Law Commons^™

Do Not Touch My Data: Exploring A Disclosure-Based Framework To Address Data Access, Francis Morency

Washington and Lee Journal of Civil Rights and Social Justice

Companies have too much control over people’s information. In the data marketplace, companies package and sell individuals’ data, and these individuals have little to no bargaining power over the process. Companies may freely buy and sell people’s data in the private sector for targeted marketing and behavior manipulation. In the justice system, an unchecked data marketplace leaves black and brown communities vulnerable to serious data access issues caused by predictive sentencing, for example. Risk assessment algorithms in predictive sentencing rely on data on individuals and run all relevant data points to provide the likelihood that a defendant will recidivate low …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Responding To Deficiencies In The Architecture Of Privacy: Co-Regulation As The Path Forward For Data Protection On Social Networking Sites, Laurent Cre ́Peau

Canadian Journal of Law and Technology

Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Fixing What’S Broken: The Outdated Guidelines Of The Sca And Its Application To Modern Information Platforms, Lutfi Barakat

Touro Law Review

In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to afford privacy protections to electronic communications and it has not changed since its inception. The ECPA has proven problematic as technology has advanced, but Congress has not modified the law to reflect this change. Courts have struggled to apply the law to both old technologies that have been updated and new technologies that have emerged. The ECPA needs to be revised to reflect the new advances in technology or be repealed and replaced with a new approach. This will ensure that consumer data will be safeguarded while in the …

Data-Informed Duties In Ai Development, Frank A. Pasquale

Faculty Scholarship

Law should help direct—and not merely constrain—the development of artificial intelligence (AI). One path to influence is the development of standards of care both supplemented and informed by rigorous regulatory guidance. Such standards are particularly important given the potential for inaccurate and inappropriate data to contaminate machine learning. Firms relying on faulty data can be required to compensate those harmed by that data use—and should be subject to punitive damages when such use is repeated or willful. Regulatory standards for data collection, analysis, use, and stewardship can inform and complement generalist judges. Such regulation will not only provide guidance to …

Prioritizing Privacy In The Courts And Beyond, Babette Boliek

Cornell Law Review

Big data has affected American life and business in a variety of ways—inspiring both technological development and industrial change. The legal protections for a person’s right to his or her own personal information, however, have not matched the growth in the collection and aggregation of data. These legal shortcomings are exacerbated when third party privacy interests are at stake in litigation. Judicial orders to compel sensitive data are expressly permitted even under the few privacy statutes that may limit data transfers. Historically, the Federal Rules of Civil Procedure favor generous disclosure of information. But as litigation becomes more technical and …

Innovation And Tradition: A Survey Of Intellectual Property And Technology Legal Clinics, Cynthia L. Dahl, Victoria F. Phillips

All Faculty Scholarship

For artists, nonprofits, community organizations and small-business clients of limited means, securing intellectual property rights and getting counseling involving patent, copyright and trademark law are critical to their success and growth. These clients need expert IP and technology legal assistance, but very often cannot afford services in the legal marketplace. In addition, legal services and state bar pro bono programs have generally been ill-equipped to assist in these more specialized areas. An expanding community of IP and Technology clinics has emerged across the country to meet these needs. But while law review articles have described and examined other sectors of …

Data Protection In Nigeria: Addressing The Multifarious Challenges Of A Deficient Legal System, Roland Akindele

Journal of International Technology and Information Management

This paper provides an overview of the current state of privacy and data protection policies and regulations in Nigeria. The paper contends that the extant legal regime in Nigeria is patently inadequate to effectively protect individuals against abuse resulting from the processing of their personal data. The view is based on the critical analysis of the current legal regime in Nigeria vis-à-vis the review of some vital data privacy issues. The paper makes some recommendations for the reform of the law.

The Inadequate, Invaluable Fair Information Practices, Woodrow Hartzog

Maryland Law Review

No abstract provided.

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

The Shaky Ground Of The Right To Be Delisted, Miquel Peguera

Miquel Peguera

It has long been discussed whether individuals should have a “right to be forgotten” online to suppress old information that could seriously interfere with their privacy and data protection rights. In the landmark case of Google Spain v AEPD, the Court of Justice of the European Union addressed the particular question of whether, under EU Data Protection Law, individuals have a right to have links delisted from the list of search results, in searches made on the basis of their name. It found that they do have this right – which can be best described as a “right to be …

The Political Economy Of Data Protection, Peter K. Yu

Peter K. Yu

Information is the lifeblood of a knowledge-based economy. The control of data and the ability to translate them into meaningful information is indispensable to businesspeople, policymakers, scientists, engineers, researchers, students, and consumers. Having useful, and at times exclusive, information improves productivity, advances education and training, and helps create a more informed citizenry. In the past two decades, those who collected or obtained access to a large amount of data began to explore ways to use the collected data as an income stream. Because the then-existing laws did not offer adequate protection for that particular purpose, they actively lobbied for stronger …

The Singapore Personal Data Protection Act And An Assessment Of Future Trends In Data Privacy, Warren B. Chik

Warren Bartholomew CHIK

In the first part of this paper, I will present and explain the Singapore Personal Data Protection Act (“PDPA”) in the context of legislative developments in the Asian region and against the well-established international baseline privacy standards. In the course of the above evaluation, reference will be made to the national laws and policy on data privacy prior to the enactment of the PDPA as well as current social and market practices in relation to personal data. In the second part of this paper, I will decipher and assess the future trends in data privacy reform and the future development …

Cloud Computing E Protezione Dei Dati Nel Web 3.0 (Cloud Computing And Data Protection In The Web 3.0), Guido Noto La Diega

Guido Noto La Diega

‘Cloud computing’ in simplified terms can be understood as the storing, processing and use of data on remotely located computers accessed over the internet. This means that users can command almost unlimited computing power on demand, that they do not have to make major capital investments to fulfil their needs and that they can get to their data from anywhere with an internet connection (COM(2012) 529 final, unleashing the potential of cloud computing in Europe). The essay focuses on the problems of privacy and data security in european law and italian law from the perspective of cloud computing. Italian Abstract: …

The Singapore Personal Data Protection Act And An Assessment Of Future Trends In Data Privacy, Warren B. Chik

Research Collection Yong Pung How School Of Law

In the first part of this paper, I will present and explain the Singapore Personal Data Protection Act (“PDPA”) in the context of legislative developments in the Asian region and against the well-established international baseline privacy standards. In the course of the above evaluation, reference will be made to the national laws and policy on data privacy prior to the enactment of the PDPA as well as current social and market practices in relation to personal data. In the second part of this paper, I will decipher and assess the future trends in data privacy reform and the future development …

New Institutions For The Protection Of Privacy And Personal Dignity In Internet Communication – “Information Broker”, “Private Cyber Courts” And Network Of Contracts, Karl-Heinz Ladeur

Karl-Heinz Ladeur

Symposium "Beyond Montesquieu: Re-thinking the architecture of contemporary governance" (Dublin, March 2012): The internet needs new types of legal ordering, which are adapted to self-regulation and the rapid transformation of knowledge and social norms. Data protection, public investigation, “social media” and financial markets challenge the classical orientation of the legal system towards individual behaviour. The new “addressees” of law are networks as quasi-subjects. New regimes of proceduralisation can structure the development of a “net-friendly” paradigm of a law beyond the individual. The article tries to demonstrate the feasibility of such a model with reference to the above-mentioned challenges.

In The Middle: Creating A Middle Road Between U.S. And Eu Data Protection Policies, Carolyn Hoang

Journal of the National Association of Administrative Law Judiciary

The first section of this paper examines the historical differences that have led to the American approach to privacy and the European approach to privacy. The second section will examine the current U.S. model, and the third section will examine the EU model. Next, the fourth section will compare and contrast the two models. Finally, the last section will argue that the U.S. should have a regulatory agency and describe how that should look and run.

The Business Of Privacy, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Face-To-Data -- Another Developing Privacy Threat?, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

After Privacy: The Rise Of Facebook, The Fall Of Wikileaks, And Singapore’S Personal Data Protection Act 2012, Simon Chesterman

Simon Chesterman

This article discusses the changing ways in which information is produced, stored, and shared — exemplified by the rise of social-networking sites like Facebook and controversies over the activities of WikiLeaks — and the implications for privacy and data protection. Legal protections of privacy have always been reactive, but the coherence of any legal regime has also been undermined by the lack of a strong theory of what privacy is. There is more promise in the narrower field of data protection. Singapore, which does not recognise a right to privacy, has positioned itself as an e-commerce hub but had no …

Data Protection: Idealisms And Realisms, Rebecca Wong Dr

Dr Rebecca Wong

Following proposals to consider revising the Data Protection Directive 95/46/EC (DPD) in 2011, have the changes addressed the main areas of concern that have been the focus of much discussion? The areas of concern include the application of the Directive in the online age, particularly to social networking sites and cloud computing; the minimum/maximum standard approach by the EU Member States to data protection; the relevance and application of the data protection principles. These are some of the issues that were considered in the recent Art. 29 Working Party’s Opinion on the Future of Privacy. The article will use this …

The Challenge Of "Big Data" For Data Protection, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Data Protection: The Challenges Facing Social Networking, Rebecca Wong Dr

Dr Rebecca Wong

The popularity of social networking sites has increased dramatically over the past decade. A recent report indicated that thirty-eight percent of online users have a social networking profile. Many of these social networking site users (SNS users) post or provide personal information over the internet every day. According to the latest OfCom study, the average adult SNS user has profiles on 1.6 sites and most check their profiles at least once every other day. However, the recent rise in social networking activity has opened the door to the misuse and abuse of personal information through identity theft, cyber stalking, and …

Social Networking: A Conceptual Analysis Of A Data Controller, Rebecca Wong

Dr Rebecca Wong

This article updates a working party looking at the definition of a "data controller" under the Data Protection Directive 95/46/EC within the context of a social networking environment. In brief, the article considers twhether the phenomenom of social networking (through Facebook (FB), MySpace and Bebo) has produced unintended consequences in the interpretation and application of the Data Protection Directive 95/46/EC to the online environment. The Data Protection Directive 95/46/EC defines a "data controller" broadly to refer to the 'natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means …

The Political Economy Of Data Protection, Peter K. Yu

Chicago-Kent Law Review

Information is the lifeblood of a knowledge-based economy. The control of data and the ability to translate them into meaningful information is indispensable to businesspeople, policymakers, scientists, engineers, researchers, students, and consumers. Having useful, and at times exclusive, information improves productivity, advances education and training, and helps create a more informed citizenry. In the past two decades, those who collected or obtained access to a large amount of data began to explore ways to use the collected data as an income stream. Because the then-existing laws did not offer adequate protection for that particular purpose, they actively lobbied for stronger …

Returning To A Principled Basis For Data Protection, Gus Hosein

Chicago-Kent Law Review

Society must remain conscious of both pragmatic and principle-based rationales for information security rules. The identity card debate in the United Kingdom provides an example of exactly why a governmental information security approach that is sensitive to civil liberties would be the best approach to data protection. In contrast, we should be cautious of a balancing test that places security in parity with civil liberties and, therefore, erroneously allows pragmatism to triumph over principle.

Ip Addresses And Personal Data: K.U. V Finland, Karen Mccullagh

Karen McCullagh

Classifying IP addresses as personal data could have serious implications for search engines and many other electronic businesses, in particular, the personalised advertising business model of the Internet. Recent court decisions have not clarified the position, so businesses that log IP addresses should proceed with caution.

What Is 'Private' Data?, Karen Mccullagh

Karen McCullagh

The development of a frontier-free Internal Market and of the so-called 'information society' have resulted in an increase in the flow of personal data between EU Member States. To remove potential obstacles to such transfers data protection legislation was introduced. One of the underpinning principles of Directive 95/46/EC is the protection of privacy. Yet, the legislation does not provide a conclusive understanding of the terms ‘privacy’ or ‘private’ data. Rather, privacy protection is to be achieved through the regulation of the conditions under which personal data may be processed. An assessment of whether, 10 years after the enactment of the …

Personal Medical Information: Privacy Or Personal Data Protection?, Wilhelm Peekhaus

Canadian Journal of Law and Technology

Some of the existing literature concerning the privacy of health information seems to suggest that medical information has a particularly special nature; either through its oft-cited association with dignity or the need for its ‘‘unobstructed’’ use by health care practitioners for a variety of reasons. It is against such a backdrop that this paper will review and compare a number of legislative mechanisms that have been designed to meet the challenge of safeguarding the privacy of personal information without completely hindering the continued flow of information required by economic and health care systems. An attempt will be made to situate …