Law Commons^™

National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer

Fordham Law Review

This Essay contends that data infrastructure, when implemented on a national scale, can transform the way we conceptualize artificial intelligence (AI) governance. AI governance is often viewed as necessary for a wide range of strategic goals, including national security. It is widely understood that allowing AI and generative AI to remain self-regulated by the U.S. AI industry poses significant national security risks. Data infrastructure and AI oversight can assist in multiple goals, including: maintaining data privacy and data integrity; increasing cybersecurity; and guarding against information warfare threats. This Essay concludes that conceptualizing data infrastructure as a form of critical infrastructure …

Confronting Carpenter: Rethinking The Third-Party Doctrine And Location Information, Charlie Brownstein

Fordham Law Review

The third-party doctrine enables law enforcement officers to obtain personal information shared with third parties without a warrant. In an era of highly accessible technology, individuals’ location information is consistently being transmitted to third parties. Due to the third-party doctrine, this shared information has been available to law enforcement, without the individual knowing or having an opportunity to challenge this availability. Law enforcement has utilized this doctrine to obtain comprehensive information regarding individuals’ whereabouts over long periods of time.

The U.S. Supreme Court recently limited the reach of the third-party doctrine regarding location data held by cellphone providers. However, this …

Exploring Financial Data Protection And Civil Liberties In An Evolved Digital Age, Amanda Lindner

Fordham Journal of Corporate & Financial Law

There is no comprehensive financial privacy law that can protect consumers from a company’s collection sharing and selling of consumer data. The most recent federal financial privacy law, the Gramm-Leach-Bliley Act (“GLBA”), was enacted by Congress over 20 years ago. Vast technological and financial changes have occurred since 1999, and financial privacy law is due for an upgrade.

As a result, loopholes exist where companies can share financial data without being subject to laws or regulations. Additionally, federal financial privacy related laws provide little to no recourse for consumers to self-remediate with litigation, also known as a private right of …

Interpleader As A Vehicle For Challenging The Constitutionality Of Private Citizen Action Statutes, Delia Parker

Fordham Law Review

The rise of vigilante-esque statutes creates obstacles for litigants seeking to challenge a statute’s constitutionality. State legislatures in Texas and California enacted laws regulating constitutionally protected activity (abortion and firearm possession, respectively) through statutes enforced solely by private actors. The state legislatures cleverly crafted Texas S.B. 8, as well as other copycat statutes, as bounty hunter statutes to block litigants’ usual path to pre-enforcement adjudication—filing a claim against the state to enjoin its actors from enforcing the improper provisions.

The Texas and California state legislatures attempted to forbid constitutionally protected conduct by granting enforcement power to an infinite number of …

Face The Facts, Or Is The Face A Fact?: Biometric Privacy In Publicly Available Data, Daniel Levin

Fordham Intellectual Property, Media and Entertainment Law Journal

Recent advances in biometric technologies have caused a stir among the privacy community. Specifically, facial recognition technologies facilitated through data scraping practices have called into question the basic precepts we had around exercising biometric privacy. Yet, in spite of emerging case law on the permissibility of data scraping, comparatively little attention has been given to the privacy implications endemic to such practices.

On the one hand, privacy proponents espouse the view that manipulating publicly available data from, for example, our social media profiles, derogates from users’ expectations around the kind of data they share with platforms (and the obligations such …

Failed Analogies: Justice Thomas’S Concurrence In Biden V. Knight First Amendment Institute, Sarah S. Seo

Fordham Intellectual Property, Media and Entertainment Law Journal

Twenty-six years ago, twenty-six words created the internet. Section 230 of the Communications Decency Act is a short, yet powerful, provision that notably protects social media platforms, among other interactive computer services, from liability for content created by third-party users. At the time of its enactment, Section 230 aimed to encourage the robust growth of the then-nascent internet while protecting it from government regulation. More recently, however, it has been wielded by Big Tech companies like Twitter and Facebook to prevent any liability for real-world harms that stem from virtual interactions conducted over their platforms.

Although the Supreme Court has …

On The Propertization Of Data And The Harmonization Imperative, Luis Miguel M. Del Rosario

Fordham Law Review

The digital age has paved the way for unforeseen and unconscionable harms. Recent experiences with security breaches, surveillance programs, and mass disinformation campaigns have taught us that unchecked data collection, use, retention, and transfer have the potential to affect everything from health-care access to national security. And they have shown the growing need for a solution that addresses this proliferation of intangible collective harms. This Note champions data propertization—the process of establishing a bundle of rights in data comparable to those that comprise property interests—as the proper method for preventing and redressing data harms. More specifically, this Note analyzes Illinois’s …

Schrems's Slippery Slope: Strengthening Governance Mechanisms To Rehabilitate Eu-U.S. Cross-Border Data Transfers After Schrems Ii, Edward W. Mclaughlin

Fordham Law Review

In July 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield Framework, the central data governance mechanism that once governed cross-border data transfers from the European Union (EU) to the United States. For the second time in five years, Europe’s top court invalidated the primary method of cross-border data transfers. Both times the CJEU found that the United States’s surveillance laws were, and remain, overbroad and fail to provide EU citizens with protections that are essentially equivalent to those guaranteed under the EU’s General Data Protection Regulation (GDPR) in light of the Charter of Fundamental …

Democratizing Platform Privacy, Sari Mazzurco

Fordham Intellectual Property, Media and Entertainment Law Journal

The online platform political economy—that is, the interrelationship of economic and political power in the exchange of online services for personal information—has endowed platforms with overwhelming power to determine consumers’ information privacy. Mainstream legal scholarship on information privacy has focused largely on an economic problem: individual consumers do not obtain their “optimal” level of privacy due to a bevy of market failures. This Article presents the political issue: that platforms’ hegemonic control over consumers’ information privacy renders the rules they impose illegitimate from a democratic perspective. It argues platform hegemony over consumers’ information privacy is a political problem, in the …

23andme: Attack Of The Clones And Other Concerns, Claire M. Amodio

Fordham Intellectual Property, Media and Entertainment Law Journal

A few years ago, ancestry websites took the world by storm. People were fascinated with their history and heritage and wanted to find out more about where they came from. Then along came 23andMe, which allowed people to not only unearth their familial roots, but also bring to light unknown medical conditions or predispositions to certain medical issues. 23andMe then took the unprecedented step of teaming up with a pharmaceutical company to create drugs with its users’ genetic information. After this announcement, some users were caught off guard, having had no idea that their genetic information—something so sensitive and uniquely …

Reconciling U.S. Banking And Securities Data Preservation Rules With European Mandatory Data Erasure Under Gdpr, Ronald V. Distante

Fordham Journal of Corporate & Financial Law

United States law, which requires financial institutions to retain customer data, conflicts with European Union law, which requires financial institutions to delete customer data on demand. A financial institution operating transnationally cannot comply with both U.S. and EU law. Financial institutions thus face the issue that they cannot possibly delete and retain the same data simultaneously. This Note will clarify the scope and nature of this conflict.

First, it will clarify the conflict by examining (1) the relevant laws, which are Europe’s General Data Protection Regulation (GDPR), the U.S. Bank Secrecy Act, and Securities and Exchange Commission (SEC) regulations, (2) …

Gender Equality And The First Amendment: Foreword, Jeanmarie Fenrich, Benjamin C. Zipursky, Danielle Keats Citron

Fordham Law Review

Gender equality demands equal opportunity to speak and be heard. Yet, in recent years, the clash between equality and free speech in the context of gender has intensified—in the media, the workplace, college campuses, and the political arena, both online and offline. The internet has given rise to novel First Amendment issues that particularly affect women, such as nonconsensual pornography, online harassment, and online privacy. On November 1–2, 2018, the Fordham Law Review brought together scholars and practicing lawyers from around the nation to address many of the pressing challenges facing feminists and free speech advocates today. The Symposium was …

When Law Frees Us To Speak, Danielle Keats Citron, Jonathon W. Penney

Fordham Law Review

A central aim of online abuse is to silence victims. That effort is as regrettable as it is successful. In the face of cyberharassment and sexualprivacy invasions, women and marginalized groups retreat from online engagement. These documented chilling effects, however, are not inevitable. Beyond its deterrent function, the law has an equally important expressive role. In this Article, we highlight law’s capacity to shape social norms and behavior through education. We focus on a neglected dimension of law’s expressive role: its capacity to empower victims to express their truths and engage with others. Our argument is theoretical and empirical. We …

American Courts And The Sex Blind Spot: Legitimacy And Representation, Michele Goodwin, Mariah Lindsay

Fordham Law Review

We argue the legacy of explicit sex bias and discrimination with relation to political rights and social status begins within government, hewn from state and federal lawmaking. As such, male lawmakers and judges conscribed a woman’s role to her home and defined the scope of her independence in the local community and broader society. Politically and legally, women were legal appendages to men—objects of male power (visà-vis their husbands and fathers). In law, women’s roles included sexual chattel to their spouses, care of the home, and producing offspring. Accordingly, women were essential in the home, as law would have it, …

Airbnb In New York City: Whose Privacy Rights Are Threatened By A Government Data Grab?, Tess Hofmann

Fordham Law Review

New York City regulators have vigorously resisted the rise of Airbnb as an alternative to traditional hotels, characterizing “home sharing” as a trend that is sucking up permanent housing in a city already facing an affordability crisis. However, laws banning short-term rentals have done little to discourage this practice, as Airbnb’s policy of keeping user information private makes it possible for illegal operators to evade law enforcement. Frustrated by this power imbalance, the New York City Council passed Local Law 146, which requires Airbnb to provide city officials with access to the names and information of its home sharing hosts …

Data Scraping As A Cause Of Action: Limiting Use Of The Cfaa And Trespass In Online Copying Cases, Kathleen C. Riley

Fordham Intellectual Property, Media and Entertainment Law Journal

In recent years, online platforms have used claims such as the Computer Fraud and Abuse Act (“CFAA”) and trespass to curb data scraping, or copying of web content accomplished using robots or web crawlers. However, as the term “data scraping” implies, the content typically copied is data or information that is not protected by intellectual property law, and the means by which the copying occurs is not considered to be hacking. Trespass and the CFAA are both concerned with authorization, but in data scraping cases, these torts are used in such a way that implies that real property norms exist …

Privacy In Gaming, N. Cameron Russell, Joel R. Reidenberg, Sumyung Moon

Fordham Intellectual Property, Media and Entertainment Law Journal

Video game platforms and business models are increasingly built on collection, use, and sharing of personal information for purposes of both functionality and revenue. This paper examines privacy issues and explores data practices, technical specifications, and policy statements of the most popular games and gaming platforms to provide an overview of the current privacy legal landscape for mobile gaming, console gaming, and virtual reality devices. The research observes how modern gaming aligns with information privacy notions and norms and how data practices and technologies specific to gaming may affect users and, in particular, child gamers.

After objectively selecting and analyzing …

Shopping For Privacy: How Technology In Brick-And-Mortar Retail Stores Poses Privacy Risks For Shoppers, Vincent Nguyen

Fordham Intellectual Property, Media and Entertainment Law Journal

As technology continues to rapidly advance, the American legal system has failed to protect individual shoppers from the technology implemented into retail stores, which poses significant privacy risks but does not violate the law. In particular, I examine the technologies implemented into many brick-and-mortar stores today, many of which the average everyday shopper has no idea exists. This Article criticizes these technologies, suggesting that many, if not all of them, are questionable in their legality taking advantage of their status in a legal gray zone. Because the American judicial system cannot adequately protect the individual shopper from these questionable privacy …

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …

The Future Of Facial Recognition Is Not Fully Known: Developing Privacy And Security Regulatory Mechanisms For Facial Recognition In The Retail Sector, Elias Wright

Fordham Intellectual Property, Media and Entertainment Law Journal

In recent years, advances in facial recognition technology have resulted in a rapid expansion in the prevalence of private sector biometric technologies. Facial recognition, while providing new potentials for safety and security and personalized marketing by retailers implicates complicated questions about the nature of consumer privacy and surveillance where a “collection imperative” incentivize corporate actors to accumulate increasingly massive reservoirs of consumer data. However, the law has not yet fully developed to address the unique risks to consumers through the use of this technology. This Note examines existing regulatory mechanisms, finding that consumer sensitivities and the opaque nature of the …

Implementing Privacy Policy: Who Should Do What?, David Hyman, William E. Kovacic

Fordham Intellectual Property, Media and Entertainment Law Journal

Academic scholarship on privacy has focused on the substantive rules and policies governing the protection of personal data. An extensive literature has debated alternative approaches for defining how private and public institutions can collect and use information about individuals. But, the attention given to the what of U.S. privacy regulation has overshadowed consideration of how and by whom privacy policy should be formulated and implemented.

U.S. privacy policy is an amalgam of activity by a myriad of federal, state, and local government agencies. But, the quality of substantive privacy law depends greatly on which agency or agencies are running the …

The Gdpr-Blockchain Paradox: Exempting Permissioned Blockchains From The Gdpr, Anisha Mirchandani

Fordham Intellectual Property, Media and Entertainment Law Journal

When considering the legal landscape emerging after the General Data Protection Regulation went into effect on May 25, 2018, the uncertainty surrounding the Regulation reaches its peak when it is applied to blockchain technology. While the goals of storing personal data on permissioned blockchains may align with the goals of accuracy and transparency emulated by the GDPR, the language of the Regulation makes it likely that blockchain technology, as a whole, violates the GDPR. Permissioned blockchains have promising use cases and developments that have not only streamlined data storage, but also allowed users to have increased control over who accesses …

Transparency And The Marketplace For Student Data, N. Cameron Russell, Joel R. Reidenberg, Elizabeth Martin, Thomas B. Norton

Center on Law and Information Policy

Student lists are commercially available for purchase on the basis of ethnicity, affluence, religion, lifestyle, awkwardness, and even a perceived or predicted need for family planning services. This study seeks to provide an understanding of the commercial marketplace for student data and the interaction with privacy law. Over several years, Fordham CLIP reviewed publicly-available sources, made public records requests to educational institutions, and collected marketing materials received by high school students. The study uncovered and documents an overall lack of transparency in the student information commercial marketplace and an absence of law to protect student information.

After The Gold Rush: The Boom Of The Internet Of Things, And The Busts Of Data-Security And Privacy, Dalmacio V. Posadas Jr.

Fordham Intellectual Property, Media and Entertainment Law Journal

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the …

Welcome To The Metropticon: Protecting Privacy In A Hyperconnected Town, Kelsey Finch, Omer Tene

Fordham Urban Law Journal

No abstract provided.

Smart Law For Smart Cities, Annie Decker

Fordham Urban Law Journal

No abstract provided.

Show Me The Warrant: Protection Of Stored Electronic Communications In New York State, Kaitlin G. Klamann

Fordham Urban Law Journal

No abstract provided.

Crime, Surveillance, And Communities, Bennett Capers

Fordham Urban Law Journal

We have become a surveillance state. Cameras—both those controlled by the state, and those installed by private entities—watch our every move, at least in public. For the most part, courts have deemed this public surveillance to be beyond the purview of the Fourth Amendment, meaning that it goes largely unregulated—a cause for alarm for many civil libertarians. This Article challenges these views and suggests that we must listen to communities in thinking about cameras and other surveillance technologies. For many communities, public surveillance not only has the benefit of deterring crime and aiding in the apprehension of criminals. It can …

Disagreeable Privacy Policies: Mismatches Between Meaning And Users’ Understanding, Joel R. Reidenberg, Travis Breaux, Lorrie F. Cranor, Brian M. French, Amanda Grannis, James T. Graves, Fei Liu, Aleecia Mcdonald, Thomas B. Norton, Rohan Ramanath, N. Cameron Russell, Norman Sadeh, Florian Schaub

Faculty Scholarship

Privacy policies are verbose, difficult to understand, take too long to read, and may be the least-read items on most websites even as users express growing concerns about information collection practices. For all their faults, though, privacy policies remain the single most important source of information for users to attempt to learn how companies collect, use, and share data. Likewise, these policies form the basis for the self-regulatory notice and choice framework that is designed and promoted as a replacement for regulation. The underlying value and legitimacy of notice and choice depends, however, on the ability of users to understand …

You Didn't Even Notice! Elements Of Effective Online Privacy Policies, Amanda Grannis

Fordham Urban Law Journal

No abstract provided.