Privacy Law Commons^™

The Post-Dobbs Reality: Privacy Expectations For Period-Tracking Apps In Criminal Abortion Prosecutions, Sophie L. Nelson

Pepperdine Law Review

The Supreme Court’s decision to overturn Roe v. Wade and Planned Parenthood v. Casey in June 2022 was met with waves of both support and criticism throughout the United States. Several states immediately implemented or began drafting trigger laws that criminalize seeking and providing an abortion. These laws prompted several period-tracking app companies to encrypt their users’ data to make it more difficult for the government to access period- and pregnancy-related information for criminal investigations. This Comment explores whether the Fourth Amendment and U.S. privacy statutes protect users of period-tracking apps from government surveillance. More specifically, this Comment argues that …

Personal Data And Vaccination Hesitancy: Covid-19’S Lessons For Public Health Federalism, Charles D. Curran

Catholic University Law Review

During the COVID-19 vaccination campaign, the federal government adopted a more centralized approach to the collection of public health data. Although the states previously had controlled the storage of vaccination information, the federal government’s Operation Warp Speed plan required the reporting of recipients’ personal information on the grounds that it was needed to monitor the safety of novel vaccines and ensure correct administration of their multi-dose regimens.

Over the course of the pandemic response, this more centralized federal approach to data collection added a new dimension to pre-existing vaccination hesitancy. Requirements that recipients furnish individual information deterred vaccination among undocumented …

Content Moderation And The Least Cost Avoider, Paul Rosenzweig

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Privacy Nicks: How The Law Normalizes Surveillance, Woodrow Hartzog, Evan Selinger, Johanna Gunawan

Faculty Scholarship

Privacy law is failing to protect individuals from being watched and exposed, despite stronger surveillance and data protection rules. The problem is that our rules look to social norms to set thresholds for privacy violations, but people can get used to being observed. In this article, we argue that by ignoring de minimis privacy encroachments, the law is complicit in normalizing surveillance. Privacy law helps acclimate people to being watched by ignoring smaller, more frequent, and more mundane privacy diminutions. We call these reductions “privacy nicks,” like the proverbial “thousand cuts” that lead to death.

Privacy nicks come from the …

The Automated Fourth Amendment, Maneka Sinha

Faculty Scholarship

Courts routinely defer to police officer judgments in reasonable suspicion and probable cause determinations. Increasingly, though, police officers outsource these threshold judgments to new forms of technology that purport to predict and detect crime and identify those responsible. These policing technologies automate core police determinations about whether crime is occurring and who is responsible. Criminal procedure doctrine has failed to insist on some level of scrutiny of—or skepticism about—the reliability of this technology. Through an original study analyzing numerous state and federal court opinions, this Article exposes the implications of law enforcement’s reliance on these practices given the weighty interests …

Constructing Ai Speech, Margot E. Kaminski, Meg Leta Jones

Publications

Artificial Intelligence (AI) systems such as ChatGPT can now produce convincingly human speech, at scale. It is tempting to ask whether such AI-generated content “disrupts” the law. That, we claim, is the wrong question. It characterizes the law as inherently reactive, rather than proactive, and fails to reveal how what may look like “disruption” in one area of the law is business as usual in another. We challenge the prevailing notion that technology inherently disrupts law, proposing instead that law and technology co-construct each other in a dynamic interplay reflective of societal priorities and political power. This Essay instead deploys …

A How-To Guide For When Your Favorite Meme Account Is Defamed: Involuntary Public Figures In Defamation, Privacy, And Intentional Infliction Of Emotional Distress Law, Elizabeth Mcmullen

Catholic University Journal of Law and Technology

The world we live in today has changed infinitely since the inception of our Constitution and early legal doctrine. Our Founding Fathers could never have predicted that we would one day live in a world where anyone living in any corner of the globe could garner millions of followers. Whether someone finds him or herself to be particularly proficient in writing Harry Potter fan fiction or to be the best creator of memes with an American Girl Doll focus, ordinary citizens could find themselves suddenly jolted out of quiet anonymity by one unexpectedly viral post. Despite years of Instagram micro-fame, …

Our Changing Reality: The Metaverse And The Importance Of Privacy Regulations In The United States, Anushkay Raza

Global Business Law Review

This Note discusses the legal and pressing digital challenges that arise in connection with the growing use of virtual reality, and more specifically, the metaverse. As this digital realm becomes more integrated into our daily lives, the United States should look towards creating a federal privacy law that protects fundamental individual privacy rights. This Note argues that congress should emulate the European Union's privacy regulations, and further, balances the potential consequences and benefits of adapting European regulations within the United Sates. Finally, this Note provides drafting considerations of future lawyers who will not only be dealing with the rise of …

Direct To Consumer Or Direct To All: Home Dna Tests And Lack Of Privacy Regulations In The United States, Karen J. Kukla

IP Theory

Although the U.S. has some measures of privacy protection for genetic data, the lack of a comprehensive approach to protecting direct-to-consumer genetic testing results in privacy violations for both consumers and their relatives. This essay explores the critical need for the U.S. government to address these privacy violations and argues that the U.S. should approach the problem and strategize a solution similar to the European Union’s (EU) General Data Protection Regulation (GDPR). Part I identifies current United States law, both federal and state regulations that address DTC-GT and genetic privacy. Part II examines the lack of regulation surrounding current DTC-GT …

A Trusted Framework For Cross-Border Data Flows, Alex Joel

Joint PIJIP/TLS Research Paper Series

The German Marshall Fund of the United States (GMF), in cooperation with the Tech, Law and Security Program (TLS) of the American University Washington College of Law, and with support from Microsoft, convened a Global Taskforce to Promote Trusted Sharing of Data comprising experts from civil society, academia, and industry to submit proposals for harmonizing approaches to global data use and sharing. Former US Ambassador to the Organisation for Economic Co-operation and Development (OECD) and GMF Distinguished Fellow Karen Kornbluh and Microsoft Chief Privacy Officer and Corporate Vice President Julie Brill co-chaired the taskforce; TLS Senior Project Director Alex Joel …

Encouraging Public Access To Pharmaceuticals Through Modified Protection Of Clinical Trial Data, Scott M. Nolan Ii

IP Theory

Part I of this Article investigates the development of pharmaceuticals and clinical trial data with a focus on patent and data protection. Part II evaluates the effects of protection and the challenges it poses to widespread public pharmaceutical access. Part III discusses two scholarly approaches to the public access issue that focus on clinical data protection and their associated challenges. In light of these scholarly works, Part IV suggests a new approach to clinical trial data protection that aims to improve public pharmaceutical access while maintaining the incentives to invent for drug developers.

Femtechnodystopia, Leah R. Fowler, Michael Ulrich

Faculty Scholarship

Reproductive rights, as we have long understood them, are dead. But at the same time history seems to be moving backward, technology moves relentlessly forward. Femtech products, a category of consumer technology addressing an array of “female” health needs, seem poised to fill gaps created by states and stakeholders eager to limit birth control and abortion access and increase pregnancy surveillance and fetal rights. Period and fertility tracking applications could supplement or replace other contraception. Early digital alerts to missed periods can improve the chances of obtaining a legal abortion in states with ever-shrinking windows of availability or prompt behavioral …

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

Necessity, Proportionality, And Executive Order 14086, Alex Joel

Joint PIJIP/TLS Research Paper Series

No abstract provided.

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

Technology Integration In Higher Education And Student Privacy Beyond Learning Environments -- A Comparison Of The Uk And Us Perspective, Iria Giuffrida, Alex Hall

Faculty Publications

Technology integration in higher education (HE) has brought immense innovation. While research is investigating the benefits of leveraging, through learning analytics, the data created by the greater presence of technology in HE, it is also analysing the privacy implications of vast universes of data now at the fingertips of HE administrators. This paper argues that student privacy challenges linked to technology integration occur not only within but also beyond learning environments, namely at the enterprise level. By analysing the UK and US legal frameworks surrounding how HE institutions respond to parents demanding disclosure of their adult children's personal data in …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

One Size Does Not Fit All: How The California Privacy Rights Act Will Not Improve Employee Data Collection And Privacy Rights, Kayla N. Bushey

Catholic University Journal of Law and Technology

No abstract provided.

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Flattening The Curve While Protecting Our Right To Privacy: How The United States Can Implement The Digital Contract Tracing Efforts Used In East Asia, Evan Morris

Global Business Law Review

This paper looks at the digital contact tracing efforts implemented by other nations and assesses how similar measures could operate under enacted and proposed United States laws. Part I overviews the history of contact tracing and its effectiveness in prior disease outbreaks. Part II delves into the digital contact tracing efforts implemented by South Korea and Singapore. These summaries include: the digital contact tracing efforts taken, the laws that authorize these efforts, the public’s reception, and the overall effectiveness of the efforts. Part III overviews the digital contact tracing efforts in the United States, including proposed legislation aimed at user …

Privacy Frameworks For Smart Cities, Lindsey Tonsager, Jayne Ponder

Journal of Law and Mobility

This paper identifies some of the core privacy considerations raised by smart cities – government surveillance and data security in Part I. Then, Part II proposes a set of core principles for smart cities to consider in the development and deployment of smart cities to address privacy concerns. These principles include: (A) human-centric approaches to smart cities design and implementation, (B) transparency for city residents, (C) privacy by design, (D) anonymization and deidentification, (E) data minimization and purpose specification, (F) trusted data sharing, and (G) cybersecurity resilience.

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Persistent Surveillance, Andrew Guthrie Ferguson

Articles in Law Reviews & Other Academic Journals

Persistent surveillance technologies grant police vast new investigative capabilities. The technologies both monitor targeted areas and generate databases of searchable information about people, places, and patterns that can be connected and accessed for criminal prosecutions.

In the face of this growing police surveillance, courts have struggled to make sense of a fragmented Fourth Amendment doctrine. The Supreme Court has offered some clues that “digital may be different” when it comes to surveillance, but lower courts have been left struggling to apply old law to new technologies. Warrantless use of persistent surveillance technologies raises hard questions about when a “search” occurs …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Submission To The Province Of Nova Scotia On Its Review Of The Intimate Images And Cyber-Protection Act - Leaf, Suzie Dunn, Rosel Kim

Reports & Public Policy Documents

The Women’s Legal Education and Action Fund (LEAF) commends the Nova Scotia government for reviewing its Intimate Images and Cyber-protection Act (the Act) and seeking public input for this review. Nova Scotia has been, and continues to be, a leader in Canada for its role in advancing innovative laws and supports for people targeted by technology-facilitated violence (TFV), digital abuse, and the non-consensual distribution of intimate images (NCDII). As these forms of harmful behaviour evolve and become better understood, it is important to revisit this legislation to assess whether it is providing meaningful and accessible responses to such serious social …

Understanding Chilling Effects, Jonathon Penney

Articles, Book Chapters, & Popular Press

With digital surveillance and censorship on the rise, the amount of data available online unprecedented, and corporate and governmental actors increasingly employing emerging technologies like artificial intelligence (AI), machine learning, and facial recognition technology (FRT) for surveillance and data analytics, concerns about “chilling effects”, that is, the capacity for these activities “chill” or deter people from exercising their rights and freedoms have taken on greater urgency and importance. Yet, there remains a clear dearth in systematic theoretical and empirical work point. This has left significant gaps in understanding. This article has attempted to fill that void, synthesizing theoretical and empirical …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …