Law Commons^™

How To Understand China's Approach To Central Bank Digital Currency?, Heng Wang

Research Collection Yong Pung How School Of Law

China's central bank digital currency (CBDC), digital yuan or e-CNY, is likely to profoundly affect the international financial system. China's CBDC is fast evolving. Understanding the influencing factors of China's CBDC will likely be crucial to explore its future direction. Major influencing factors include (i) China's perception and conception of regulation and technology, (ii) complementarity between China's preferences and CBDC development, (iii) domestic and international legitimacy, and (iv) institutional development. This paper argues that these influencing factors contribute to China's likely approach of selectively reshaping the international financial system. Given the potential wide-ranging implications of the introduction of CBDC globally, …

Cyber Plungers: Colonial Pipeline And The Case For An Omnibus Cybersecurity Legislation, Asaf Lubin

Articles by Maurer Faculty

The May 2021 ransomware attack on Colonial Pipeline was a wake-up call for a federal administration slow to realize the dangers that cybersecurity threats pose to our critical national infrastructure. The attack forced hundreds of thousands of Americans along the east coast to stand in endless lines for gas, spiking both prices and public fears. These stressors on our economy and supply chains triggered emergency proclamations in four states, including Georgia. That a single cyberattack could lead to a national emergency of this magnitude was seen by many as proof of even more crippling threats to come. Executive Director of …

Regulatory Sandboxes Enable Pragmatic Blockchain Regulation, Joshua Durham

Washington Journal of Law, Technology & Arts

Since blockchain technology supports digitally-native money, the centralized chokepoints that governments have traditionally targeted to regulate commerce no longer apply to our (digital) property. However, competent regulation furthers basic public policy goals and should enable responsible innovation of this promising technology. This Article discusses pragmatic policies that enable responsible innovation by cultivating regulatory expertise required to write enforceable rules. Responsible innovation is necessary because unlike the early internet, where programmers could manipulate simple colors and text on webpages, these same individuals can now create financial services applications that manipulate actual money—we are faced with an inescapable reality that more is …

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes

Washington and Lee Law Review

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.

One byproduct of the CCP’s emphasis on controlling …

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Facebook, Welfare, And Natural Monopoly: A Quantitative Analysis Of Antitrust Remedies, Felix B. Chang, Seth Benzell

Faculty Articles and Other Publications

This Article advances a novel theoretical model for assessing policy interventions against Facebook. As prosecutors barrel forward against digital platforms, soon it will fall upon courts and, eventually, regulators to devise remedies. We argue that any sensible solution must include quantification of the welfare effects on the platform’s various constituents. Our model prioritizes the effects upon total societal welfare—or, in economists’ terms, social welfare. Applied to Facebook, the model calculates social welfare as the sum of four components: (i) consumer welfare; (ii) advertising profits; (iii) tax revenues; and (iv) the value of a large user base.

Drawing on surveys of …

Distributed Governance Of Medical Ai, W. Nicholson Price Ii

SMU Science and Technology Law Review

Artificial intelligence (AI) has the potential to democratize expertise in medicine, bring expertise previously limited to specialists to a variety of health-care settings. But AI can easily falter, and making sure that AI works well across that variety of settings is a challenging task. Centralized governance, such as review by the Food and Drug Administration, can only do so much, since system performance will depend on the particular health-care setting and how the AI system is integrated into setting-specific clinical workflows. This Essay presents the need for distributed governance, where some oversight tasks are undertaken in localized settings. It points …

Modeling Through, Ryan Calo

Articles

Theorists of justice have long imagined a decision-maker capable of acting wisely in every circumstance. Policymakers seldom live up to this ideal. They face well-understood limits, including an inability to anticipate the societal impacts of state intervention along a range of dimensions and values. Policymakers cannot see around corners or address societal problems at their roots. When it comes to regulation and policy-setting, policymakers are often forced, in the memorable words of political economist Charles Lindblom, to “muddle through” as best they can.

Powerful new affordances, from supercomputing to artificial intelligence, have arisen in the decades since Lindblom’s 1959 article …

The Promise And Limits Of Lawfulness: Inequality, Law, And The Techlash, Salomé Viljoen

Articles

In response to widespread skepticism about the recent rise of “tech ethics”, many critics have called for legal reform instead. In contrast with the “ethics response”, critics consider the “lawfulness response” more capable of disciplining the excesses of the technology industry. In fact, both are simultaneously vulnerable to industry capture and capable of advancing a more democratic egalitarian agenda for the information economy. Both ethics and law offer a terrain of contestation, rather than a predetermined set of commitments by which to achieve more democratic and egalitarian technological production. In advancing this argument, the essay focuses on two misunderstandings common …

Show Me The (Data About The) Money!, Nizan Geslevich Packin

Utah Law Review

Information about consumers, their money, and what they do with it is the lifeblood of the flourishing financial technology (“FinTech”) sector. Historically, highly regulated banks jealously protected this data. However, consumers themselves now share their data with businesses more than ever before. These businesses monetize and use the data for countless prospects, often without the consumers’ actual consent. Understanding the dimensions of this recent phenomenon, more and more consumer groups, scholars, and lawmakers have started advocating for consumers to have the ability to control their data as a modern imperative. This ability is tightly linked to the concept of open …

Administrative Law In The Automated State, Cary Coglianese

All Faculty Scholarship

In the future, administrative agencies will rely increasingly on digital automation powered by machine learning algorithms. Can U.S. administrative law accommodate such a future? Not only might a highly automated state readily meet longstanding administrative law principles, but the responsible use of machine learning algorithms might perform even better than the status quo in terms of fulfilling administrative law’s core values of expert decision-making and democratic accountability. Algorithmic governance clearly promises more accurate, data-driven decisions. Moreover, due to their mathematical properties, algorithms might well prove to be more faithful agents of democratic institutions. Yet even if an automated state were …

The Gdpr: It Came, We Saw, But Did It Conquer?, Leila Javanshir

Seattle University Law Review

On February 1, 2019, the Seattle University Law Review held its annual symposium at the Seattle University School of Law. Each year, the Law Review hosts its symposium on a topic that is timely and meaningful. This year, privacy and data security professionals from around the globe gathered to discuss the current and future effects of the General Data Protection Regulation (GDPR) that was implemented on May 25, 2018. The articles and essays that follow this Foreword are the product of this year’s symposium.

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Data-Informed Duties In Ai Development, Frank A. Pasquale

Faculty Scholarship

Law should help direct—and not merely constrain—the development of artificial intelligence (AI). One path to influence is the development of standards of care both supplemented and informed by rigorous regulatory guidance. Such standards are particularly important given the potential for inaccurate and inappropriate data to contaminate machine learning. Firms relying on faulty data can be required to compensate those harmed by that data use—and should be subject to punitive damages when such use is repeated or willful. Regulatory standards for data collection, analysis, use, and stewardship can inform and complement generalist judges. Such regulation will not only provide guidance to …

Collaborative Approaches To Blockchain Regulation: The Brooklyn Project Example, Patrick Berarducci

Cleveland State Law Review

Today, I am going to discuss, at a high level, blockchain technology—what it is, what are its unique features that could revolutionize markets and economies, and how it could impact law and regulation. That is a lot to cover—far too much in the time allotted. So I will keep things at a very high level and hopefully pique some interest in everyone to dig deeper on their own.

Conceptualizing The Regulation Of Virtual Currencies And Providers: Friction Points In State And Federal Approaches To Regulating Providers Of Payments Execution And Custody Services And Products In The United States, Sarah J. Hughes

Cleveland State Law Review

This essay evaluates the state of regulation by the United States government and State legislatures of participants in emerging virtual-currency businesses. It points to friction points as both the federal government and the States experiment with their own regulatory authority over virtual-currency businesses and provides a taxonomy of differing approaches to regulating such businesses. The essay takes the position that the States need to act in the near term if they wish to maintain their longstanding role as regulators of non-depository providers of financial products and services—or they risk being preempted by Congress or federal regulatory actions. This essay also …

Smart Contracts In Traditional Contract Law, Or: The Law Of The Vending Machine, Jonathan Rohr

Cleveland State Law Review

Smart contracts are the new norm, yet state legislatures and courts have not developed set rules and answers to legal disputes that these contracts create. Is traditional contract law sufficient? Or should we create an entirely new legislative or common law scheme to deal with these disputes? The common law has proven to be successful in dealing with new technologies and contracts, particularly because of its flexibility. Although a major overhaul may be in the future, there are still solutions that we can find today with the current legal landscape given the state of contract law and its evolution over …

Regtech, Compliance And Technology Judgement Rule, Nizan Geslevich Packin

Chicago-Kent Law Review

This Article focuses on the rise of Financial Technology, which revolutionized consumer financial service products, and challenged policymakers with regulating the rapidly evolving financial industry. In particular, it explores Regulatory Technology, also known as RegTech, which is the finance industry’s use of technology, especially information technology, in the context of regulatory monitoring, reporting and compliance. RegTech is designed to solve industry needs for a more effective and efficient way to automate corporate governance and compliance processes. Not only has FinTech proven to be a vital revenue source, especially in connection with lending or money transmission services, but it also helps …

Corporate Cybersecurity: The International Threat To Private Networks And How Regulations Can Mitigate It, Eric J. Hyla

Vanderbilt Journal of Entertainment & Technology Law

Cyberattacks are occurring at an accelerating pace. Foreign nations are increasingly utilizing hacking as a tool for economic gain, acts of aggression, or international political expression. At risk are US consumers'personal data, private firms' bottom line, and the economies'integrity. In response, federal and state lawmakers have issued a series of disparate, uncoordinated policies seeking to strengthen cybersecurity practices. However, recent events indicate that these policies are less than ideal. This Note suggests that a unified response to cybersecurity is required and calls for the establishment of a single, central federal agency with authority over all cybersecurity regulations. Such an agency …

The Gdpr’S Version Of Algorithmic Accountability, Margot Kaminski

Publications

No abstract provided.

Regulating Black-Box Medicine, W. Nicholson Price Ii

Michigan Law Review

Data drive modern medicine. And our tools to analyze those data are growing ever more powerful. As health data are collected in greater and greater amounts, sophisticated algorithms based on those data can drive medical innovation, improve the process of care, and increase efficiency. Those algorithms, however, vary widely in quality. Some are accurate and powerful, while others may be riddled with errors or based on faulty science. When an opaque algorithm recommends an insulin dose to a diabetic patient, how do we know that dose is correct? Patients, providers, and insurers face substantial difficulties in identifying high-quality algorithms; they …

Artificial Intelligence In Health Care: Applications And Legal Implications, W. Nicholson Price Ii

Articles

Artificial intelligence (AI) is rapidly moving to change the healthcare system. Driven by the juxtaposition of big data and powerful machine learning techniques—terms I will explain momentarily—innovators have begun to develop tools to improve the process of clinical care, to advance medical research, and to improve efficiency. These tools rely on algorithms, programs created from healthcare data that can make predictions or recommendations. However, the algorithms themselves are often too complex for their reasoning to be understood or even stated explicitly. Such algorithms may be best described as “black-box.” This article briefly describes the concept of AI in medicine, including …

The Oversimplification Of Deregulation: A Case Study On Clinical Decision Support Software, Deeva V. Shah

Michigan Telecommunications & Technology Law Review

Until the December 2016 passage of the Cures Act, the FDA had regulatory power over clinical decision support (CDS) software; however, the Act removed a large group of CDS software from the FDA’s statutory authority. Congressional intent was to increase innovation by removing regulatory blockades—such as device testing and certification—from the FDA’s purview. This note argues that the enactment of this specific provision of the Act will instead stymie innovation and overlook the unfortunate safety consequences inherent in its deregulation. CDS software is a burgeoning field ripe for innovation; however, rapid innovation can often lead to a slew of mistakes—mistakes …

Up In The Cloud: Finding Common Ground In Providing For Law Enforcement Access To Data Held By Cloud Computing Service Providers, Matthew Mckenna

Vanderbilt Journal of Transnational Law

Cloud computing is an everyday part of the modern world; a technology that is increasingly transcending international borders. Disregarding international borders allows cloud computing to operate more efficiently and thus provides better service to users. Yet, the global nature of cloud computing raises a question--what happens if multiple countries apply facially similar laws to cloud computing providers differently? This scenario is common, especially in the context of law enforcement seeking access to cloud computing data. The United States and the United Kingdom have similar laws regarding the government's ability to acquire users' data. Importantly, neither law explicitly addresses the question …

Need For Informed Consent In The Age Of Ubiquitous Human Testing, Caitlyn Kuhs

Loyola of Los Angeles Law Review

No abstract provided.

Regulating Software When Everything Has Software, Paul Ohm, Blake Reid

Publications

This Article identifies a profound, ongoing shift in the modern administrative state: from the regulation of things to the regulation of code. This shift has and will continue to place previously isolated agencies in an increasing state of overlap, raising the likelihood of inconsistent regulations and putting seemingly disparate policy goals, like privacy, safety, environmental protection, and copyright enforcement, in tension. This Article explores this problem through a series of case studies and articulates a taxonomy of code regulations to help place hardware-turned-code rules in context. The Article considers the likely turf wars, regulatory thickets, and related dynamics that are …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Agency Boundaries And Network Neutrality, Tejas N. Narechania

Tejas N. Narechania

Regulating Mass Surveillance As Privacy Pollution: Learning From Environmental Impact Statements, A. Michael Froomkin

A. Michael Froomkin

US law has remarkably little to say about mass surveillance in public, a failure which has allowed the surveillance to grow at an alarming rate – a rate that is only set to increase. This article proposes ‘Privacy Impact Notices’ (PINs) — modeled on Environmental Impact Statements — as an initial solution to this problem. Data collection in public (and in the home via public spaces) resembles an externality imposed on the person whose privacy is reduced involuntarily; it can also be seen as a market failure caused by an information asymmetry. Current doctrinal legal tools available to respond to …