Privacy Law Commons^™

Actual Harm Means It Is Too Late: How Rosenbach V. Six Flags Demonstrates Effective Biometric Information Privacy Law, Chloe Stepney

Loyola of Los Angeles Entertainment Law Review

Technology is rapidly advancing, and the law is trying to keep up. While this challenge is not new, technological advancements are impacting privacy rights in unprecedented ways. Using a fingerprint to clock in at work or face identification to unlock a smartphone provides ease and convenience, but at what cost?

Currently, there is no federal law that regulates the collection, use, and storage of biometric information in the private sector. On a local level, three states have enacted laws that specifically address biometrics. Of those, the Biometric Information Privacy Act (BIPA) in Illinois provides the strongest protections for consumers, who …

Deep Fakes: A Looming Challenge For Privacy, Democracy, And National Security, Danielle K. Citron, Robert Chesney

Faculty Scholarship

Harmful lies are nothing new. But the ability to distort reality has taken an exponential leap forward with “deep fake” technology. This capability makes it possible to create audio and video of real people saying and doing things they never said or did. Machine learning techniques are escalating the technology’s sophistication, making deep fakes ever more realistic and increasingly resistant to detection. Deep-fake technology has characteristics that enable rapid and widespread diffusion, putting it into the hands of both sophisticated and unsophisticated actors. While deep-fake technology will bring with it certain benefits, it also will introduce many harms. The marketplace …

Law School News: Logan To Serve As Adviser On Restatement Third Of Torts 11-07-2019, Michael M. Bowden

Life of the Law School (1993- )

No abstract provided.

Data Scams, Roger Allan Ford

Law Faculty Scholarship

Targeting platforms like Google and Facebook are usually seen as presenting tradeoffs between utility and privacy. This Article identifies and describes a different, non-privacy cost of targeting platforms: they make it easier for malicious actors to scam others. They do this by making it easier for scammers to reach the most promising victims, hide from law-enforcement authorities and others, and develop better scams. Technology offers potential solutions, since the same data and targeting tools that enable scams could help detect and prevent them, though neither platforms nor law-enforcement officials have both the incentives and expertise needed to develop and deploy …

The Missing Regulatory State: Monitoring Businesses In An Age Of Surveillance, Rory V. Loo

Vanderbilt Law Review

An irony of the information age is that the companies responsible for the most extensive surveillance of individuals in history-large platforms such as Amazon, Facebook, and Google-have themselves remained unusually shielded from being monitored by government regulators. But the legal literature on state information acquisition is dominated by the privacy problems of excess collection from individuals, not businesses. There has been little sustained attention to the problem of insufficient information collection from businesses. This Article articulates the administrative state's normative framework for monitoring businesses and shows how that framework is increasingly in tension with privacy concerns. One emerging complication is …

The Missing Regulatory State: Monitoring Businesses In An Age Of Surveillance, Rory Van Loo

Faculty Scholarship

An irony of the information age is that the companies responsible for the most extensive surveillance of individuals in history—large platforms such as Amazon, Facebook, and Google—have themselves remained unusually shielded from being monitored by government regulators. But the legal literature on state information acquisition is dominated by the privacy problems of excess collection from individuals, not businesses. There has been little sustained attention to the problem of insufficient information collection from businesses. This Article articulates the administrative state’s normative framework for monitoring businesses and shows how that framework is increasingly in tension with privacy concerns. One emerging complication is …

Review Of Ian Kerr And Jane Bailey, The Implications Of Digital Rights Management For Privacy And Freedom Of Expression, 2 Journal Of Information, Communication & Ethics In Society 87 (2004), Ann Bartow

Law Faculty Scholarship

Ian Kerr, who passed away far too young in 2019, was an incisive scholar and a much treasured colleague. The wit that sparkled in his papers was matched only by his warmth toward his friends, of whom there were many. He and his many co-authors wrote with deep insight and an equally deep humanity about copyright, artificial intelligence, privacy, torts, and much much more.

Ian was also a valued contributor to the Jotwell Technology Law section. His reviews here display the same playful generosity that characterized everything else he did. In tribute to his memory, we are publishing a memorial …

The Positive Law Model Of The Fourth Amendment, William Baude, James Y. Stern

James Y. Stern

For fifty years, courts have used a “reasonable expectation of privacy” standard to define “searches” under the Fourth Amendment. As others have recognized, that doctrine is subjective, unpredictable, and conceptually confused, but viable alternatives have been slow to emerge. This Article supplies one.

We argue that Fourth Amendment protection should be anchored in background positive law. The touchstone of the search-and-seizure analysis should be whether government officials have done something forbidden to private parties. It is those actions that should be subjected to Fourth Amendment reasonableness review and the presumptive requirement to obtain a warrant. In short, Fourth Amendment protection …

Towards Standard Information Privacy, Innovations Of The New General Data Protection Regulation, Ali Alibeigi, Abu Bakar Munir, Md Ershadulkarim, Adeleh Asemi

Library Philosophy and Practice (e-journal)

Protection of personal data in recent decades became more crucial affecting by emergence of the new technologies especially computer, internet, information and communications technology. However, Europeans felt this necessity at time and provided for up-to-date and supportive laws. The General Data Protection Regulation (GDPR) is the latest legislation in EU to protect personal data of individuals based on the recent technological advancements. However, its’ domestic and international output still is debatable. This doctrinal legal study by using descriptive methods, aimed to evaluate the GDPR through analyzing and interpreting its’ provisions by especial focus on its’ innovations. The results show that …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Georgetown Law Faculty Publications and Other Works

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

21st Century-Style Truth Decay: Deep Fakes And The Challenge For Privacy, Free Expression, And National Security, Robert Chesney, Danielle Keats Citron

Maryland Law Review

No abstract provided.

Privacy Rights And Public Families, Khiara Bridges

Khiara M Bridges

This Article is based on eighteen months of anthropological fieldwork conducted among poor, pregnant women receiving prenatal care provided by the Prenatal Care Assistance Program (“PCAP”) at a large public hospital in New York City. The Prenatal Care Assistance Program (“PCAP”) is a special program within the New York State Medicaid program that provides comprehensive prenatal care services to otherwise uninsured or underinsured women. This Article attempts to accomplish two goals. The first goal is to argue that PCAP’s compelled consultations – with social workers, health educators, nutritionists, and financial officers – function as a gross and substantial intrusion by …

Drone Invasion: Unmanned Aerial Vehicles And The Right To Privacy, Rebecca L. Scharf

Indiana Law Journal

Since the birth of the concept of a legally recognized right to privacy in Samuel D. Warren and Louis D. Brandeis’ influential 1890 law review article, “The Right to Privacy,” common law—with the aid of influential scholars—has massaged the concept of privacy torts into actionable claims. But now, one of the most innovative technological advancements in recent years, the unmanned aerial vehicle, or drone, has created difficult challenges for plaintiffs and courts navigating common law privacy tort claims.

This Article explores the challenges of prosecution of the specific privacy tort of intrusion upon seclusion involving nongovernmental use of drone technology. …

Automated License Plate Readers: The Difficult Balance Of Solving Crime And Protecting Individual Privacy, Lauren Fash

Maryland Law Review Online

No abstract provided.

Cell Phones Are Orwell's Telescreen: The Need For Fourth Amendment Protection In Real-Time Cell Phone Location Information, Matthew Devoy Jones

Cleveland State Law Review

Courts are divided as to whether law enforcement can collect cell phone location information in real-time without a warrant under the Fourth Amendment. This Article argues that Carpenter v. United States requires a warrant under the Fourth Amendment prior to law enforcement’s collection of real-time cell phone location information. Courts that have required a warrant prior to the government’s collection of real-time cell phone location information have considered the length of surveillance. This should not be a factor. The growing prevalence and usage of cell phones and cell phone technology, the original intent of the Fourth Amendment, and United States …

The Normative Fourth Amendment, Matthew Tokson

Utah Law Faculty Scholarship

For decades, courts have used a “reasonable expectation of privacy” standard to determine whether a government action is a Fourth Amendment search. Scholars have convincingly argued that this test is incoherent, arbitrary, and incapable of protecting privacy against modern forms of surveillance. Yet few alternatives have been proposed, and those alternatives pose many of the same problems as the current standard.

This Article offers a new theoretical approach for determining the scope of the Fourth Amendment. It develops a normative model of Fourth Amendment searches, one that explicitly addresses the balance between law enforcement effectiveness and citizens’ interests inherent in …

Keep Your Friends Close And Your Medical Records Closer: Defining The Extent To Which A Constitutional Right To Informational Privacy Protects Medical Records, Lauren Newman

Journal of Law and Health

The following Article discusses the extent to which the constitutional right to informational privacy protects medical data from improper acquisition or dissemination by state agents. Part I provides background on Whalen v. Roe, the Supreme Court case that has been understood to establish the right to informational privacy. Part I also discusses the variations across the circuit courts as to what medical information is afforded protection by the right. Part II analyzes the well-established approaches adopted by the Second and Third Circuits as they present opposing interpretations of Whalen, one wholly protecting medical information and the other protecting …

Privacy, Freedom, And Technology—Or “How Did We Get Into This Mess?”, Alex Alben

Seattle University Law Review

Can we live in a free society without personal privacy? The question is worth pondering, not only in light of the ongoing debate about government surveillance of private communications, but also because new technologies continue to erode the boundaries of our personal space. This Article examines our loss of freedom in a variety of disparate contexts, all connected by the thread of erosion of personal privacy. In the scenarios explored here, privacy reducing activities vary from government surveillance, personal stalking conducted by individuals, and profiling by data-driven corporations, to political actors manipulating social media platforms. In each case, new technologies …

Gdpr Compliance—It Takes A Village, Susy Mendoza

Seattle University Law Review

When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the …

Footprints: Privacy For Enterprises, Processors, And Custodians…Oh My!, Blair Witzel, Carrie Mount

Seattle University Law Review

Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of …

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Alexa, Amazon Assistant Or Government Informant?, Julia R. Shackleton Esq.

University of Miami Business Law Review

Alexa, are you listening to me? Technology has become an integral part of one’s everyday life with voice-controlled devices pervading our most intimate interactions and spaces within the home. The answers to our questions are now at our fingertips with the simple roll of the tongue “Alexa,” your very own personal intelligence assistant. This futuristic household tool can perform tasks that range from answering simple voice commands to ordering any online shopping. However, the advent of voice technology presents a myriad of problems. Concerns arise as these new devices live in the privacy of our homes while quietly listening for …

Rights On Publicity As Remarkably Insignificant, R. George Wright

Cleveland State Law Review

This Article introduces the right of publicity through a brief consideration of high-profile cases involving, respectively, Paris Hilton, human cannonball Hugo Zacchini, and the famous actress Olivia de Havilland. With this background understanding, the Article considers the supposed risks to freedom of speech posed by recognizing rights of publicity in a private party. From there, the Article addresses the nagging concern that the publicity rights cases promote a harmful "celebrification" of culture. Finally, the Article considers whether allowing for meaningful damage recoveries in publicity rights cases appropriately compensates victims in ways promoting the broad public interest.

Data Re-Use And The Problem Of Group Identity, Leslie Francis, John G. Francis

Utah Law Faculty Scholarship

Reusing existing data sets of health information for public health or medical research has much to recommend it. Much data repurposing in medical or public health research or practice involves information that has been stripped of individual identifiers but some does not. In some cases, there may have been consent to the reuse but in other cases consent may be absent and people may be entirely unaware of how the data about them are being used. Data sets are also being combined and may contain information with very different sources, consent histories, and individual identifiers. Much of the ethical and …

Cashless Societies And The Rise Of The Independent Cryptocurrencies: How Governments Can Use Privacy Laws To Compete With Independent Cryptocurrencies, Matla Garcia Chavolla

Pace International Law Review

Many individuals (including governments) envision living in a future world where physical currency is a thing of the past. Many countries have made great strides in their efforts to go cashless. At the same time, there is increasing awareness among citizens of the decreasing amount of privacy in their lives. The potential hazards cashless societies pose to financial privacy may incentivize citizens to hold some of their money in independent cryptocurrencies. This article argues that in order for governments in cashless societies to keep firm control over their money supply, they should enact stronger privacy law protections for its citizens …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Christopher Slobogin

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Ellen Wright Clayton

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Law School News: A Spring Break That Teaches - And Gives Back 03/11/2019, Edward Fitzpatrick

Life of the Law School (1993- )

No abstract provided.

Bytes Bite: Why Corporate Data Breaches Should Give Standing To Affected Individuals, Caden Hayes

Washington and Lee Journal of Civil Rights and Social Justice

High-profile data hacks are not uncommon. In fact, according to the Privacy Rights Clearinghouse, there have been at least 7,961 data breaches, exposing over 10,000,000,000 accounts in total, since 2005. These shocking numbers are not particularly surprising when taking into account the value of information stolen. For example, cell phone numbers, as exposed in a Yahoo! hack, are worth $10 a piece on the black market, meaning the hackers stood to make $30,000,000,000 from that one hack. That dollar amount does not even consider copies the hackers could make and later resell. Yet while these hackers make astronomical payoffs, the …