Law Commons^™

Data Controllers As Data Fiduciaries: Theory, Definitions & Burdens Of Proof, Noelle Wilson, Amanda Reid

University of Colorado Law Review

As more U.S. states have begun to pass consumer privacy laws, there are growing calls for federal data privacy regulation to ease the burden of compliance with various, sometimes conflicting, state laws. However, scholars and lawmakers are divided on how best to balance robust privacy protections with privacy laws to which businesses can realistically comply. Two prominent regulatory models have emerged from scholarly debate. The Rights/Obligations Model grants consumers various rights and imposes obligations on businesses. This model has been trending in U.S. states, which have mirrored language from the European Union’s General Data Protection Regulation (GDPR) by imposing different …

Toward Stronger Data Protection Laws, Margot E. Kaminski

Publications

No abstract provided.

Regulating The Risks Of Ai, Margot E. Kaminski

Publications

Companies and governments now use Artificial Intelligence (“AI”) in a wide range of settings. But using AI leads to well-known risks that arguably present challenges for a traditional liability model. It is thus unsurprising that lawmakers in both the United States and the European Union (“EU”) have turned to the tools of risk regulation in governing AI systems.

This Article describes the growing convergence around risk regulation in AI governance. It then addresses the question: what does it mean to use risk regulation to govern AI systems? The primary contribution of this Article is to offer an analytic framework for …

Sexuality’S Promise For Sexual Privacy, Scott Skinner-Thompson

Publications

No abstract provided.

Privacy Peg, Trade Hole: Why We (Still) Shouldn’T Put Data Privacy In Trade Law, Margot E. Kaminski, Kristina Irion, Svetlana Yakovleva

Publications

No abstract provided.

Debunking The Myth That Police Body Cams Are Civil Rights Tool, Scott Skinner-Thompson

Publications

No abstract provided.

The Case For Data Privacy Rights (Or 'Please, A Little Optimism'), Margot E. Kaminski

Publications

No abstract provided.

Introduction: Privacy Studies, Surveillance Law, Scott Skinner-Thompson

Publications

This Dialogue section examines perspectives on how privacy law scholarship and surveillance scholarship can be further enriched with more critical reflection and discussion between the disciplines and includes valuable contributions from thought leaders in each field.

Leveling Up To A Reasonable Woman's Expectation Of Privacy, Victoria Schwartz

University of Colorado Law Review

Various privacy law doctrines involve a reasonable expectation of privacy or similar analyses that take into account social privacy norms. For the most part, however, neither courts nor scholars have explicitly grappled with whether courts descriptively do or normatively should consider gender in deciding what constitutes a reasonable expectation of privacy. This is despite the fact that, in various scenarios, a reasonable woman’s expectation of privacy might vary from a man’s in light of different lived experiences, biological differences, and existing societal gendered privacy norms.

This Article addresses how courts do and should take into account a reasonable woman’s expectation …

Algorithmic Impact Assessments Under The Gdpr: Producing Multi-Layered Explanations, Margot E. Kaminski, Gianclaudio Malgieri

Publications

Policy-makers, scholars, and commentators are increasingly concerned with the risks of using profiling algorithms and automated decision-making. The EU’s General Data Protection Regulation (GDPR) has tried to address these concerns through an array of regulatory tools. As one of us has argued, the GDPR combines individual rights with systemic governance, towards algorithmic accountability. The individual tools are largely geared towards individual “legibility”: making the decision-making system understandable to an individual invoking her rights. The systemic governance tools, instead, focus on bringing expertise and oversight into the system as a whole, and rely on the tactics of “collaborative governance,” that is, …

Agonistic Privacy & Equitable Democracy, Scott Skinner-Thompson

Publications

This Essay argues that legal privacy protections—which enable individuals to control their visibility within public space—play a vital role in disrupting the subordinating, antidemocratic impacts of surveillance and should be at the forefront of efforts to reform the operation of both digital and physical public space. Robust privacy protections are a touchstone for empowering members of different marginalized groups with the ability to safely participate in both the physical and digital public squares, while also preserving space for vibrant subaltern counterpublics. By increasing heterogeneity within the public sphere, privacy can also help decrease polarization by breaking down echo chambers and …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

The Right To Contest Ai, Margot E. Kaminski, Jennifer M. Urban

Publications

Artificial intelligence (AI) is increasingly used to make important decisions, from university admissions selections to loan determinations to the distribution of COVID-19 vaccines. These uses of AI raise a host of concerns about discrimination, accuracy, fairness, and accountability.

In the United States, recent proposals for regulating AI focus largely on ex ante and systemic governance. This Article argues instead—or really, in addition—for an individual right to contest AI decisions, modeled on due process but adapted for the digital age. The European Union, in fact, recognizes such a right, and a growing number of institutions around the world now call for …

Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes

Publications

This symposium discussion of the Loyola of Los Angeles Law Review focuses on the newly enacted California Consumer Privacy Act (CPPA), a statute signed into state law by then-Governor Jerry Brown on June 28, 2018 and effective as of January 1, 2020. The panel was held on February 20, 2020.

The panelists discuss how businesses are responding to the new law and obstacles for consumers to make effective use of the law’s protections and rights. Most importantly, the panelists grapple with questions courts are likely to have to address, including the definition of personal information under the CCPA, the application …

A Recent Renaissance In Privacy Law, Margot Kaminski

Publications

Considering the recent increased attention to privacy law issues amid the typically slow pace of legal change.

Are Data Privacy Laws Trade Barriers?, Margot Kaminski

Publications

No abstract provided.

The Left's Law-And-Order Agenda, Aya Gruber

Publications

No abstract provided.

Recording As Heckling, Scott Skinner-Thompson

Publications

A growing body of authority recognizes that citizen recording of police officers and public space is protected by the First Amendment. But the judicial and scholarly momentum behind the emerging “right to record” fails to fully incorporate recording’s cost to another important right that also furthers First Amendment principles: the right to privacy.

This Article helps fill that gap by comprehensively analyzing the First Amendment interests of both the right to record and the right to privacy in public while highlighting the role of technology in altering the First Amendment landscape. Recording information can be critical to future speech and, …

The Right To Explanation, Explained, Margot E. Kaminski

Publications

Many have called for algorithmic accountability: laws governing decision-making by complex algorithms, or AI. The EU’s General Data Protection Regulation (GDPR) now establishes exactly this. The recent debate over the right to explanation (a right to information about individual decisions made by algorithms) has obscured the significant algorithmic accountability regime established by the GDPR. The GDPR’s provisions on algorithmic accountability, which include a right to explanation, have the potential to be broader, stronger, and deeper than the preceding requirements of the Data Protection Directive. This Essay clarifies, largely for a U.S. audience, what the GDPR actually requires, incorporating recently released …

Medical Records And Privacy Rights: The Unintended Consequences Of Aggregated Data In Electronic Health Records, Andrea C. Maciejewski

University of Colorado Law Review

In an era of rapid-pace technological innovation and political focus on healthcare, the federal government is pushing for nationwide interoperability of electronic health records. While there are many benefits from such a program, the lack of federal or state privacy regulations for patients' personal data opens up the possibility of widespread dissemination of private and sensitive information. This inattention to privacy will cause major problems if exploited.

Currently, there are no federal or Colorado laws that protect against potential privacy violations and provide recourse for a patient if a medical professional decides to insert nonmedical information, such as information about …

Privacy's Double Standards: Public Disclosure Tort Case Chart (2006-2016), Scott Skinner-Thompson

Research Data

This document, Privacy's Double Standards: Public Disclosure Tort Case Chart (2006-2016), 93 Wash. L. Rev. Online 2051 (2018), https://www.law.uw.edu/wlr/online-edition/scott-skinner-thompson, was published as an electronic supplement to the empirical study, Scott Skinner-Thompson, Privacy’s Double Standards, 93 Wash. L. Rev. 2051 (2018), available at https://scholar.law.colorado.edu/articles/1218/.

Nonconsensual Pornography: Prevention Is Key, Matthew Edward Carey

University of Colorado Law Review Forum

No abstract provided.

The Gdpr’S Version Of Algorithmic Accountability, Margot Kaminski

Publications

No abstract provided.

Criminal Employment Law, Benjamin Levin

Publications

This Article diagnoses a phenomenon, “criminal employment law,” which exists at the nexus of employment law and the criminal justice system. Courts and legislatures discourage employers from hiring workers with criminal records and encourage employers to discipline workers for non-work-related criminal misconduct. In analyzing this phenomenon, my goals are threefold: (1) to examine how criminal employment law works; (2) to hypothesize why criminal employment law has proliferated; and (3) to assess what is wrong with criminal employment law. This Article examines the ways in which the laws that govern the workplace create incentives for employers not to hire individuals with …

That Was Close! Reward Reporting Of Cybersecurity “Near Misses”, Jonathan Bair, Steven M. Bellovin, Andrew Manley, Blake Reid, Adam Shostak

Publications

Building, deploying, and maintaining systems with sufficient cybersecurity is challenging. Faster improvement would be valuable to society as a whole. Are we doing as much as we can to improve? We examine robust and long-standing systems for learning from near misses in aviation, and propose the creation of a Cyber Safety Reporting System (CSRS).

To support this argument, we examine the liability concerns which inhibit learning, including both civil and regulatory liability. We look to the way in which cybersecurity engineering and science is done today, and propose that a small amount of ‘policy entrepreneurship’ could have substantial positive impact. …

Data Collection, Ehrs, And Poverty Determinations, Craig Konnoth

Publications

Collecting and deploying poverty-related data is an important starting point for leveraging data regarding social determinants of health in precision medicine. However, we must rethink how we collect and deploy such data. Current modes of collection yield imprecise data that is unsuited for research. Better data can be collected by cross-referencing other sources such as employers and public benefit programs, and by incentivizing and encouraging patients and providers to provide more accurate information. Data thus collected can be used to provide appropriate individual-level clinical and non-clinical care, and to systematically determine what share of social resources healthcare should consume.

Robotic Speakers And Human Listeners, Helen Norton

Publications

In their new book, Robotica, Ron Collins and David Skover assert that we protect speech not so much because of its value to speakers but instead because of its affirmative value to listeners. If we assume that the First Amendment is largely, if not entirely, about serving listeners’ interests—in other words, that it’s listeners all the way down—what would a listener-centered approach to robotic speech require? This short symposium essay briefly discusses the complicated and sometimes even dark side of robotic speech from a listener-centered perspective.

Privacy's Double Standards, Scott Skinner-Thompson

Publications

Where the right to privacy exists, it should be available to all people. If not universally available, then privacy rights should be particularly accessible to marginalized individuals who are subject to greater surveillance and are less able to absorb the social costs of privacy violations. But in practice, there is evidence that people of privilege tend to fare better when they bring privacy tort claims than do non-privileged individuals. This disparity occurs despite doctrine suggesting that those who occupy prominent and public social positions are entitled to diminished privacy tort protections.

This Article unearths disparate outcomes in public disclosure tort …

The Medium Is The Message: Digital Aesthetics And Publicity Interests In Interactive Entertainment Media, Michael K. Park

University of Colorado Law Review

Recent application of the right of publicity doctrine to interactive media has led to inconsistent rulings and uncertainty as to the doctrine's scope when pitted against First Amendment considerations. These recent court decisions have inadequately explained the disparate application of legal principles, raising serious free speech concerns for expressive activities with other emerging interactive media platforms such as virtual reality. However, these recent decisions have unveiled discernible principles that help explain the disparate approach of the right of publicity doctrine to new interactive media.

This Article articulates the assumptions guiding the disparate application of the right of publicity doctrine. This …

Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski

Publications

Article III standing is difficult to achieve in the context of data security and data privacy claims. Injury in fact must be "concrete," "particularized," and "actual or imminent"--all characteristics that are challenging to meet with information harms. This Article suggests looking to an unusual source for clarification on privacy and standing: recent national security surveillance litigation. There we can find significant discussions of what rises to the level of Article III injury in fact. The answers may be surprising: the interception of sensitive information; the seizure of less sensitive information and housing of it in a database for analysis; and …