Privacy Law Commons^™

Privacy In The Age Of The Hacker: Balancing Global Privacy And Data Security Law, Cunningham, Mckay, Mckay Cunningham

McKay Cunningham

The twin goals of privacy and data security share a fascinating symbiotic relationship: too much of one undermines the other. The international regulatory climate, embodied principally by the European Union’s 1995 Directive, increasingly promotes privacy. In the last two decades, fifty-three countries enacted national legislation largely patterned after the E.U. Directive. These laws, by and large, protect privacy by restricting data processing and data transfers.

At the same time, hacking, malware, and other cyber-threats continue to grow in frequency and sophistication. In 2010, one security firm recorded 286 million variants of malware and reported that 232.4 million identities were exposed. …

Fourth Amendment Time Machines (And What They Might Say About Police Body Cameras), Stephen E. Henderson

Stephen E Henderson

Are They Worth Reading? An In-Depth Analysis Of Online Trackers’ Privacy Policies, Candice Hoke, Lorrie Faith Cranor, Pedro Giovanni Leon, Alyssa Au

Lorrie F Cranor

We analyzed the privacy policies of 75 online tracking companies with the goal of assessing whether they contain information relevant for users to make privacy decisions. We compared privacy policies from large companies, companies that are members of self-regulatory organizations, and nonmember companies and found that many of them are silent with regard to important consumer-relevant practices including the collection and use of sensitive information and linkage of tracking data with personally-identifiable information. We evaluated these policies against self-regulatory guidelines and found that many policies are not fully compliant. Furthermore, the overly general requirements established in those guidelines allow companies …

Welcome To The Machine: Privacy And Workplace Implications Of Predictive Analytics, Robert Sprague

Robert Sprague

Information Technology And The Law - Privacy, Ulf Maunsbach

Ulf Maunsbach

No abstract provided.

Katz On A Hot Tin Roof: The Reasonable Expectation Of Privacy Is Rudderless In The Digital Age Unless Congress Continually Resets The Privacy Bar, Charles E. Maclean

Charles E. MacLean

The Katz reasonable expectation of privacy doctrine has lasting relevance in the digital age, but that relevance must be carefully and clearly guided in great detail by Congressional and state legislative enactments continually resetting the privacy bar as technology advances. In that way, the Katz “reasonableness” requirements are actually set by the legislative branch, thereby precluding courts from applying inapposite analogies to phone booths, cigarette packs, and business records. Once legislation provides the new contours of digital privacy, those legislative contours become the new “reasonable.”

This article calls upon Congress, and to a lesser extent, state legislatures, to control that …

Self, Privacy, And Power: Is It All Over? (With R. Sloan), Richard Warner

Richard Warner

The realization of a multifaceted self is an ideal one strives to realize. One realizes such a self in large part through interaction with others in various social roles. Such realization requires a significant degree of informational privacy. Informational privacy is the ability to determine for yourself when others may collect and how they may use your information. The realization of multifaceted selves requires informational privacy in public. There is no contradiction here: informational privacy is a matter of control, and you can have such control in public. Current information processing practices greatly reduce privacy in public thereby threatening the …

European Union Data Privacy Law Developments, W. Gregory Voss

W. Gregory Voss

This article explores recent developments in European Union data privacy and data protection law, through an analysis of European Union advisory guidance, independent administrative agency enforcement action, case law, and legislative reform in the areas of digital technologies, the internet, telecommunications and personal data. In the first case, Article 29 Working Party guidance on anonymization techniques – so important in the field of big data – is discussed and distinguished from pseudonymization. Next, Google privacy policy enforcement action by various EU Member State data protection agencies (inter alia, France, Germany, Italy, the Netherlands and Spain) is chronicled, with lessons being …

Flawed Transparency: Shared Data Collection And Disclosure Challenges For Google Glass And Similar Technologies, Jonathan I. Ezor

Jonathan I. Ezor

Current privacy law and best practices assume that the party collecting the data is able to describe and disclose its practices to those from and about whom the data are collected. With emerging technologies such as Google Glass, the information being collected by the wearer may be automatically shared to one or more third parties whose use may be substantially different from that of the wearer. Often, the wearer may not even know what information is being uploaded, and how it may be used. This paper will analyze the current state of U.S. law and compliance regarding personal information collection …

Do-Not-Track As Default, Joshua A.T. Fairfield

Joshua A.T. Fairfield

Do-Not-Track is a developing online legal and technological standard that permits consumers to express their desire not to be tracked by online advertisers. Do-Not-Track has the ability to change the relationship between consumers and advertisers in the information market. Everything will depend on implementation. The most effective way to allow users to achieve their privacy preferences is to implement Do-Not-Track as a default feature. The World Wide Web Consortium’s (W3C) standard setting body for Do-Not-Track has, however, endorsed a corrosive standard in its Tracking Preferences Expression (TPE) draft. This standard requires consumers to set their privacy preference by hand. This …

Fighting Cybercrime After United States V. Jones, David C. Gray, Danielle Keats Citron, Liz Clark Rinehart

David C. Gray

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus …

Fighting Cybercrime After United States V. Jones, David C. Gray, Danielle Keats Citron, Liz Clark Rinehart

Danielle Keats Citron

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus …

Federal Search Commission? Access, Fairness, And Accountability In The Law Of Search, Oren Bracha, Frank Pasquale

Frank A. Pasquale

Should search engines be subject to the types of regulation now applied to personal data collectors, cable networks, or phone books? In this article, we make the case for some regulation of the ability of search engines to manipulate and structure their results. We demonstrate that the First Amendment, properly understood, does not prohibit such regulation. Nor will such interventions inevitably lead to the disclosure of important trade secrets. After setting forth normative foundations for evaluating search engine manipulation, we explain how neither market discipline nor technological advance is likely to stop it. Though savvy users and personalized search may …

Addressing The Harm Of Total Surveillance: A Reply To Professor Neil Richards, Danielle Citron, David Gray

David C. Gray

In his insightful article The Dangers of Surveillance, 126 HARV. L. REV. 1934 (2013), Neil Richards offers a framework for evaluating the implications of government surveillance programs that is centered on protecting "intellectual privacy." Although we share his interest in recognizing and protecting privacy as a condition of personal and intellectual development, we worry in this essay that, as an organizing principle for policy, "intellectual privacy" is too narrow and politically fraught. Drawing on other work, we therefore recommend that judges, legislators, and executives focus instead on limiting the potential of surveillance technologies to effect programs of broad and indiscriminate …

Addressing The Harm Of Total Surveillance: A Reply To Professor Neil Richards, Danielle Keats Citron, David C. Gray

Danielle Keats Citron

In his insightful article The Dangers of Surveillance, 126 HARV. L. REV. 1934 (2013), Neil Richards offers a framework for evaluating the implications of government surveillance programs that is centered on protecting "intellectual privacy." Although we share his interest in recognizing and protecting privacy as a condition of personal and intellectual development, we worry in this essay that, as an organizing principle for policy, "intellectual privacy" is too narrow and politically fraught. Drawing on other work, we therefore recommend that judges, legislators, and executives focus instead on limiting the potential of surveillance technologies to effect programs of broad and indiscriminate …

Survey Of Recent European Union Privacy Developments, W. Gregory Voss

W. Gregory Voss

The Spanish law implementing the European Union (EU) Data Protection Directive, advisory guidance on consent, facial recognition and biometric technologies from the European Union Article 29 Data Protection Working Party (WP29) , and proposals for EU data protection law reform are analyzed in this survey piece. EU legislative processes are illustrated by a specific occurence: Spanish Organic Law 15/1999 on the Protection of Personal Data is reviewed in the context of Court of Justice of the European Union (ECJ) joined cases, Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) v. Administración del Estado, and Federación de Comercio Electrónico y Marketing …

Expectations Of Privacy In Social Media, Stephen E. Henderson

Stephen E Henderson

This article, which largely tracks my remarks at Mississippi College’s Social Media Symposium, examines expectations of privacy in social media such as weblogs (blogs), Facebook pages, and Twitter tweets. Social media is diverse and ever-diversifying, and while I address some of that complexity, I focus on the core functionality, which provides the groundwork for further conversation as the technology and related social norms develop. As one would expect, just as with our offline communications and other online communications, in some we have an expectation of privacy that is recognized by current law, in some we have an expectation of privacy …

The Timely Demise Of The Fourth Amendment Third Party Doctrine, Stephen E. Henderson

Stephen E Henderson

In what may be a slightly premature obituary, in this response to a forthcoming paper by Matthew Tokson I argue that the Fourth Amendment third party doctrine "has at least taken ill, and it can be hoped it is an illness from which it will never recover." It is increasingly unpopular as a matter of state constitutional law, has long been assailed in scholarship but now thoughtful alternatives are percolating, and it cannot – or at least should not – withstand the pressures which technology and social norms are placing upon it. Even the Supreme Court seems loath to defend …

Preserving Identities: Protecting Personal Identifying Information Through Enhanced Privacy Policies And Laws, Robert Sprague, Corey Ciocchetti

Robert Sprague

This article explores the developing phenomenon of the ongoing collection and dissemination of personal identifying information (PII): first, explaining the nature and form of PII, including the consequences of its collection; second, exploring one of the greatest threats associated with data collection - unauthorized disclosure due to data breaches, including an overview of state and federal legislative reactions to the threats of data breaches and identity theft; third, discussing common law and constitutional privacy protections regarding the collection of personal information, revealing that United States privacy laws provide very little protection to individuals; and fourth, examining current practices by online …

Rethinking Information Privacy In An Age Of Online Transparency, Robert Sprague

Robert Sprague

No abstract provided.

From Taylorism To The Omnipticon: Expanding Employee Surveillance Beyond The Workplace, Robert Sprague

Robert Sprague

No abstract provided.