Law Commons^™

Privacy Policy Indeterminacy, Christopher G. Bradley

Connecticut Law Review

Despite being subjected to decades of sharp criticism, privacy policies published by companies remain a linchpin of privacy regulation. Representations in these policies provide the main measure against which consumer privacy can be judged. Policies are rarely read by consumers. Instead, these policies are interpreted by company decision makers tasked with interpreting whether a proposed course of action is consistent with stated policies as well as underlying privacy law. To be effective, policies must constrain use of consumer data even when they are given a company-friendly reading.

Experimental evidence on the interpretation of privacy policies provides no grounds for encouragement …

Evaluating The Constitutionality Of Marital Status Classifications In The Regulation Of Posthumous Reproduction And Postmortem Sperm Retrieval, Alison Jane Walker

Connecticut Law Review

In Eisenstadt v. Baird, the Supreme Court held that a state law prohibiting the provision of contraceptives to unmarried persons violated the Fourteenth Amendment’s rational basis test because of the disparate treatment it afforded to married and unmarried individuals. Eisenstadt stands for an individual’s right to make their own procreative decisions, free from governmental intrusions which impose arbitrary classifications on privacy and freedom. This Note focuses on posthumous reproduction and, more specifically, postmortem sperm retrieval: the process of using a deceased male’s frozen sperm after his death to produce his biological children at the request of his spouse or intimate …

Risk And Rights In Transatlantic Data Transfers: Eu Privacy Law, U.S. Surveillance, And The Search For Common Ground, Ira Rubinstein, Peter Margulies

Connecticut Law Review

Privacy advocates rightly view the Court of Justice of the European Union (CJEU) decision in Data Protection Commissioner v. Facebook Ireland Ltd. and Maximilian Schrems (Schrems II) as a landmark. But, one stakeholder’s landmark is another’s headache. The CJEU’s decision invalidated the EU-U.S. Privacy Shield agreement governing transatlantic transfers of personal data. Citing U.S. surveillance, the CJEU found that data transfers lacked adequate privacy protections under the EU’s General Data Protection Regulation (GDPR). The Schrems II decision thus clouded the future of data transfers that help drive the global economy. This Article offers a hybrid approach to safeguard privacy rights …

Negligence At The Breach: Information Fiduciaries And The Duty To Care For Data, Daniel M. Filler, David M. Haendler, Jordan L. Fischer

Connecticut Law Review

Personal data is a cost of admission for much of modern life. Employers, tech companies, advertisers, information brokers, and others collect huge quantities of data about us all. Yet outside of a few highly-regulated industries, American companies face few legal restrictions on how they manage and use that data. Until now, individuals have had very limited remedies when their data is stolen from data collectors. But change is afoot. In a significant recent decision, the Pennsylvania Supreme Court took a consequential step holding that entities collecting personal data owe a duty of reasonable care to protect data subjects against harm. …