Privacy Law Commons^™

Big Data, Big Gap: Working Towards A Hipaa Framework That Covers Big Data, Ryan Mueller

Indiana Law Journal

One lasting impact of the Health Insurance Portability and Accountability Act (HIPAA) is the privacy protections it provides for our sensitive health information. In the era of Big Data, however, much of our health information exists outside the traditional doctor-patient dynamic. From wearable technology, to mobile applications, to social media and internet browsing, Big Data organizations collect swaths of data that shed light on sensitive health information. Big Data organizations largely fall outside of HIPAA’s current framework because of the stringent requirements for when the HIPAA protections apply, namely that the data must be held by a covered entity, and …

Flattening The Curve While Protecting Our Right To Privacy: How The United States Can Implement The Digital Contract Tracing Efforts Used In East Asia, Evan Morris

Global Business Law Review

This paper looks at the digital contact tracing efforts implemented by other nations and assesses how similar measures could operate under enacted and proposed United States laws. Part I overviews the history of contact tracing and its effectiveness in prior disease outbreaks. Part II delves into the digital contact tracing efforts implemented by South Korea and Singapore. These summaries include: the digital contact tracing efforts taken, the laws that authorize these efforts, the public’s reception, and the overall effectiveness of the efforts. Part III overviews the digital contact tracing efforts in the United States, including proposed legislation aimed at user …

The Case For A Liberal Communitarian Jurisprudence, Amitai Etzioni

Journal of the National Association of Administrative Law Judiciary

This article seeks to show that courts face difficulties without a principled, constitutional anchoring for the conception of the common good. Courts could divine the common good from the penumbra of the Fourth Amendment in the same way the Supreme Court created a right to privacy. In addition to creating a “common good” constitutional principle, the judicial branch should establish criteria to determine when this principle should take precedence over individual rights expressly preserved in the Constitution.

Big Data, Both Friend And Foe: The Intersection Of Privacy And Trade On The Transatlantic Stage, Gabrielle C. Craft

University of Miami International and Comparative Law Review

This Note analyzes the data privacy protection initiatives implemented by the European Union and the United States and their effects on international trade. As technology develops, the feasibility of data collection increases, allowing for the collecting of inconceivable amounts of data information. Consequently, this data includes personal information, thus implicating privacy concerns and the need for data privacy protection regulations. Data privacy focuses on the use and governance of personal data and how the data is gathered, collected, and stored. In 2018, the European Union enacted the General Data Protection Regulation (GDPR), which sets out highly stringent standards for how …

I Spy With My Little--Gps Tracking Device: Why Georgia Should Look To The United Kingdom's Domestic Violence Laws To Deter Innovative Abuses Of Technology, Tyerus Skala

Georgia Journal of International & Comparative Law

No abstract provided.

Private Rights Of Action In Privacy Law, Lauren Henry Scholz

William & Mary Law Review

Many privacy advocates assume that the key to providing individuals with more privacy protection is strengthening the government’s power to directly sanction actors that hurt the privacy interests of citizens. This Article contests the conventional wisdom, arguing that private rights of action are essential for privacy regulation. First, I show how private rights of action make privacy law regimes more effective in general. Private rights of action are the most direct regulatory access point to the private sphere. They leverage private expertise and knowledge, create accountability through discovery, and have expressive value in creating privacy-protective norms. Then to illustrate the …

Privacy Frameworks For Smart Cities, Lindsey Tonsager, Jayne Ponder

Journal of Law and Mobility

This paper identifies some of the core privacy considerations raised by smart cities – government surveillance and data security in Part I. Then, Part II proposes a set of core principles for smart cities to consider in the development and deployment of smart cities to address privacy concerns. These principles include: (A) human-centric approaches to smart cities design and implementation, (B) transparency for city residents, (C) privacy by design, (D) anonymization and deidentification, (E) data minimization and purpose specification, (F) trusted data sharing, and (G) cybersecurity resilience.

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Illusory Privacy, Thomas Haley

Indiana Law Journal

For decades, regulators, consumer advocates, and privacy theorists have grappled with one of privacy’s most important questions: how to protect private information that consumers unwittingly give away with the click of an “I accept” button. Reform efforts remain mired in a morass of text, focusing on the increasing volume and complexity of firms’ terms of service and privacy policies. This Article moves beyond such existing approaches. By analyzing terms of service and privacy policies from hundreds of top websites—which this Article calls “platform terms”—this Article demonstrates that the prevailing “notice and consent” paradigm of privacy regulation cannot provide meaningful protection. …

Putting Cano On Ice – A Path Forward For Border Searches Of Electronic Devices, Davis Price Shugrue

Vanderbilt Journal of Entertainment & Technology Law

Across the country, circuit courts disagree over what level of suspicion, if any, is required for border officials to search electronic devices. This leaves law enforcement agencies in the lurch because they must craft nationwide policies that cover jurisdictions with differing rules. The Supreme Court should bring this quandary to an end by holding that no reasonable suspicion or warrant is required for border searches of electronic devices. Many scholars and litigants have called for a reasonable suspicion or warrant requirement in light of Supreme Court decisions like Riley and Carpenter that recognize the privacy concerns raised by searches of …

Big Brother Is Scanning: The Widespread Implementation Of Alpr Technology In America’S Police Forces, Yash Dattani

Vanderbilt Journal of Entertainment & Technology Law

Automatic License Plate Readers (ALPRs) are an increasingly popular tool in police departments across the United States. At its core, ALPR technology functions in a relatively simple manner. The technology has two major components: the actual scanners, which record license plates, and the databases which collect, compile, and analyze this information for officers to access at the click of a button. Although this technology first came to the United States in 1998 as a form of rudimentary border security, its purpose and capabilities have rapidly grown. Now, in 2022, ALPR has evolved into a frighteningly powerful piece of technology, potentially …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

A New Reality: Deepfake Technology And The World Around Us, Molly Mullen

Mitchell Hamline Law Review

No abstract provided.

Use Of Unmanned Aircraft Systems And Regulatory Landscape: Unravelling The Future Challenges In The High Sky, K Kirthan Shenoy, Divya Tyagi

International Journal of Aviation, Aeronautics, and Aerospace

The individuals on the ground nowadays often observe objects distantly hover over the sky, which raises the question of who might be operating the object or what the object might record. Unmanned Aircraft Systems (UAS) or Drones today have quickly penetrated civilian, military, and commercial sectors. The drones or UAS, with the advancement of technology, are now capable of traversing long distances, having long endurance, and having multipurpose functionality. The UAS industry is fast expanding, with trade investment touching the billion-dollar mark in flourishing economies. The advent of the Covid 19 pandemic saw a steep rise in the use of …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

You Are Not A Commodity: A More Efficient Approach To Commercial Privacy Rights, Benjamin T. Pardue

Washington Law Review

United States common law provides four torts for privacy invasion: (1) disclosure of private facts, (2) intrusion upon seclusion, (3) placement of a person in a false light, and (4) appropriation of name or likeness. Appropriation of name or likeness occurs when a defendant commandeers the plaintiff’s recognizability, typically for a commercial benefit. Most states allow plaintiffs who establish liability to recover defendants’ profits as damages from the misappropriation under an “unjust enrichment” theory. By contrast, this Comment argues that such an award provides a windfall to plaintiffs and contributes to suboptimal social outcomes. These include overcompensating plaintiffs and incentivizing …

Deepfake Privacy: Attitudes And Regulation, Matthew B. Kugler, Carly Pace

Northwestern University Law Review

Using only a series of images of a person’s face and publicly available software, it is now possible to insert the person’s likeness into a video and show them saying or doing almost anything. This “deepfake” technology has permitted an explosion of political satire and, especially, fake pornography. Several states have already passed laws regulating deepfakes, and more are poised to do so. This Article presents three novel empirical studies that assess public attitudes toward this new technology. In our main study, a representative sample of the U.S. adult population perceived nonconsensually created pornographic deepfake videos as extremely harmful and …

Alexa Hears With Her Little Ears—But Does She Have The Privilege?, Lauren Chlouber Howell

St. Mary's Law Journal

Abstract forthcoming.

Closing The Data Gap: Protecting Biometric Information Under The Biometric Information Privacy Act And The California Consumer Protection Act, Eva-Maria Ghelardi

St. John's Law Review

(Excerpt)

Between May and June of 2014, Stacy Rosenbach bought her son, Alexander, a Six Flags season pass online. She submitted Alexander’s personal information and read that Alexander would complete the sign-up process at the park. No details described what the sign-up process would entail.

After showing his online receipt at Six Flags, Alexander was brought to an office to provide the customary thumb scan. Alexander’s thumb scan, along with the season pass card, was required to permit him to enter the various rides. He was not given any information about how his thumb scan would be stored or used …

Comparative Limitations On Abortions: The United States Supreme Court V. The European Court Of Human Rights, Sunaya Padmanabhan

Northwestern Journal of Law & Social Policy

This Note compares the balancing tests implemented by the United States Supreme Court and the European Court of Human Rights to determine the legal status of abortion within their jurisdictions. This Note will argue that the Supreme Court’s balancing test better protects a woman’s legal path to an abortion because it A) limits states’ restrictions to specific categories and B) regulates the extent to which states can restrict a woman’s pre-viability abortion.

This Note will also examine the ways in which each court’s abortion jurisprudence substantively restricts a woman’s ability to obtain an abortion, even where legal avenues to the …

Private Lives At Home And Public Lives In Court: Protecting The Privacy Of Federal Judges' Home Addresses, Hannah Elias Sbaity

Journal of Intellectual Property Law

Targeted murders of federal judges and their families at their private homes date back to May 29, 1979. Most recently, in July 2020, Judge Esther Salas’s only son, Daniel, was murdered and her husband near-fatally shot at their home. Individuals wishing to inflict such harm or death at federal judges’ homes have been able to do so because of federal judges’ publicly available home addresses. Because personally identifying information (PII) is defined differently from statute to statute, home addresses largely remain public information in most states and can be found in real estate records, data broker websites, social media platforms, …

A Deep Dive Into Technical Encryption Concepts To Better Understand Cybersecurity & Data Privacy Legal & Policy Issues, Anthony Volini

Journal of Intellectual Property Law

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, …

Privacy Vs. Transparency: Handling Protected Materials In Agency Rulemaking, Christopher S. Yoo, Kellen Mccoy

Indiana Law Journal

Agencies conducting informal rulemaking proceedings increasingly confront conflicting duties with respect to protected materials included in information submitted in public rulemaking dockets. They must reconcile the broad commitment to openness and transparency reflected in federal law with the duty to protect confidential business information (CBI) and personally identifiable information (PII) against improper disclosure.

This Article presents an analysis of how agencies can best balance these often countervailing considerations. Part I explores the statutory duties to disclose and withhold information submitted in public rulemaking dockets placed on agencies. It also examines judicial decisions and other legal interpretations regarding the proper way …

Biometric Data Regulation And The Right Of Publicity: A Path To Regaining Autonomy Over Our Commodified Identity, Lisa Raimondi

University of Massachusetts Law Review

This Note explores how a right of publicity action might be used to address present day concerns regarding biometric data ownership rights where an individual’s likeness can essentially be bought and sold. As social networking and use of the internet has grown, so has the opportunity for people to engage with others and share their lives. However, that opportunity also comes with risk. More and more, people are required to accept the terms of use and privacy policies detailing how their biometric data will be collected and stored if they want to download and use certain technological applications. Most of …

Freedom Of Expression V. Social Responsibility On The Internet: Vivi Down Association V. Google, Raphael Cohen-Almagor, Natalina Stamile

Seattle Journal of Technology, Environmental & Innovation Law

The aim of the article is to reflect on Google’s social responsibility by analyzing a milestone court decision, Vivi Down Association v. Google, that took place in Italy, involving the posting of an offensive video clip on Google Video. It was a landmark decision because it refuted the assertion that the Internet knows no boundaries, that the Internet transcends national laws due to its international nature, and that Internet intermediaries, such as Google, are above the law. This case shows that when the legal authorities of a given country decide to assert their jurisdiction, Internet companies need to abide by …

Discussing Privacy In Sec Subpoena Practice After Carpenter V. United States, William A. Ballentine

Chicago-Kent Law Review

No abstract provided.

Bitcoin Searches And Preserving The Third-Party Doctrine, Christine A. Cortez

St. Mary's Law Journal

Abstract forthcoming.

Cloudy With A Chance Of Government Intrusion: The Third-Party Doctrine In The 21st Century, Steven Arango

Catholic University Law Review

Technology may be created by humans, but we are dependent on it. Look around you: what technology is near you as you read this abstract? An iPhone? A laptop? Perhaps even an Amazon Echo. What do all these devices have in common? They store data in the cloud. And this data can contain some of our most sensitive information, such as business records or medical documents.

Even if you manage this cloud storage account, the government may be able to search your data without a warrant. Federal law provides little protection for cloud stored data. And the Fourth Amendment may …

Revising Reasonableness In The Cloud, Ian Walsh

Washington Law Review

Save everything—just in case––and search for it later. This is a modern mantra fueled by the ubiquity of smartphones, laptops, tablets, and free or low-cost data storage that leads users to store massive amounts of data in the cloud. But when users trust third-party cloud storage providers with private communications, they also surrender Fourth Amendment constitutional certainty. Existing statutory safeguards for these communications are lower than Fourth Amendment warrant and probable cause standards; this permits the government to seize large quantities of users’ private communications stored in the cloud with only minimal justification. Due to the revealing nature of such …