Law Commons^™

Administrative Regulation Of Programmatic Policing: Why "Leaders Of A Beautiful Struggle" Is Both Right And Wrong, Christopher Slobogin

Vanderbilt Law School Faculty Publications

In Leaders of a Beautiful Struggle v. Baltimore Police Department, the Fourth Circuit Court of Appeals held that Aerial Investigation Research (AIR), Baltimore's aerial surveillance program, violated the Fourth Amendment because it was not authorized by a warrant. AIR was constitutionaly problematic, but not for the reason given by the Fourth Circuit. AIR, like many other technologically-enhanced policing programs that rely on closed-circuit television (CCTV), automated license plate readers and the like, involves the collection and retention of information about huge numbers ofpeople. Because individualized suspicion does not exist with respect to any of these people's information, an individual-specific warrant …

Establishing The Legal Framework To Regulate Quantum Computing Technology, Kaya Derose

Catholic University Journal of Law and Technology

No abstract provided.

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes

Washington and Lee Law Review

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.

One byproduct of the CCP’s emphasis on controlling …

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Data Privacy Issues In West Virginia And Beyond: A Comprehensive Overview, Jena Martin

Consumer Law Scholarship

This white paper was commissioned by the Center for Consumer Law and Education, a joint initiative launched by West Virginia University and Marshall University to “coordinate the development of consumer law, policy, and education research to support and serve consumers.”

As such, this paper has a dual purpose. First, it provides a comprehensive overview of the many different legal issues that affect data privacy concerns (both nationally and in West Virginia). Second, it documents and discusses the result of a survey and specific focus groups that were undertaken throughout the fall of 2019 into January 2020 where individuals within the …

Regulating Data Breaches: A Data Superfund Statute, Kyle Mckibbin

Vanderbilt Journal of Entertainment & Technology Law

Collecting and processing large amounts of personal data has become a fundamental feature of the modern economy. Personal data, combined with good data analytics, are valuable to businesses as they can provide highly detailed information about individual preferences and behaviors. This data collection can also be valuable to the consumer as it generates innovative products and digital platforms. The era of big data promises great rewards, but it is not without its costs. Data breaches, or the release of personal data into unwanted hands, are pervasive and increasingly massive in scale. Despite the personal privacy harm caused by data breaches, …

Seeing (Platforms) Like A State: Digital Legibility And Lessons For Platform Governance, Neil Chilson

Catholic University Journal of Law and Technology

The growing backlash against Big Tech companies is a symptom of digital technology increasing the world’s legibility. James C. Scott’s book, Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed, explores how past governments responded to increased legibility – for good and for ill. This article shows how Scott’s historical lessons can guide governments and tech platforms as they seek to improve the human condition online.

Protecting Research Data Of Publicly Revealing Participants, Ellen Clayton, B. A. Malin, Kyle J. Mckibbin

Vanderbilt Law School Faculty Publications

Biomedical researchers collect large amounts of personal data about individuals, which are frequently shared with repositories and an array of users. Typically, research data holders implement measures to protect participants’ identities and unique attributes from unauthorized disclosure. These measures, however, can be less effective if people disclose their participation in a research study, which they may do for many reasons. Even so, the people who provide these data for research often understandably expect that their privacy will be protected. We discuss the particular challenges posed by self-disclosure and identify various steps that researchers should take to protect data in these …

Emerging Technology & Regulation Panel Transcript, Bill Goodwin, Ryan Hagemann, Brooks Rainwater, Caleb Watney

Pepperdine Law Review

No abstract provided.

American Privacy Law At The Dawn Of A New Decade (And The Ccpa And Covid-19): Overview And Practitioner Critique, Kimberly Dempsey Booher, Martin B. Robins

Marquette Intellectual Property Law Review

No abstract provided.

The Missing Regulatory State: Monitoring Businesses In An Age Of Surveillance, Rory Van Loo

Faculty Scholarship

An irony of the information age is that the companies responsible for the most extensive surveillance of individuals in history—large platforms such as Amazon, Facebook, and Google—have themselves remained unusually shielded from being monitored by government regulators. But the legal literature on state information acquisition is dominated by the privacy problems of excess collection from individuals, not businesses. There has been little sustained attention to the problem of insufficient information collection from businesses. This Article articulates the administrative state’s normative framework for monitoring businesses and shows how that framework is increasingly in tension with privacy concerns. One emerging complication is …

The Gdpr: It Came, We Saw, But Did It Conquer?, Leila Javanshir

Seattle University Law Review

On February 1, 2019, the Seattle University Law Review held its annual symposium at the Seattle University School of Law. Each year, the Law Review hosts its symposium on a topic that is timely and meaningful. This year, privacy and data security professionals from around the globe gathered to discuss the current and future effects of the General Data Protection Regulation (GDPR) that was implemented on May 25, 2018. The articles and essays that follow this Foreword are the product of this year’s symposium.

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Has Regulation Affected The High Frequency Trading Market?, Kevin O'Connell

Catholic University Journal of Law and Technology

As technology rapidly advances society, there are a few industries that have not been drastically impacted by disruptive technology. The financial markets are no different. Over the past ten years, algorithmic trading has quickly revolutionized the financial markets and continues to dominate an industry that for many years remained largely uninfluenced by society’s technological advances. Algorithmic trading is “a type of trading done with the use of mathematical formulas” and market data “run by powerful computers” to execute trades. One of the most commonly used platforms of algorithmic trading is high frequency trading. High frequency trading (“HFT”) uses a computerized …

Corporate Cybersecurity: The International Threat To Private Networks And How Regulations Can Mitigate It, Eric J. Hyla

Vanderbilt Journal of Entertainment & Technology Law

Cyberattacks are occurring at an accelerating pace. Foreign nations are increasingly utilizing hacking as a tool for economic gain, acts of aggression, or international political expression. At risk are US consumers'personal data, private firms' bottom line, and the economies'integrity. In response, federal and state lawmakers have issued a series of disparate, uncoordinated policies seeking to strengthen cybersecurity practices. However, recent events indicate that these policies are less than ideal. This Note suggests that a unified response to cybersecurity is required and calls for the establishment of a single, central federal agency with authority over all cybersecurity regulations. Such an agency …

The Gdpr’S Version Of Algorithmic Accountability, Margot Kaminski

Publications

No abstract provided.

The Eeoc, The Ada, And Workplace Wellness Programs, Samuel R. Bagenstos

Articles

It seems that everybody loves workplace wellness programs. The Chamber of Commerce has firmly endorsed those progarms, as have other business groups. So has President Obama, and even liberal firebrands like former Senator Tom Harkin. And why not? After all, what's not to like about programs that encourage people to adopt healthy habits like exercise, nutritious eating, and quitting smoking? The proponents of these programs speak passionately, and with evident good intentions, about reducing the crushing burden that chronic disease places on individuals, families, communities, and the economy as a whole. What's not to like? Plenty. Workplace wellness programs are …

Unilateral Invasions Of Privacy, Roger Allan Ford

Law Faculty Scholarship

Most people seem to agree that individuals have too little privacy, and most proposals to address that problem focus on ways to give those users more information about, and more control over, how information about them is used. Yet in nearly all cases, information subjects are not the parties who make decisions about how information is collected, used, and disseminated; instead, outsiders make unilateral decisions to collect, use, and disseminate information about others. These potential privacy invaders, acting without input from information subjects, are the parties to whom proposals to protect privacy must be directed. This Article develops a theory …

Use Of Facial Recognition Technology For Medical Purposes: Balancing Privacy With Innovation, Seema Mohapatra

Faculty Scholarship

No abstract provided.

Need For Informed Consent In The Age Of Ubiquitous Human Testing, Caitlyn Kuhs

Loyola of Los Angeles Law Review

No abstract provided.

The Pond Betwixt: Differences In The U.S.-Eu Data Protection/Safe Harbor Negotiation, Richard J. Peltz-Steele

Faculty Publications

This article analyzes the differing perspectives that animate US and EU conceptions of privacy in the context of data protection. It begins by briefly reviewing the two continental approaches to data protection and then explains how the two approaches arise in a context of disparate cultural traditions with respect to the role of law in society. In light of those disparities, Underpinning contemporary data protection regulation is the normative value that both US and EU societies place on personal privacy. Both cultures attribute modern privacy to the famous Warren-Brandeis article in 1890, outlining a "right to be let alone." But …

Toward A Closer Integration Of Law And Computer Science, Christopher S. Yoo

All Faculty Scholarship

Legal issues increasingly arise in increasingly complex technological contexts. Prominent recent examples include the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA), network neutrality, the increasing availability of location information, and the NSA’s surveillance program. Other emerging issues include data privacy, online video distribution, patent policy, and spectrum policy. In short, the rapid rate of technological change has increasingly shown that law and engineering can no longer remain compartmentalized into separate spheres. The logical response would be to embed the interaction between law and policy deeper into the fabric of both fields. An essential step would …

Does Law Matter Online - Empirical Evidence On Privacy Law Compliance, Michael Birnhack, Niva Elkin-Koren

Michigan Telecommunications & Technology Law Review

Does law matter in the information environment? What can we learn from the experience of applying a particular legal regime to the online environment? Informational privacy (or to use the European term, data protection) provides an excellent illustration of the challenges faced by regulators who seek to secure user rights and shape online behavior. A comprehensive study of Israeli website compliance with information privacy regulation in 2003 and 2006 provides insights for understanding these challenges. The study examined the information privacy practices of 1360 active websites, determining the extent to which these sites comply with applicable legal requirements related to …

Structural Rights In Privacy, Harry Surden

Publications

This Essay challenges the view that privacy interests are protected primarily by law. Based upon the understanding that society relies upon nonlegal devices such as markets, norms, and structure to regulate human behavior, this Essay calls attention to a class of regulatory devices known as latent structural constraints and provides a positive account of their role in regulating privacy. Structural constraints are physical or technological barriers which regulate conduct; they can be either explicit or latent. An example of an explicit structural constraint is a fence which is designed to prevent entry onto real property, thereby effectively enforcing property rights. …

Regulation Of Municipal Wi-Fi, Michael Botein

NYLS Law Review

No abstract provided.

Hipaa-Cracy, Carl E. Schneider

Articles

The Department of Health and Human Services has recently been exercising its authority under the (wittily named) "administrative simplification" part of the Health Insurance Portability and Accountability Act to regulate the confidentiality of medical records. I love the goal; I loathe the means. The benefits are obscure; the costs are onerous. Putatively, the regulations protect my autonomy; practically, they ensnarl me in red tape and hijack my money for services I dislike. HIPAA (a misnomer-HIPAA is the statute, not the regulations) is too lengthy, labile, complex, confused, unfinished, and unclear to be summarized intelligibly or reliably. (Brevis esse laboro, …

Transgovernmental Networks Vs. Democracy: The Case Of The European Information Privacy Network, Francesca Bignami

Michigan Journal of International Law

The perspective offered by this Article is twofold. The emergence of transgovernmental networks gives rise to two questions, one causal and the other normative. First, how do we explain transnational cooperation through networks? Why do governments and regulators choose to establish networks rather than retain virtually limitless discretion over policymaking, conditioned only by international legal obligations? Based on the author’s examination of the records of the intergovernmental negotiations on the Data Protection Directive, this Article concludes that one precondition for fettering national discretion through networks is common preferences among governments on the substance of the policy to be administered. Compared …

Global Trecs: The Regulation Of International Trade In Cyberspace, J. Steele

Canadian Journal of Law and Technology

This paper provides an overview of trade-related aspects of electronic commerce, and examines three approaches for regulating international trade in cyber- space. A model which integrates these approaches is then proposed, emphasizing private standards of self-regula- tion within a broader public framework of minimal background standards. A summary of potential areas of conflict between competing regulatory approaches fol- lows, and the paper concludes that both the WTO and the OECD have important roles to play in the develop- ment of international consensus towards a harmonized framework for the regulation of global TRECs.