Law Commons^™

“Can I Have It Non-Personalised?” An Empirical Investigation Of Consumer Willingness To Share Data For Personalized Services And Ads, Monika Leszczynska, Daria Baltag

Faculty Scholarship

European regulators, courts, and scholars are currently debating the legality of data processing for personalization purposes. Should businesses require separate consent for processing user data for personalized advertising, especially when offering free services reliant on such ads for revenue? Or is general consent for the contract enough, given personalized advertising’s role in fulfilling contractual obligations? This study investigates whether these legal distinctions reflect differences in people’s willingness to share data with businesses for personalization. Are consumers less willing to share their data for personalized advertising than for personalized services that they clearly contracted for? Does that change if the service …

Research Access To Social Media Data: Lessons From Clinical Trial Data Sharing, Christopher J. Morten, Gabriel Nicholas, Salomé Vilgoen

Articles

For years, social media companies have sparred with lawmakers over how much independent access to platform data they should provide researchers. Sharing data with researchers allows the public to better understand the risks and harms associated with social media, including areas such as misinformation, child safety, and political polarization. Yet researcher access is controversial. Privacy advocates and companies raise the potential privacy threats of researchers using such data irresponsibly. In addition, social media companies raise concerns over trade secrecy: the data these companies hold and the algorithms powered by that data are secretive sources of competitive advantage. This Article shows …

The Great Scrape: The Clash Between Scraping And Privacy, Daniel J. Solove, Woodrow Hartzog

Faculty Scholarship

Artificial intelligence (AI) systems depend on massive quantities of data, often gathered by “scraping” – the automated extraction of large amounts of data from the internet. A great deal of scraped data is about people. This personal data provides the grist for AI tools such as facial recognition, deep fakes, and generative AI. Although scraping enables web searching, archival, and meaningful scientific research, scraping for AI can also be objectionable or even harmful to individuals and society.

Organizations are scraping at an escalating pace and scale, even though many privacy laws are seemingly incongruous with the practice. In this Article, …

Two Visions Of Digital Sovereignty, Sujit Raman

Joint PIJIP/TLS Research Paper Series

No abstract provided.

A Trusted Framework For Cross-Border Data Flows, Alex Joel

Joint PIJIP/TLS Research Paper Series

The German Marshall Fund of the United States (GMF), in cooperation with the Tech, Law and Security Program (TLS) of the American University Washington College of Law, and with support from Microsoft, convened a Global Taskforce to Promote Trusted Sharing of Data comprising experts from civil society, academia, and industry to submit proposals for harmonizing approaches to global data use and sharing. Former US Ambassador to the Organisation for Economic Co-operation and Development (OECD) and GMF Distinguished Fellow Karen Kornbluh and Microsoft Chief Privacy Officer and Corporate Vice President Julie Brill co-chaired the taskforce; TLS Senior Project Director Alex Joel …

On The Danger Of Not Understanding Technology, Fredric I. Lederer

Popular Media

No abstract provided.

Who Owns Data? Constitutional Division In Cyberspace, Dongsheng Zang

Articles

Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property …

Understanding Dark Patterns In Home Iot Devices, Monica Kowalczyk, Johanna Gunawan, David Choffnes, Daniel J. Dubois, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Internet-of-Things (IoT) devices are ubiquitous, but little attention has been paid to how they may incorporate dark patterns despite consumer protections and privacy concerns arising from their unique access to intimate spaces and always-on capabilities. This paper conducts a systematic investigation of dark patterns in 57 popular, diverse smart home devices. We update manual interaction and annotation methods for the IoT context, then analyze dark pattern frequency across device types, manufacturers, and interaction modalities. We find that dark patterns are pervasive in IoT experiences, but manifest in diverse ways across device traits. Speakers, doorbells, and camera devices contain the most …

Brokered Abuse, Thomas E. Kadri

Scholarly Works

Data brokers are abuse enablers. These companies, which traffic information about people for profit, facilitate interpersonal abuse by making it easier to find and contact people. By thwarting people’s obscurity, brokers expose them to physical, psychological, financial, and reputational harm. To date, there have been four common legal responses to this situation: prohibiting abusive acts, mandating broker transparency, limiting data collection, and restricting data disclosure. Though these measures each have some merit, none is adequate, and several recent privacy laws have even made matters worse. Put simply, the current legal landscape is neither effective nor empathetic.

This Essay explores the …

Collective Data Rights And Their Possible Abuse, Asaf Lubin

Articles by Maurer Faculty

No abstract provided.

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Designing Respectful Tech: What Is Your Relationship With Technology?, Noreen Y. Whysel

Publications and Research

According to research at the Me2B Alliance, people feel they have a relationship with technology. It’s emotional. It’s embodied. And it’s very personal. We are studying digital relationships to answer questions like “Do people have a relationship with technology?” “What does that relationship feel like?” And “Do people understand the commitments that they are making when they explore, enter into and dissolve these relationships?” There are parallels between messy human relationships and the kinds of relationships that people develop with technology. As with human relationships, we move through states of discovery, commitment and breakup with digital applications as well. Technology …

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

The Surprising Virtues Of Data Loyalty, Neil M. Richards, Woodrow Hartzog

Scholarship@WashULaw

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

Legislating Data Loyalty, Neil M. Richards, Woodrow Hartzog

Scholarship@WashULaw

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Understanding Chilling Effects, Jonathon Penney

Articles, Book Chapters, & Popular Press

With digital surveillance and censorship on the rise, the amount of data available online unprecedented, and corporate and governmental actors increasingly employing emerging technologies like artificial intelligence (AI), machine learning, and facial recognition technology (FRT) for surveillance and data analytics, concerns about “chilling effects”, that is, the capacity for these activities “chill” or deter people from exercising their rights and freedoms have taken on greater urgency and importance. Yet, there remains a clear dearth in systematic theoretical and empirical work point. This has left significant gaps in understanding. This article has attempted to fill that void, synthesizing theoretical and empirical …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Artificial Intelligence And Trade, Anupam Chander

Georgetown Law Faculty Publications and Other Works

Artificial Intelligence is already powering trade today. It is crossing borders, learning, making decisions, and operating cyber-physical systems. It underlies many of the services that are offered today – from customer service chatbots to customer relations software to business processes. The chapter considers AI regulation from the perspective of international trade law. It argues that foreign AI should be regulated by governments – indeed that AI must be ‘locally responsible’. The chapter refutes arguments that trade law should not apply to AI and shows how the WTO agreements might apply to AI using two hypothetical cases . The analysis reveals …

Digital Gatekeepers, Thomas E. Kadri

Scholarly Works

If in William Blackstone's time we might have thought of a person's home as their castle, in Mark Zuckerberg's time we might say that their website is too. Under cyber-trespass laws like the Computer Fraud and Abuse Act, courts have treated online platforms as digital gatekeepers--as property owners that may permit and restrict access to websites much like landowners may do with private land in the real world. If platforms withhold their consent through words or inference, cyber-trespass laws let them enforce their preferences about who may access their services and gather information from the internet. Concerned about reputations and …

The Republic Of Letters And The Origins Of Scientific Knowledge Commons, Michael J. Madison

Book Chapters

The knowledge commons framework, deployed here in a review of the early network of scientific communication known as the Republic of Letters, combines a historical sensibility regarding the character of scientific research and communications with a modern approach to analyzing institutions for knowledge governance. Distinctions and intersections between public purposes and privacy interests are highlighted. Lessons from revisiting the Republic of Letters as knowledge commons may be useful in advancing contemporary discussions of Open Science.

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

Agonistic Privacy & Equitable Democracy, Scott Skinner-Thompson

Publications

This Essay argues that legal privacy protections—which enable individuals to control their visibility within public space—play a vital role in disrupting the subordinating, antidemocratic impacts of surveillance and should be at the forefront of efforts to reform the operation of both digital and physical public space. Robust privacy protections are a touchstone for empowering members of different marginalized groups with the ability to safely participate in both the physical and digital public squares, while also preserving space for vibrant subaltern counterpublics. By increasing heterogeneity within the public sphere, privacy can also help decrease polarization by breaking down echo chambers and …

The First Amendment, Common Carriers, And Public Accommodations: Net Neutrality, Digital Platforms, And Privacy, Christopher S. Yoo

All Faculty Scholarship

Recent prominent judicial opinions have assumed that common carriers have few to no First Amendment rights and that calling an actor a common carrier or public accommodation could justify limiting its right to exclude and mandating that it provide nondiscriminatory access. A review of the history reveals that the underlying law is richer than these simple statements would suggest. The principles for determining what constitutes a common carrier or a public accommodation and the level of First Amendment protection both turn on whether the actor holds itself out as serving all members of the public or whether it asserts editorial …

Good Health And Good Privacy Go Hand-In-Hand (Originally Published By Jnslp), Jennifer Daskal

Joint PIJIP/TLS Research Paper Series

No abstract provided.

The Law Of Black Mirror - Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Using episodes from the show Black Mirror as a study tool - a show that features tales that explore techno-paranoia - the course analyzes legal and policy considerations of futuristic or hypothetical case studies. The case studies tap into the collective unease about the modern world and bring up a variety of fascinating key philosophical, legal, and economic-based questions.

Is Data Localization A Solution For Schrems Ii?, Anupam Chander

Georgetown Law Faculty Publications and Other Works

For the second time this decade, the Court of Justice of the European Union has struck a blow against the principal mechanisms for personal data transfer to the United States. In Data Protection Commissioner v Facebook Ireland, Maximillian Schrems, the Court declared the EU-US Privacy Shield invalid and placed significant hurdles to the process of transferring personal data from the European Union to the United States via the mechanism of Standard Contractual Clauses. Many have begun to suggest data localization as the solution to the problem of data transfer; that is, don’t transfer the data at all. I argue …

Cybersecurity-Cybercrime-The Legal Environment, Amy J. Ramson

Open Educational Resources

This presentation covers the legal environment of cybercrime to date. It addresses: the challenges of law enforcement; federal government vs. sate jurisdiction of cybercrime; law enforcement department and agencies which handle cybercrime; criminal statutes and privacy statutes.

Automation In Moderation, Hannah Bloch-Wehba

Faculty Scholarship

This Article assesses recent efforts to encourage online platforms to use automated means to prevent the dissemination of unlawful online content before it is ever seen or distributed. As lawmakers in Europe and around the world closely scrutinize platforms’ “content moderation” practices, automation and artificial intelligence appear increasingly attractive options for ridding the Internet of many kinds of harmful online content, including defamation, copyright infringement, and terrorist speech. Proponents of these initiatives suggest that requiring platforms to screen user content using automation will promote healthier online discourse and will aid efforts to limit Big Tech’s power.

In fact, however, the …