Law Commons^™

The Trade Origins Of Privacy Law, Anupam Chander

Georgetown Law Faculty Publications and Other Works

The desire for trade propelled the growth of data privacy law across the world. Countries with strong privacy laws sought to ensure that their citizens’ privacy would not be compromised when their data traveled to other countries. Even before this vaunted Brussels Effect pushed privacy law across the world through the enticement of trade with the European Union, Brussels had to erect privacy law within the Union itself. And as the Union itself expanded, privacy law was a critical condition for accession.

But this coupling of privacy and trade leaves a puzzle: how did the U.S. avoid a comprehensive privacy …

Do Not Touch My Data: Exploring A Disclosure-Based Framework To Address Data Access, Francis Morency

Washington and Lee Journal of Civil Rights and Social Justice

Companies have too much control over people’s information. In the data marketplace, companies package and sell individuals’ data, and these individuals have little to no bargaining power over the process. Companies may freely buy and sell people’s data in the private sector for targeted marketing and behavior manipulation. In the justice system, an unchecked data marketplace leaves black and brown communities vulnerable to serious data access issues caused by predictive sentencing, for example. Risk assessment algorithms in predictive sentencing rely on data on individuals and run all relevant data points to provide the likelihood that a defendant will recidivate low …

Data Privacy In The Time Of Plague, Cason Schmit, Brian N. Larson, Hye-Chung Kum

Faculty Scholarship

Data privacy is a life-or-death matter for public health. Beginning in late fall 2019, two series of events unfolded, one everyone talked about and one hardly anyone noticed: The greatest world-health crisis in at least 100 years, the COVID-19 pandemic; and the development of the Personal Data Protection Act Committee by the Uniform Law Commissioners (ULC) in the United States. By July 2021, each of these stories had reached a turning point. In the developed, Western world, most people who wanted to receive the vaccine against COVID- 19 could do so. Meanwhile, the ULC adopted the Uniform Personal Data Protection …

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Responding To Deficiencies In The Architecture Of Privacy: Co-Regulation As The Path Forward For Data Protection On Social Networking Sites, Laurent Cre ́Peau

Canadian Journal of Law and Technology

Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. …

Data Privacy, Human Rights, And Algorithmic Opacity, Sylvia Lu

Fellow, Adjunct, Lecturer, and Research Scholar Works

Decades ago, it was difficult to imagine a reality in which artificial intelligence (AI) could penetrate every corner of our lives to monitor our innermost selves for commercial interests. Within just a few decades, the private sector has seen a wild proliferation of AI systems, many of which are more powerful and penetrating than anticipated. In many cases, AI systems have become “the power behind the throne,” tracking user activities and making fateful decisions through predictive analysis of personal information. Despite the growing power of AI, proprietary algorithmic systems can be technically complex, legally claimed as trade secrets, and managerially …

Use Of Unmanned Aircraft Systems And Regulatory Landscape: Unravelling The Future Challenges In The High Sky, K Kirthan Shenoy, Divya Tyagi

International Journal of Aviation, Aeronautics, and Aerospace

The individuals on the ground nowadays often observe objects distantly hover over the sky, which raises the question of who might be operating the object or what the object might record. Unmanned Aircraft Systems (UAS) or Drones today have quickly penetrated civilian, military, and commercial sectors. The drones or UAS, with the advancement of technology, are now capable of traversing long distances, having long endurance, and having multipurpose functionality. The UAS industry is fast expanding, with trade investment touching the billion-dollar mark in flourishing economies. The advent of the Covid 19 pandemic saw a steep rise in the use of …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

Meaningful Choice: A History Of Consent And Alternatives To The Consent Myth, Charlotte A. Tschider

Faculty Publications & Other Works

Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing …

Ai's Legitimate Interest: Towards A Public Benefit Privacy Model, Charlotte A. Tschider

Faculty Publications & Other Works

Health data uses are on the rise. Increasingly more often, data are used for a variety of operational, diagnostic, and technical uses, as in the Internet of Health Things. Never has quality data been more necessary: large data stores now power the most advanced artificial intelligence applications, applications that may enable early diagnosis of chronic diseases and enable personalized medical treatment. These data, both personally identifiable and de-identified, have the potential to dramatically improve the quality, effectiveness, and safety of artificial intelligence.

Existing privacy laws do not 1) effectively protect the privacy interests of individuals and 2) provide the flexibility …

A Review Of Data Protection Regulations And The Right To Privacy: The Case Of The Us And India, Chrisann Campbell

Dissertations and Theses

Since 1948 and the signing of the Universal Declaration of Human Rights, the concept of privacy has grown more complex with the rise of technology and a shift to the internet. In particular, the unregulated use of technologies that can capture individuals' personal data without their knowledge or consent poses a threat to their right to privacy and other additional human rights. The protection of the collection, storing, and transfer of users' personal data against data breaches also ensures that the right to privacy is guaranteed. Through examining two countries, the U.S. and India, on the idea of privacy, personal …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

What Is Privacy? That’S The Wrong Question, Woodrow Hartzog

Faculty Scholarship

Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”

In this short essay reflecting upon Solove’s impact on the modern study of information privacy, I argue that the chaos and futility of competing conceptualizations of privacy is why Solove’s …

"Slack" In The Data Age, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

This Article examines how increasingly ubiquitous data and information affect the role of “slack” in the law. Slack is the informal latitude to break the law without sanction. Pockets of slack exist for various reasons, including information imperfections, enforcement resource constraints, deliberate nonenforcement of problematic laws, politics, biases, and luck. Slack is important in allowing flexibility and forbearance in the legal system, but it also risks enabling selective and uneven enforcement. Increasingly available data is now upending slack, causing it to contract and exacerbating the risks of unfair enforcement.

This Article delineates the various contexts in which slack arises and …

Stealing (Identity) From The Poor, Sara S. Greene

Faculty Scholarship

The law of data breaches is new, dynamic, and evolving. The number and complexity of breaches increases each year and legal scholars, courts, and policymakers scramble to respond. In 2019, 14.4 million consumers became victims of identity theft, the most problematic consequence of data breaches for consumers. Indeed, one-third of all Americans have experienced identity theft at some point in their lives. Yet despite low-income groups comprising at least thirty percent of all identity theft victims, existing discourse and debate on the regulatory regime governing data breaches and identity theft primarily reflects the experiences and concerns of middle- and high-income …

The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …

A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …

Privacy And Surveillance In The Workplace: Closing The Electronic Surveillance Gap, Christina Catenacci

Electronic Thesis and Dissertation Repository

This dissertation argues that there is an electronic surveillance gap in the employment context in Canada, a gap that is best understood as an absence of appropriate legal provisions to regulate employers’ electronic surveillance of employees both inside and outside the workplace. This dissertation aims to identify and articulate principles and values that can be used to close the electronic surveillance gap in Canada and suggests that, through the synthesis of social theories of surveillance and privacy, together with analyses of privacy provisions and workplace privacy cases, a new and better workplace privacy regime can be designed. This dissertation uses …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Privacy's Constitutional Moment And The Limits Of Data Protection, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

America’s privacy bill has come due. Since the dawn of the Internet, Congress has repeatedly failed to build a robust identity for American privacy law. But now both California and the European Union have forced Congress’s hand by passing the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). These data protection frameworks, structured around principles for Fair Information Processing called the “FIPs,” have industry and privacy advocates alike clamoring for a “U.S. GDPR.” States seemed poised to blanket the country with FIP-based laws if Congress fails to act. The United States is thus in the midst …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans

Faculty Scholarship

What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …

A Recent Renaissance In Privacy Law, Margot Kaminski

Publications

Considering the recent increased attention to privacy law issues amid the typically slow pace of legal change.

Open Banking: Regulatory Challenges For A New Form Of Financial Intermediation In A Data-Driven World, Nydia Remolina

Centre for AI & Data Governance

Data has taken immense importance in the last years. Consider the amount of data that is being collected worldwide every day, industries are reshaping their activities into a data-driven business. The digital transformation of all industries, portent of the fourth industrial revolution, is creating a new kind of economy based on the datafication of almost any aspect of human social, political and economic activity as a result of the information generated by the numerous daily routines of digitally connected individuals and technology. The financial services industry is part of this trend. Embracing the digital revolution and creating the right foundations …

Moving On From The Ombuds Model For Data Protection In Canada, Teresa Scassa

Canadian Journal of Law and Technology

Both the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act adopt an ombuds model when it comes to addressing complaints by members of the public. This model is also present in other data protection laws, including public sector data protection laws at the provincial level, as well as personal health information protection legislation. The focus of this short paper is the model adopted in PIPEDA and its ongoing suitability. PIPEDA was designed to apply across the full range of private sector actors and is increasingly under strain in the big data society. These factors may make …

Digital Colonialism: The 21st Century Scramble For Africa Through The Extraction And Control Of User Data And The Limitations Of Data Protection Laws, Danielle Coleman

Michigan Journal of Race and Law

As Western technology companies increasingly rely on user data globally, extensive data protection laws and regulations emerged to ensure ethical use of that data. These same protections, however, do not exist uniformly in the resource-rich, infrastructure-poor African countries, where Western tech seeks to establish its presence. These conditions provide an ideal landscape for digital colonialism.

Digital colonialism refers to a modern-day “Scramble for Africa” where largescale tech companies extract, analyze, and own user data for profit and market influence with nominal benefit to the data source. Under the guise of altruism, large scale tech companies can use their power and …

When Data Comes Home: Next Steps In International Taxation’S Information Revolution, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

Over the last decade, there has been a revolution in cross-border tax information exchange and reporting. While this dramatic shift was the product of multiple forces and events, a fundamental reality is that politics, technology, and law intersected to drive the shift to the point where nation-states will now transmit and receive from each other significant ongoing flows of taxpayer information. States can now expect to accumulate large stashes of data on cross-border income, assets, and activities on a scale and level of comprehensiveness unmatched by previous information exchange regimes.

This article examines the pressing follow-up question of how this …