Law Commons^™

Fintech Lending In India: Taking Stock Of Implications For Privacy And Autonomy, Vidushi Marda, Amber Sinha

Indian Journal of Law and Technology

In the last five years, the Fintech sector has thrived in India, with Machine Learning (ML) driven credit scoring based on alternative data, emerging as a growing segment. The credit scoring industry in India needs to be viewed in light of a careful examination of rights, inclusion, appropriate safeguards and discrimination, currently missing from the discourse and practices. In this paper, we explain how ML-based credit scoring works, and the regulatory and commercial factors that have enabled and impeded its growth in India. Through legal and technological analysis, richened by insights from qualitative interviews with entrepreneurs and practitioners, we provide …

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

The Data Trust Solution To Data Sharing Problems, Kimberly A. Houser, John W. Bagby

Vanderbilt Journal of Entertainment & Technology Law

A small number of large companies hold most of the world’s data. Once in the hands of these companies, data subjects have little control over the use and sharing of their data. Additionally, this data is not generally available to small and medium enterprises or organizations who seek to use it for social good. A number of solutions have been proposed to limit Big Tech “power,” including antitrust actions and stricter privacy laws, but these measures are not likely to address both the oversharing and under-sharing of personal data. Although the data trust concept is being actively explored in the …

Perlindungan Atas Privasi Konsumen Dalam Layanan Reservasi Tiket Online Dari Pt. Kereta Api Indonesia, Aprilia Susanti

"Dharmasisya” Jurnal Program Magister Hukum FHUI

The significant increase in online activities cannot be separated from the many active internet users who use mobile internet connections to carry out their daily activities, one of which is for the convenience of making ticket reservations at PT. Indonesian Railways (KAI). The purpose of this research is to find out the study of the business law of protecting consumer privacy in the online ticketing service of PT. KAI. Data collection was carried out by means of a literature study of the relationship between laws and regulations in consumer protection and the position of PT. KAI as business actors and …

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

An Essay About Privacy, Ronald Griffin

Journal Publications

Jessye Norman was an American opera singer. She died on October 1, 2019. On October 2, 2019, my wife got a grim diagnosis that put me in a stupor and reminded me, now more than ever, that my generation (that did so much good in the world) stands in line waiting for the Grim Reaper’s call. In a seventy-years (that have gone by too fast) I have watched my peers run from the realms of privacy, spaces where people implemented life plans uninterrupted by neighbours that were discernible, palpable, and real to everybody, to a realm where there is none. …

Securing Patent Law, Charles Duan

Articles in Law Reviews & Other Academic Journals

A vigorous conversation about intellectual property rights and national security has largely focused on the defense role of those rights, as tools for responding to acts of foreign infringement. But intellectual property, and patents in particular, also play an arguably more important offense role. Foreign competitor nations can obtain and assert U.S. patents against U.S. firms and creators. Use of patents as an offense strategy can be strategically coordinated to stymie domestic innovation and technological progress. This Essay considers current and possible future practices of patent exploitation in this offense setting, with a particular focus on China given the nature …

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove

Books

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …

Forensic Discoverability Of Ios Vault Applications, Alissa Gilbert, Kathryn C. Seigfried-Spellar

Journal of Digital Forensics, Security and Law

Vault Applications are used to store potentially sensitive information on a smartphone; and are available on Android and iOS. The purpose of using these applications could be used to hide potential evidence or illicit photos. After comparing five different iOS photo vaults, each vault left evidence and photos behind. However, of the three forensic toolkits used, each produced different results in their scans of the phone. The media left behind was due to the photo vaults not protecting their information as claimed, and using basic obfuscation techniques in place of security controls. Future research will look at how newer security …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Submission To The Province Of Nova Scotia On Its Review Of The Intimate Images And Cyber-Protection Act - Leaf, Suzie Dunn, Rosel Kim

Reports & Public Policy Documents

The Women’s Legal Education and Action Fund (LEAF) commends the Nova Scotia government for reviewing its Intimate Images and Cyber-protection Act (the Act) and seeking public input for this review. Nova Scotia has been, and continues to be, a leader in Canada for its role in advancing innovative laws and supports for people targeted by technology-facilitated violence (TFV), digital abuse, and the non-consensual distribution of intimate images (NCDII). As these forms of harmful behaviour evolve and become better understood, it is important to revisit this legislation to assess whether it is providing meaningful and accessible responses to such serious social …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The New Bailments, Danielle D'Onfro

Scholarship@WashULaw

The rise of cloud computing has dramatically changed how consumers and firms store their belongings. Property that owners once managed directly now exists primarily on infrastructure maintained by intermediaries. Consumers entrust their photos to Apple instead of scrapbooks; businesses put their documents on Amazon’s servers instead of in file cabinets; seemingly everything runs in the cloud. Were these belongings tangible, the relationship between owner and intermediary would be governed by the common-law doctrine of bailment. Bailments are mandatory relationships formed when one party entrusts their property to another. Within this relationship, the bailees owe the bailors a duty of care …

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Personal Data Privacy And Protective Federal Legislation: An Exploration Of Constituent Position On The Need For Legislation To Control Data Reliant Organizations Collecting And Monetizing Internet-Obtained Personal Data, Giovanni De Meo

Dissertations

In the past twenty years, the business of online personal data collection has grown at the same rapid pace as the internet itself, fostering a multibillion-dollar personal data collection and commercialization industry. Unlike many other large industries, there has been no major federal legislation enacted to monitor or control the activities of organizations dealing in this flourishing industry. The combination of these factors together with the lack of prior research encouraged this research designed to understand how much voters know about this topic and whether there is interest in seeing legislation enacted to protect individual personal data privacy.

To address …

Freedom Of Expression V. Social Responsibility On The Internet: Vivi Down Association V. Google, Raphael Cohen-Almagor, Natalina Stamile

Seattle Journal of Technology, Environmental & Innovation Law

The aim of the article is to reflect on Google’s social responsibility by analyzing a milestone court decision, Vivi Down Association v. Google, that took place in Italy, involving the posting of an offensive video clip on Google Video. It was a landmark decision because it refuted the assertion that the Internet knows no boundaries, that the Internet transcends national laws due to its international nature, and that Internet intermediaries, such as Google, are above the law. This case shows that when the legal authorities of a given country decide to assert their jurisdiction, Internet companies need to abide by …

Show Me The (Data About The) Money!, Nizan Geslevich Packin

Utah Law Review

Information about consumers, their money, and what they do with it is the lifeblood of the flourishing financial technology (“FinTech”) sector. Historically, highly regulated banks jealously protected this data. However, consumers themselves now share their data with businesses more than ever before. These businesses monetize and use the data for countless prospects, often without the consumers’ actual consent. Understanding the dimensions of this recent phenomenon, more and more consumer groups, scholars, and lawmakers have started advocating for consumers to have the ability to control their data as a modern imperative. This ability is tightly linked to the concept of open …

The Right To Contest Ai, Margot E. Kaminski, Jennifer M. Urban

Publications

Artificial intelligence (AI) is increasingly used to make important decisions, from university admissions selections to loan determinations to the distribution of COVID-19 vaccines. These uses of AI raise a host of concerns about discrimination, accuracy, fairness, and accountability.

In the United States, recent proposals for regulating AI focus largely on ex ante and systemic governance. This Article argues instead—or really, in addition—for an individual right to contest AI decisions, modeled on due process but adapted for the digital age. The European Union, in fact, recognizes such a right, and a growing number of institutions around the world now call for …

Artificial Intelligence And Trade, Anupam Chander

Georgetown Law Faculty Publications and Other Works

Artificial Intelligence is already powering trade today. It is crossing borders, learning, making decisions, and operating cyber-physical systems. It underlies many of the services that are offered today – from customer service chatbots to customer relations software to business processes. The chapter considers AI regulation from the perspective of international trade law. It argues that foreign AI should be regulated by governments – indeed that AI must be ‘locally responsible’. The chapter refutes arguments that trade law should not apply to AI and shows how the WTO agreements might apply to AI using two hypothetical cases . The analysis reveals …

Good Health And Good Privacy Go Hand-In-Hand (Originally Published By Jnslp), Jennifer Daskal

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Keeping The Zombies At Bay: Fourth Amendment Problems In The Fight Against Botnets, Danielle Potter

Washington and Lee Journal of Civil Rights and Social Justice

You may not have heard of a botnet. If you have, you may have linked it to election shenanigans and nothing else. But if you are reading this on a computer or smartphone, there is a good chance you are in contact with a botnet right now.

Botnets, sometimes called “Zombie Armies,” are networks of devices linked by a computer virus and controlled by cybercriminals. Botnets operate on everyday devices owned by millions of Americans, and thus pose a substantial threat to individual device owners as well as the nation’s institutions and economy.

Accordingly, the United States government has been …

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

The Law Of Black Mirror - Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Using episodes from the show Black Mirror as a study tool - a show that features tales that explore techno-paranoia - the course analyzes legal and policy considerations of futuristic or hypothetical case studies. The case studies tap into the collective unease about the modern world and bring up a variety of fascinating key philosophical, legal, and economic-based questions.

Is Data Localization A Solution For Schrems Ii?, Anupam Chander

Georgetown Law Faculty Publications and Other Works

For the second time this decade, the Court of Justice of the European Union has struck a blow against the principal mechanisms for personal data transfer to the United States. In Data Protection Commissioner v Facebook Ireland, Maximillian Schrems, the Court declared the EU-US Privacy Shield invalid and placed significant hurdles to the process of transferring personal data from the European Union to the United States via the mechanism of Standard Contractual Clauses. Many have begun to suggest data localization as the solution to the problem of data transfer; that is, don’t transfer the data at all. I argue …