Law Commons^™

Outsourcing Privacy, Ari Ezra Waldman

Notre Dame Law Review Reflection

An underappreciated part of the narrative of privacy managerialism—and the focus of this Essay—is the information industry’s increasing tendency to outsource privacy compliance responsibilities to technology vendors. In the last three years alone, the International Association of Privacy Professionals (IAPP) has identified more than 250 companies in the privacy technology vendor market. These companies market their products as tools to help companies comply with new privacy laws like the General Data Protection Regulation (GDPR), with consent orders from the Federal Trade Commission (FTC), and with other privacy rules from around the world. They do so by building compliance templates, pre-completed …

Fisa Section 702: Does Querying Incidentally Collected Information Constitute A Search Under The Fourth Amendment?, Rachel G. Miller

Notre Dame Law Review Reflection

An inherent source of conflict in the United States exists between protecting national security and safeguarding individual civil liberties. Throughout history, Americans have consistently been skeptical and fearful of the government abusing its power by spying on Americans. In an effort to curtail government abuses through surveillance, President Carter and Congress enacted the Foreign Intelligence Surveillance Act of 1978 (FISA). The purpose of FISA was to establish a “statutory procedure authorizing the use of electronic surveillance in the United States for foreign intelligence purposes.” FISA provides the government with the authority to engage in electronic surveillance, targeted at foreign powers …

Protecting Users Of Social Media, Margaret Ryznar

Notre Dame Law Review Reflection

Social media platforms started as a fun way to connect with friends and family. Since then, they have become a science fiction nightmare due to their capacity to gather and misuse the data on their users.

It is not irrational for social media providers to seek to capitalize on their data when they provide the platforms for free. Indeed, their business model is to sell data to third parties for marketing and other purposes. Yet, users should be able to expect that their data is not used to hurt them or is not sent to disreputable companies. Indeed, fewer people …

A Statistical Analysis Of Privacy Policy Design, Ari E. Waldman

Notre Dame Law Review Reflection

This Essay takes a further step in a developing research agenda on the design of privacy policies. As described in more detail in Part II, I created an online survey in which respondents were asked to choose one of two websites that would better protect their privacy given images of segments of their privacy policies. Some of the questions paired notices with, on the one hand, privacy protective practices displayed in difficult-to-read designs, and, on the other hand, invasive data use practices displayed in graphical, aesthetically pleasing ways. Many survey respondents seemed to make their privacy decisions based on design …