Privacy Law Commons^™

Unavoidability In U.S. Privacy Law, Laura M. Moy

Georgetown Law Faculty Publications and Other Works

Why is U.S. privacy law structured the way it is, with a series of sectoral laws rather than a cross-sectoral law or laws? Why does U.S. privacy law protect information shared in certain contexts—such as information shared with an attorney, a healthcare provider, or a financial provider—rather than particular types of information? One possibility is that sectoral laws apply to contexts in which people typically share highly “sensitive” information containing intimate secrets or with the potential to harm them financially or psychologically.

But this Article argues that there is something else at play—that in fact, an under-discussed and underappreciated factor …

The United States Should Take A Page Out Of Canadian Law When It Comes To Privacy, Genetic And Otherwise, Ashley Rahaim

University of Miami Inter-American Law Review

Genetic information is intimate and telling data warranting privacy in public and private realms. The privacy protections offered in the United States and Canada vastly differ when it comes to genetic privacy. Search and seizure law mirrors the privacy gap in the countries, as well as their treatment of DNA database information.

This note explores the foreshadowing of the creation of genetic privacy laws and their varying levels of protection based on the way private information was treated by state actors through search and seizure caselaw, the creation of legal precedent, and the treatment of intimate personal data in the …

Perlindungan Atas Privasi Konsumen Dalam Layanan Reservasi Tiket Online Dari Pt. Kereta Api Indonesia, Aprilia Susanti

"Dharmasisya” Jurnal Program Magister Hukum FHUI

The significant increase in online activities cannot be separated from the many active internet users who use mobile internet connections to carry out their daily activities, one of which is for the convenience of making ticket reservations at PT. Indonesian Railways (KAI). The purpose of this research is to find out the study of the business law of protecting consumer privacy in the online ticketing service of PT. KAI. Data collection was carried out by means of a literature study of the relationship between laws and regulations in consumer protection and the position of PT. KAI as business actors and …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

I Spy With My Little--Gps Tracking Device: Why Georgia Should Look To The United Kingdom's Domestic Violence Laws To Deter Innovative Abuses Of Technology, Tyerus Skala

Georgia Journal of International & Comparative Law

No abstract provided.

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Personal Data Privacy And Protective Federal Legislation: An Exploration Of Constituent Position On The Need For Legislation To Control Data Reliant Organizations Collecting And Monetizing Internet-Obtained Personal Data, Giovanni De Meo

Dissertations

In the past twenty years, the business of online personal data collection has grown at the same rapid pace as the internet itself, fostering a multibillion-dollar personal data collection and commercialization industry. Unlike many other large industries, there has been no major federal legislation enacted to monitor or control the activities of organizations dealing in this flourishing industry. The combination of these factors together with the lack of prior research encouraged this research designed to understand how much voters know about this topic and whether there is interest in seeing legislation enacted to protect individual personal data privacy.

To address …

Cloudy With A Chance Of Government Intrusion: The Third-Party Doctrine In The 21st Century, Steven Arango

Catholic University Law Review

Technology may be created by humans, but we are dependent on it. Look around you: what technology is near you as you read this abstract? An iPhone? A laptop? Perhaps even an Amazon Echo. What do all these devices have in common? They store data in the cloud. And this data can contain some of our most sensitive information, such as business records or medical documents.

Even if you manage this cloud storage account, the government may be able to search your data without a warrant. Federal law provides little protection for cloud stored data. And the Fourth Amendment may …

Regulating Facial Recognition Technology In An Effort To Avoid A Minority Report Like Surveillance State, Halie B. Peacher

Marquette Intellectual Property & Innovation Law Review

In Steven Spielberg's science fiction film Minority Report, the film focuses on how technology is used in the future, as well as how society uses and understands that technology. Specifically, Minority Report focuses on eye-scanners that allow the police and corporations to track down and identify people on a daily basis. This movie identifies that there is a clear line that must be drawn between an individual's right to privacy and the law enforcement agency's ability to ensure safety. Like the technology in Minority Report, the use of facial recognition technology has led to much debate, mainly focused on privacy …

Cyber-Security, Privacy, And The Covid-19 Attenuation?, Vincent J. Samar

Journal of Legislation

Large-scale data brokers collect massive amounts of highly personal consumer information to be sold to whoever will pay their price, even at the expense of sacrificing individual privacy and autonomy in the process. In this Article, I will show how a proper understanding and justification for a right to privacy, in context to both protecting private acts and safeguarding information and states of affairs for the performance of such acts, provides a necessary background framework for imposing legal restrictions on such collections. This problem, which has already gained some attention in literature, now becomes even more worrisome, as government itself …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

"You Have The Data"...The Writ Of Habeas Data And Other Data Protection Rights: Is The United States Falling Behind?, Sarah L. Lode

Indiana Law Journal

In Part I of this Note, I will discuss the writ of habeas data that has been developed primarily, but not exclusively, in Latin American countries. I will discuss the intricacies of the writ, how it evolved, and how it is applied today. Using Argentina as an example, I will discuss how the writ would be used by an Argentine citizen to protect her personal data. Part II summarizes the previously employed data protection scheme in the European Union, the Data Protection Directive (“the Directive”), and will also discuss the new EU data protection regulation, the General Data Protection Regulation …

Privacy And Legal Automation: The Dmca As A Case Study, Jonathon Penney

Articles, Book Chapters, & Popular Press

Advances in artificial intelligence, machine learning, computing capacity, and big data analytics are creating exciting new possibilities for legal automation. At the same time, these changes pose serious risks for civil liberties and other societal interests. Yet, existing scholarship is narrow, leaving uncertainty on a range of issues, including a glaring lack of systematic empirical work as to how legal automation may impact people’s privacy and freedom. This article addresses this gap with an original empirical analysis of the Digital Millennium Copyright Act (DMCA), which today sits at the forefront of algorithmic law due to its automated enforcement of copyright …

Tactful Inattention: Erving Goffman, Privacy In The Digital Age, And The Virtue Of Averting One's Eyes, Elizabeth De Armond

St. John's Law Review

(Excerpt)

This Article suggests that we would benefit if we would protect privacy by sometimes requiring tactful inattention by potential users rather than total secrecy by the target. That is, some legal privacy protections should stop emphasizing secrecy and instead emphasize the appropriate uses of personally identifiable and often sensitive information by gelling tactful inattention into legal standards. Culturally, such an expansion may be difficult, as we tend to a “finders-keepers” attitude towards data. However, given technology’s ability to dissolve routine barriers, if we require others to leave some information out of some equations, we may be able to retain …

Revenge Porn, Thomas Lonardo, Tricia P. Martland, Rhode Island Bar Journal

Life of the Law School (1993- )

No abstract provided.

Automating Threat Sharing: How Companies Can Best Ensure Liability Protection When Sharing Cyber Threat Information With Other Companies Or Organizations, Ari Schwartz, Sejal C. Shah, Matthew H. Mackenzie, Sheena Thomas, Tara Sugiyama Potashnik, Bri Law

University of Michigan Journal of Law Reform

This Article takes an in-depth look at the evolution of cybersecurity information sharing legislation, leading to the recent passage of the Cybersecurity Information Sharing Act (CISA) and offers insights into how automated information sharing mechanisms and associated requirements implemented pursuant to CISA can be leveraged to help ensure liability protections when engaging in cyber threat information sharing with and amongst other non-federal government entities.

Internet Surveillance, Regulation, And Chilling Effects Online: A Comparative Case Study, Jonathon Penney

Articles, Book Chapters, & Popular Press

With internet regulation and censorship on the rise, states increasingly engaging in online surveillance, and state cyber-policing capabilities rapidly evolving globally, concerns about regulatory “chilling effects” online — the idea that laws, regulations, or state surveillance can deter people from exercising their freedoms or engaging in legal activities on the internet have taken on greater urgency and public importance. But just as notions of “chilling effects” are not new, neither is skepticism about their legal, theoretical, and empirical basis; in fact, the concept remains largely un-interrogated with significant gaps in understanding, particularly with respect to chilling effects online. This work …

Testimony On Unmanned Aircraft Systems Rules And Regulations, Stephen E. Henderson

Stephen E Henderson

Video-Streaming Records And The Video Privacy Protection Act: Broadening The Scope Of Personally Identifiable Information To Include Unique Device Identifiers Disclosed With Video Titles, Gregory M. Huffman

Chicago-Kent Law Review

The Video Privacy Protection Act (“VPPA”) prohibits video tape service providers from disclosing their consumers’ video rental or sale records. Although the VPPA was originally enacted to regulate disclosures by brick-and-mortar video rental stores, litigators have more recently used the VPPA as a vehicle to regulate disclosures by online video content providers.

The application of the VPPA to video streaming via web browsers and mobile devices raises new questions of statutory interpretation. One key question is whether the scope of the VPPA is broad enough to cover a disclosure of a unique device identifier of a user’s device, rather than …

Protecting Personal Information: Achieving A Balance Between User Privacy And Behavioral Targeting, Patrick Myers

University of Michigan Journal of Law Reform

Websites and mobile applications provide immeasurable benefits to both users and companies. These services often collect vast amounts of personal information from the individuals that use them, including sensitive details such as Social Security numbers, credit card information, and physical location. Personal data collection and dissemination leave users vulnerable to various threats that arise from the invasion of their privacy, particularly because users are often ignorant of the existence or extent of these practices. Current privacy law does not provide users with adequate protection from the risks attendant to the collection and dissemination of their personal information. This Note advocates …

The Need For An International Convention On Data Privacy: Taking A Cue From The Cisg, Morgan Corley

Brooklyn Journal of International Law

In light of the invalidation of the U.S.-EU Safe Harbor, along with the increase in sales of personal data as a commodity, data privacy has become a major concern amongst different nations. The lack of harmonization of data-privacy laws around the world continues to pose obstacles to the free flow of data across national borders. The free flow of data is, nonetheless, essential the international economy. As a result, nations continue to work together to try to create mechanisms by which data can be transferred across borders in a secure manner. This Note examines the current state of data-privacy law …

The Right To Digital Privacy: Advancing The Jeffersonian Vision Of Adaptive Change, Kerry Moller

CMC Senior Theses

The relationship between privacy, technology, and law is complex. Thomas Jefferson’s prescient nineteenth century observation that laws and institutions must keep pace with the times offers a vision for change. Statutory law and court precedents help to define our right to privacy, however, the development of new technologies has complicated the application of old precedents and statutes. Third party organizations, such as Google, facilitate new methods of communication, and the government can often collect the information that third parties receive with a subpoena or court order, rather than a Fourth Amendment-mandated warrant. Privacy promotes fundamental democratic freedoms, however, under current …

The Politics Of Privacy In The Criminal Justice System: Information Disclosure, The Fourth Amendment, And Statutory Law Enforcement Exemptions, Erin Murphy

Michigan Law Review

When criminal justice scholars think of privacy, they think of the Fourth Amendment. But lately its domain has become far less absolute. The United States Code currently contains over twenty separate statutes that restrict both the acquisition and release of covered information. Largely enacted in the latter part of the twentieth century, these statutes address matters vital to modern existence. They control police access to driver's licenses, educational records, health histories, telephone calls, email messages, and even video rentals. They conform to no common template, but rather enlist a variety of procedural tools to serve as safeguards - ranging from …

Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru

Michigan Law Review

Adoption of Wi-Fi wireless technology continues to see explosive growth. However many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications. This Note examines the Federal Wiretap Act and argues that the current Act's treatment of …

Gina's Genotypes, David H. Kaye

Michigan Law Review First Impressions

In August 2009, the Board of Trustees of the University of Akron added to the university's employment policy the following proviso: "any applicant may be asked to submit fingerprints or DNA sample for purpose of a federal criminal background check." Although the federal government does not do background checks with DNA, the policy is significant because it highlights a largely unexplored feature of the Genetic Information Nondiscrimination Act of 2008 ("GINA"). Hailed by the late Senator Edward Kennedy as "the first civil rights bill of the new century of life sciences," GINA generally prohibits employers from asking for "genetic information." …

Who's Minding The Shop? The Role Of Canadian Research Ethics Boards In The Creation And Uses Of Registries And Biobanks, Elaine Gibson, Kevin Brazil, Michael Coughlin, Claudia Emerson, François Fournier, Lisa Schwartz, Karen Szala-Meneok, Karen Weisbaum, Donald Willison

Articles, Book Chapters, & Popular Press

Background: The amount of research utilizing health information has increased dramatically over the last ten years. Many institutions have extensive biobank holdings collected over a number of years for clinical and teaching purposes, but are uncertain as to the proper circumstances in which to permit research uses of these samples. Research Ethics Boards (REBs) in Canada and elsewhere in the world are grappling with these issues, but lack clear guidance regarding their role in the creation of and access to registries and biobanks.

Methods: Chairs of 34 REBS and/or REB Administrators affiliated with Faculties of Medicine in Canadian universities were …

Confidentiality Of Educational Records And Child Protective Proceedings, Frank E. Vandervort

Book Chapters

The Federal Family Education Rights and Privacy Act (FERPA), which provides funding for state educational programming, requires that student records be disclosed to a nonparent only with the written consent of the child’s parent, unless the disclosure falls within one of the several exceptions detailed in the statute. One of the exemptions provided for in the federal law permits a school to disclose information to “state or local officials or authorities to whom [that] information is allowed to be reported or disclosed pursuant to state statute,” if that official certifies in writing “that the information will not be disclosed to …

Protecting The Lady From Toledo: Post-Usa Patriot Act Electronic Surveillance At The Library, Susan Nevelow Mart

Publications

Library patrons are worried about the government looking over their shoulder while they read and surf the Internet. Because of the broad provisions of the USA PATRIOT Act, the lack of judicial and legislative oversight, the potential for content overcollection, and the ease with which applications for pen register, section 215 orders, or national security letters can be obtained, these fears cannot be dismissed.

The Need For Revisions To The Law Of Wiretapping And Interception Of Email, Robert A. Pikowsky

Michigan Telecommunications & Technology Law Review

I argue that a person's privacy interest in his email is the same as his privacy interest in a telephone conversation. Moreover, the privacy interest in email remains unchanged regardless of whether it is intercepted in transmission or covertly accessed from the recipient's mailbox. If one accepts this assumption, it follows that the level of protection against surveillance by law enforcement officers should be the same[...] As technology continues to blur the distinction between wire and electronic communication, it becomes apparent that a new methodology must be developed in order to provide logical and consistent protection to private communications. The …