Law Commons^™

Dude, Where’S My Data? A Legislative Band-Aid For Data Brokers’ Bullet Hole In Consumer Privacy Protection, Emily Bushman

Catholic University Law Review

The development and proliferation of the Internet, GPS, cell phones, social media, and the associated data that support these now ubiquitous technologies have created a new ecosystem of information making up a person’s digital identity. Our digital footprints have traditionally been subject to different levels of privacy protection depending upon the kind of data at issue. Over time, court decisions have revealed tensions and a lack of consistency on the question of how the protections guaranteed by the Fourth Amendment apply to an individual’s digital footprint and their reasonable expectations of privacy over it. This Comment will examine the gaps …

Going Cashless: Privacy Implications For Gun Control In A Digital Economy, Liza Goldenberg

The Journal of Business, Entrepreneurship & the Law

This paper will examine how, given the United States’ shift toward a cashless economy, the country’s top credit-card companies’ potential decision to implement a new merchant code for firearm-related transactions as a method of gun control will backfire, jeopardizing consumer privacy and leading to unregulated transactions through cryptocurrencies. Since the majority of gun violence stems from firearm transactions not involving credit cards, credit-card companies should abandon the new merchant code that dissuades Americans from exercising their fundamental rights. The American economy should focus on slowing the shift toward a digital economy so that federal and state governments can implement legislation …

When Ai Remembers Too Much: Reinventing The Right To Be Forgotten For The Generative Age, Cheng-Chi Chang

Washington Journal of Law, Technology & Arts

The emergence of generative artificial intelligence (AI) systems poses novel challenges for the right to be forgotten. While this right gained prominence following the 2014 Google Spain v. Gonzalez case, generative AI’s limitless memory and ability to reproduce identifiable data from fragments threaten traditional conceptions of forgetting. This Article traces the evolution of the right to be forgotten from its privacy law origins towards an independent entitlement grounded in self-determination for personal information. However, it contends the inherent limitations of using current anonymization, deletion, and geographical blocking mechanisms to prevent AI models from retaining personal data render forgetting infeasible. Moreover, …

Social Media: One Of Fast Fashion’S Biggest Influencers Why Legal Intervention Is Essential To Reduce Social Media’S Promotion Of Fast Fashion– An Industry Founded On Unsustainable Business Practices, Abigail Mccann

Student Journal of Information Privacy Law

The purpose of this paper is to convey why legal intervention is an essential step in curtailing social media’s promotion of fast fashion, which often occurs through brand utilization of various predatory advertising methods. Research has suggested growing opposition to both social media and clothing regulations. As a result, the most proactive way to confront the issue is by attacking corporate activity head-on. This will occur through the implementation of a mandatory three-factor sustainability compliance program, required for all fast fashion corporations advertising via social media. Additionally, to ensure brand transparency, compliance with the program will require the publication of …

Examining Netchoice And Murthy: Content Moderation In The Hands Of The Supreme Court, Devin B. Forbush

Student Journal of Information Privacy Law

The right to free speech is often justified by the idea that an undisturbed marketplace of ideas is an essential ingredient for a healthy democracy. While in many cases we may believe the views espoused by that speech are incorrect, ignorant, or even harmful, those reasons do not justify silencing those views. In 2024, there is a clear social divide between social media platforms’ content-moderation practices. On one side, anti-moderation advocates opine that social media platforms have a distinct and pervasive bias in moderating user content and viewpoints indiscriminately. On the other side, many advocates contend that social media platforms …

Who Should Be Liable? Examining The Corporate Liability Regime For Cybersecurity Risks, Angel R. Gardner

Student Journal of Information Privacy Law

The growth of the Internet of Things (IoT) poses new and substantial security risks for individual and national security. The IoT leaves networks susceptible to hacking, a form of unauthorized access into another person’s system or device. All devices that use the IoT are at risk of unauthorized access—a few examples include vehicles or medical devices. Currently, there are no regulations requiring corporations to protect their software from unauthorized intrusions. However, the current tort landscape does not allow for individuals to recover when there are unauthorized network intrusions where there is no tangible harm. This paper discusses why cybersecurity intrusions …

Taking Matters Into Your Own Hands; Using The Private Rights Of Action In Udap Statutes To Hold Businesses Accountable For Data Breaches, Deirdre Sullivan

Student Journal of Information Privacy Law

The private rights of action in state unfair and deceptive acts and practices (UDAP) laws present a promising way for consumers to recover after a data breach. Plaintiffs’ attorneys have faced challenges in pleading data breach claims under negligence, unjust enrichment, and state data breach notification theories—significantly their challenges stem from issues with standing. UDAP statutes, modeled after s.5 of the FTC Act, present a plausible path to recovery for plaintiffs, with more success in regard to issues of standing. This paper will analyze UDAP claims in four different states and explore the success plaintiffs have had so far, and …

Editorial Board Vol. 2. No.1 (2024), Hannah Babinski Editor-In-Chief

Student Journal of Information Privacy Law

Masthead Editorial Board Vol. 2. No.1 (2024)

An Inadequate Band-Aid: Existing Privacy Law Has Uncertain Application To Web-Scraped Personal Information Used To Train Ai, Jody L. Eckman

Student Journal of Information Privacy Law

To legislate high-growth technology requires fine-tuned balance, but the current state of AI legislation swings in favor of AI providers given U.S. lawmakers near non-existent response. From healthcare to education, the financial industry to the legal field, AI has gained a grip stronger than any legal band-aid lawmakers might believe to be in place and protecting consumers. I argue that based on a survey of current U.S. legislation, AI providers are being given the chance to have their cake and eat it too at the expense of consumers’ rights. Such a perfectly permissible feast is why lawmakers must promptly and …

The Right To Privacy And The Japanese Constitution, Mark A. Sayre

Student Journal of Information Privacy Law

Much focus has been placed on the rapid adoption of laws and regulations governing information and data privacy around the globe. While such laws and regulations are undoubtedly critical in quelling increasing concerns about invasions of privacy enabled by technological advancements, a focus on new laws and regulations alone overlooks a critical and more foundational source of privacy rights—national constitutions. This paper analyzes whether a right to privacy exists under the Japanese Constitution and how the nature and scope of such a right is impacted by Japanese culture. An overview of key early court cases framing the right to privacy …

Privacy’S Commodification And The Limits Of Antitrust, Jeffrey L. Vagle

Arkansas Law Review

This Article argues that the buying and selling of personal data forms what Debra Satz calls a “noxious market,” and, thus, any regulation of information privacy should not accept or depend upon its commodification but should stand on its own. This Article proceeds in three parts. Part I first lays out the history and effects of data commodification, arguing that the market created by this commodification is noxious and undesirable. Part II examines the renewal of antitrust’s purpose as a regulatory tool, especially in the context of its use in the regulation of large technology firms. Finally, Part III argues …

Implementing Information Fiduciaries, Samuel E. Marticke

Georgia State University Law Review

This Note discusses the information fiduciary model, proposed by Jack Balkin, where fiduciary duties would be imposed on data collectors and analyzes how such a model could come to pass in the United States.

Secrecy On Steroids: How Overzealous State Confidentiality Laws Expose Leakers And Whistleblowers To Retaliatory Prosecution, Frank D. Lomonte, Anne Marie Tamburro

University of Miami Law Review

It is well-documented that the federal government has a secrecy problem. Thousands of times a year, inconsequential documents are needlessly stamped “classified,” which can mean prison for anyone who leaks them. But the addiction to secrecy doesn’t stop with the Pentagon. State public-records statutes are riddled with their own local version of “classified information” that puts people at risk of prosecution even for well-intentioned whistleblowing.

The problem is particularly acute in Florida, where one of the state’s highest-ranking elected officials spent almost two years as the target of a criminal investigation for releasing records about an unresolved sexual harassment complaint …

Privacy Or Safety? The Use Of Cameras To Combat Special Ed Abuse, Sarah M. Benites

University of Massachusetts Law Review

Self-contained classroom students face abuse from educators at disproportionate rates compared to general education students. To combat the abuse, several jurisdictions, including Massachusetts, have proposed or enacted bills enabling cameras to be placed in self-contained classrooms. This has sparked privacy concerns, particularly regarding whether the usage would amount to an infringement on the Fourth Amendment rights of students and educators. This note argues that surveillance is an ineffective deterrent to prevent violent and abusive behavior and should not justify bypassing potential privacy and constitutional violations. It outlines the relevant case law regarding students and teachers and apply these standards to …

How Close Is Close Enough: A Step-By-Step Analysis To Resolve The Circuit Split Created By Misunderstanding The Spokeo Ruling, Cason Shipp

St. Mary's Law Journal

No abstract provided.

The Post-Dobbs Reality: Privacy Expectations For Period-Tracking Apps In Criminal Abortion Prosecutions, Sophie L. Nelson

Pepperdine Law Review

The Supreme Court’s decision to overturn Roe v. Wade and Planned Parenthood v. Casey in June 2022 was met with waves of both support and criticism throughout the United States. Several states immediately implemented or began drafting trigger laws that criminalize seeking and providing an abortion. These laws prompted several period-tracking app companies to encrypt their users’ data to make it more difficult for the government to access period- and pregnancy-related information for criminal investigations. This Comment explores whether the Fourth Amendment and U.S. privacy statutes protect users of period-tracking apps from government surveillance. More specifically, this Comment argues that …

Barcoding Bodies: Rfid Technology And The Perils Of E-Carceration, Jackson Samples

Duke Law & Technology Review

Electronic surveillance now plays a central role in the criminal legal system. Every year, hundreds of thousands of people are tracked by ankle monitors and smartphone technology. And frighteningly, commentators and policymakers have now proposed implanting radio frequency identification (“RFID”) chips into people’s bodies for surveillance purposes. This Note examines the unique risks of these proposals—particularly with respect to people on probation and parole—and argues that RFID implants would constitute a systematic violation of individual privacy and bodily integrity. As a result, they would also violate the Fourth Amendment.

National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer

Fordham Law Review

This Essay contends that data infrastructure, when implemented on a national scale, can transform the way we conceptualize artificial intelligence (AI) governance. AI governance is often viewed as necessary for a wide range of strategic goals, including national security. It is widely understood that allowing AI and generative AI to remain self-regulated by the U.S. AI industry poses significant national security risks. Data infrastructure and AI oversight can assist in multiple goals, including: maintaining data privacy and data integrity; increasing cybersecurity; and guarding against information warfare threats. This Essay concludes that conceptualizing data infrastructure as a form of critical infrastructure …

Skirting The Fourth Amendment: How Law Enforcement Agencies Abuse Technology And Constitutional Exceptions To Surveille The Public, Matthew Lloyd

Washington and Lee Journal of Civil Rights and Social Justice

Existing Fourth Amendment law does not protect against law enforcement use of data gathered through the internet either by private companies who actively search their customer’s data and submit evidence of misconduct to law enforcement or from private companies who acquire the data on behalf of law enforcement. In an effort to pursue criminals, courts have permitted Fourth Amendment jurisprudence to develop in a manner that permits sweeping invasions of privacy without any probable cause through the private search doctrine or without any procedural protections through the third-party doctrine. It will require substantial judicial or legislative action to return the …

Personal Data And Vaccination Hesitancy: Covid-19’S Lessons For Public Health Federalism, Charles D. Curran

Catholic University Law Review

During the COVID-19 vaccination campaign, the federal government adopted a more centralized approach to the collection of public health data. Although the states previously had controlled the storage of vaccination information, the federal government’s Operation Warp Speed plan required the reporting of recipients’ personal information on the grounds that it was needed to monitor the safety of novel vaccines and ensure correct administration of their multi-dose regimens.

Over the course of the pandemic response, this more centralized federal approach to data collection added a new dimension to pre-existing vaccination hesitancy. Requirements that recipients furnish individual information deterred vaccination among undocumented …

Fitting A Block Into A Sphere Mold: The Inadequacy Of Current Data Privacy Regulations In Protecting Data Privacy Within The Blockchain Space, Jenny Yang

Washington and Lee Journal of Civil Rights and Social Justice

Despite global imposition of data privacy laws and regulations, data privacy is a nonexistent luxury amongst the data-charged world we live in. Data privacy has long been established as a fundamental right. Entities have successfully established robust methodologies around existing data privacy laws and regulations to utilize past consumer behavior to predict, impact and manipulate current and future consumer behaviors. This phenomenon has been commonly coined as “corporate surveillance.” Emerging spaces arising through technological developments have greater access into consumer data to impact economic choices. Specifically, the blockchain space, through its unique open-source and permanent traits, has been able to …

The Lack Of Responsibility Of Higher Educaiton Institutions In Addressing Phishing Emails And Data Breaches, Muxuan (Muriel) Wang

Duke Law & Technology Review

Higher education institutions (HEIs) are highly susceptible to cyberattacks, particularly those facilitated through phishing, due to the substantial volume of confidential student and staff data and valuable research information they hold. Despite federal legislations focusing on bolstering cybersecurity for critical institutions handling medical and financial data, HEIs have not received similar attention. This Note examines the minimal obligations imposed on HEIs by existing federal and state statutes concerning data breaches, the absence of requirements for HEIs to educate employees and students about phishing attacks, and potential strategies to improve student protection against data breaches.

My Body, Whose Choice? A Case For A Fundamental Right To Bodily Autonomy, Miri Trauner

Brooklyn Law Review

In 2022, the US Supreme Court decided Dobbs v. Jackson Women’s Health Organization, which overturned Roe v. Wade and the fundamental right to abortion it had established nearly fifty years prior. The Court’s decision threw into uncertainty the future of not only reproductive rights in this country, but also many other individual rights. At the same time as the decision, the world was still reeling from a global pandemic, and the development of COVID-19 vaccines had spurred widespread controversy over the constitutionality of vaccine mandates. Both advocates for abortion access and opponents to vaccine mandates shared a common cry: “my …

Critical Data Theory, Margaret Hu

William & Mary Law Review

Critical Data Theory examines the role of AI and algorithmic decisionmaking at its intersection with the law. This theory aims to deconstruct the impact of AI in law and policy contexts. The tools of AI and automated systems allow for legal, scientific, socioeconomic, and political hierarchies of power that can profitably be interrogated with critical theory. While the broader umbrella of critical theory features prominently in the work of surveillance scholars, legal scholars can also deploy criticality analyses to examine surveillance and privacy law challenges, particularly in an examination of how AI and other emerging technologies have been expanded in …

Speaking Back To Sexual Privacy Invasions, Brenda Dvoskin

Washington Law Review

Many big players in the internet ecosystem do not like hosting sexual expression. They often justify these bans as a protection of sexual privacy. For example, Meta states that it removes sexual imagery to prevent the nonconsensual distribution of sexual images. In response, this Article argues that banning digital sexual expression is counterproductive if the aim is to alleviate the harms inflicted by sexual privacy losses.

Contemporary sexual privacy theory, however, lacks analytical tools to explain why nudity bans harm the interests they intend to protect. This Article aims at building those tools. The main contribution is an invitation to …

The Consumer Bundle, Shelly Kreiczer-Levy

Washington Law Review

Can property law have a consumer protection purpose? One of the most important consumer law concerns today is the limited control consumers have over the digital assets and software-embedded products they purchase. Current proposals for reform focus on classifying the transaction as either license or sale and rely mostly on contract law and consumer protection regulation with a few calls for restoring ownership rights. This Article argues that property law can protect consumers by establishing a minimum bundle of rights for consumers: the “consumer’s bundle.” Working with property theory and an analysis of property values, this Article explains the importance …

The Kids Are Not Alright: Negative Consequences Of Student Device And Account Surveillance, Ashley Peterson

Washington Law Review

In recent years, student surveillance has rapidly grown. As schools have experimented with new technologies, transitioned to remote and hybrid instruction, and faced pressure to protect student safety, they have increased surveillance of school accounts and school-issued devices. School surveillance extends beyond school premises to monitor student activities that occur off-campus. It reaches students’ most intimate data and spaces, including things students likely believe are private: internet searches, emails, and messages. This Comment focuses on the problems associated with off-campus surveillance of school accounts and school-issued devices, including chilling effects that fundamentally alter student behavior, reinforcement of the school-to-prison pipeline, …

The Data Heist: Protecting Consumers And Their Information Through Opt-In Consent, John A. Hudson

Arkansas Law Review

This Comment will: (1) compare and contrast the data privacy laws in the United States and the European Union; (2) demonstrate the significant risk American consumers are subject to under the United States’ current laws and regulations; and (3) address the protections provided by the European Union’s explicit opt-in consent requirement that would ensure safer conditions for American consumers.

Privacy Matters: Data Breach Litigation In Japan, Andrew M. Pardieck

Washington International Law Journal

In 1890, when Brandeis and Warren wrote The Right to Privacy, Japan did not have a word for privacy. Today, it is closely guarded in Japan: the European Data Protection Board has found privacy protections in Japan “equivalent” to those in the EU. This research explores the evolution of privacy law in Japan, focusing on data breach and the legal rights and obligations associated with it. The writing is broken up into two parts: This article discusses private enforcement of privacy norms, as it is the courts that first established and continue to define privacy rights in Japan. A separate …

Redefining The Injury-In-Fact: Treating Personally Identifying Information As Bailed Property, Austin Headrick

Georgia Law Review

There is a long-existing circuit split among federal courts of appeals as to whether an individual has standing under Article III of the United States Constitution when their personally identifying information (PII) is stolen from an entity to which they entrusted it such as a hospital or bank. Federal courts disagree as to whether an individual whose PII has been stolen—without more—has suffered an injury-in-fact, a necessary element of standing. The disagreement between the courts centers on whether the injury-in-fact has already occurred at the time the PII is stolen or whether the injury occurs once the PII has been …