately, the issue comes …

Can Pipeda ‘Face’ The Challenge? An Analysis Of The Adequacy Of Canada’S Private Sector Privacy Legislation Against Facial Recognition Technology, Tunca Bolca

Canadian Journal of Law and Technology

Facial recognition technology is one of the most intrusive and privacy threatening technologies available today. The literature around this technology mainly focuses on its use by the public sector as a mass surveillance tool; however, the private sector uses of facial recognition technologies also raise significant privacy concerns. This paper aims to identify and examine the privacy implications of the private sector uses of facial recognition technologies and the adequacy of Canada’s federal private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), in addressing these privacy concerns. Facial templates produced and recorded by these technologies are …

The Data Market: A Proposal To Control Data About You, David Shaw, Daniel W. Engels

SMU Data Science Review

The current legal and economic infrastructure facilitating data collection practices and data analysis has led to extreme over-collection of data and the overall loss of personal privacy. Data over-collection has led to a secondary market for consumer data that is invisible to the consumer and results in a person's data being distributed far beyond their knowledge or control. In this paper, we propose a Data Market framework and design for personal data management and privacy protection in which the individual controls and profits from the dissemination of their data. Our proposed Data Market uses a market-based approach utilizing blockchain distributed …

Automation In Moderation, Hannah Bloch-Wehba

Faculty Scholarship

This Article assesses recent efforts to encourage online platforms to use automated means to prevent the dissemination of unlawful online content before it is ever seen or distributed. As lawmakers in Europe and around the world closely scrutinize platforms’ “content moderation” practices, automation and artificial intelligence appear increasingly attractive options for ridding the Internet of many kinds of harmful online content, including defamation, copyright infringement, and terrorist speech. Proponents of these initiatives suggest that requiring platforms to screen user content using automation will promote healthier online discourse and will aid efforts to limit Big Tech’s power.

In fact, however, the …

Privative Copyright, Shyamkrishna Balganesh

All Faculty Scholarship

“Privative” copyright claims are infringement actions brought by authors for the unauthorized public dissemination of works that are private, unpublished, and revelatory of the author’s personal identity. Driven by considerations of authorial autonomy, dignity, and personality rather than monetary value, these claims are almost as old as Anglo-American copyright law itself. Yet modern thinking has attempted to undermine their place within copyright law and sought to move them into the domain of privacy law. This Article challenges the dominant view and argues that privative copyright claims form a legitimate part of the copyright landscape. It shows how privative copyright claims …

Data Scams, Roger Allan Ford

Law Faculty Scholarship

Targeting platforms like Google and Facebook are usually seen as presenting tradeoffs between utility and privacy. This Article identifies and describes a different, non-privacy cost of targeting platforms: they make it easier for malicious actors to scam others. They do this by making it easier for scammers to reach the most promising victims, hide from law-enforcement authorities and others, and develop better scams. Technology offers potential solutions, since the same data and targeting tools that enable scams could help detect and prevent them, though neither platforms nor law-enforcement officials have both the incentives and expertise needed to develop and deploy …

The Department Of Justice Versus Apple Inc. -- The Great Encryption Debate Between Privacy And National Security, Julia P. Eckart

Catholic University Journal of Law and Technology

This article is an attempt to objectively examine and assess legal arguments made by Apple Inc. (Apple) and the Department of Justice (DOJ) concerning the DOJ’s use of the All Writs Act[1] (AWA) to require Apple to provide technical assistance to the DOJ so that it could access the encrypted data from the locked iPhone of Syed Rizwan Farook, commonly referred to as the San Bernardino shooter. The DOJ’s initial ex parte application focused on meeting the requirements of United States v. New York Telephone Co.[2] concluding the court order was authorized and appropriate. Apple not only argued …

Privacy In Gaming, N. Cameron Russell, Joel R. Reidenberg, Sumyung Moon

Fordham Intellectual Property, Media and Entertainment Law Journal

Video game platforms and business models are increasingly built on collection, use, and sharing of personal information for purposes of both functionality and revenue. This paper examines privacy issues and explores data practices, technical specifications, and policy statements of the most popular games and gaming platforms to provide an overview of the current privacy legal landscape for mobile gaming, console gaming, and virtual reality devices. The research observes how modern gaming aligns with information privacy notions and norms and how data practices and technologies specific to gaming may affect users and, in particular, child gamers.

After objectively selecting and analyzing …

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …

The Future Of Facial Recognition Is Not Fully Known: Developing Privacy And Security Regulatory Mechanisms For Facial Recognition In The Retail Sector, Elias Wright

Fordham Intellectual Property, Media and Entertainment Law Journal

In recent years, advances in facial recognition technology have resulted in a rapid expansion in the prevalence of private sector biometric technologies. Facial recognition, while providing new potentials for safety and security and personalized marketing by retailers implicates complicated questions about the nature of consumer privacy and surveillance where a “collection imperative” incentivize corporate actors to accumulate increasingly massive reservoirs of consumer data. However, the law has not yet fully developed to address the unique risks to consumers through the use of this technology. This Note examines existing regulatory mechanisms, finding that consumer sensitivities and the opaque nature of the …

Intellectual Property’S Lessons For Information Privacy, Mark Bartholomew

Mark Bartholomew

There is an inherent tension between an individual’s desire to safeguard her personal information and the expressive rights of businesses seeking to communicate that information to others. This tension has multiplied as consumers generate and businesses collect more and more personal data online, forcing efforts to strike an appropriate balance between privacy and commercial speech. No consensus on this balance has been reached. Some privacy scholars bemoan what they see as a slanted playing field in favor of those wishing to profit from the private details of other people’s lives. Others contend that the right in free expression must always …

Targeted Advertising And The First Amendment: Student Privacy Vs. Protected Speech, Marco Crocetti

Catholic University Journal of Law and Technology

No abstract provided.

The Privacy, Probability, And Political Pitfalls Of Universal Dna Collection, Meghan J. Ryan

SMU Science and Technology Law Review

Watson and Crick’s discovery of the structure of DNA (deoxyribonucleic acid) in 1953 launched a truth-finding mission not only in science but also in the law. Just thirty years later–after the science had evolved–DNA evidence was being introduced in criminal courts. Today, DNA evidence is heavily relied on in criminal and related cases. It is routinely introduced in murder and rape cases as evidence of guilt; DNA databases have grown as even arrestees have been required to surrender DNA samples; and this evidence has been used to exonerate hundreds of convicted individuals. DNA evidence is generally revered as the “gold …

Copyright To The Rescue: Should Copyright Protect Privacy?, Deidre Keller

Journal Publications

While some courts have held that “[i]t is universally recognized . . . that the protection of privacy is not the function of our copyright law,” the remedies afforded copyright owners make pursuing copyright claims an attractive option to privacy plaintiffs. Copyright remedies include the removal of digital copies from the internet and the destruction of physical copies. The extent to which copyright ought to protect privacy interests has been considered in various jurisdictions recently but has not been treated comprehensively by contemporary legal scholars in the United States. This piece seeks to undertake that treatment.

Part II of this …

Trust: A Model For Disclosure In Patent Law, Ari Ezra Waldman

Articles & Chapters

How to draw the line between public and private is a foundational, first-principles question of privacy law, but the answer has implications for intellectual property, as well. This project is the first in a series of papers about first-person disclosures of information in the privacy and intellectual property law contexts, and it defines the boundary between public and non-public information through the lens of social science — namely, principles of trust.

Patent law’s “public use” bar confronts the question of whether legal protection should extend to information previously disclosed to a small group of people. I present evidence that shows …