Law Commons^™

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Georgetown Law Faculty Publications and Other Works

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

The Case For The Third-Party Doctrine, Orin S. Kerr

Orin Kerr

This Article offers a defense of the Fourth Amendment's third party doctrine, the controversial rule that information loses Fourth Amendment protection when it is knowingly revealed to a third party. Fourth Amendment scholars have repeatedly attacked the rule on the ground that it is unpersuasive on its face and gives the government too much power This Article responds that critics have overlooked the benefits of the rule and have overstated its weaknesses. The third-party doctrine serves two critical functions. First, the doctrine ensures the technological neutrality of the Fourth Amendment. It corrects for the substitution effect of third parties that …

The Role Of Satellites And Smart Devices: Data Surprises And Security, Privacy, And Regulatory Challenges, Anne T. Mckenna, Amy C. Gaudion, Jenni L. Evans

Amy C. Gaudion

Strava, a popular social media platform and mobile app like Facebook but specifically designed for athletes, posts a “heatmap” with consensually-obtained details about users’ workouts and geolocation. Strava’s heatmap depicts aggregated data of user location and movement by synthesizing GPS satellite data points and movement data from users’ smart devices together with satellite imagery. In January of 2018, a 20-year-old student tweeted that Strava’s heatmap revealed U.S. forward operating bases. The tweet revealed a significant national security issue and flagged substantial privacy and civil liberty concerns.

Smart devices, software applications, and social media platforms aggregate consumer data from multiple data …

Cell Phones Are Orwell's Telescreen: The Need For Fourth Amendment Protection In Real-Time Cell Phone Location Information, Matthew Devoy Jones

Cleveland State Law Review

Courts are divided as to whether law enforcement can collect cell phone location information in real-time without a warrant under the Fourth Amendment. This Article argues that Carpenter v. United States requires a warrant under the Fourth Amendment prior to law enforcement’s collection of real-time cell phone location information. Courts that have required a warrant prior to the government’s collection of real-time cell phone location information have considered the length of surveillance. This should not be a factor. The growing prevalence and usage of cell phones and cell phone technology, the original intent of the Fourth Amendment, and United States …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy, Freedom, And Technology—Or “How Did We Get Into This Mess?”, Alex Alben

Seattle University Law Review

Can we live in a free society without personal privacy? The question is worth pondering, not only in light of the ongoing debate about government surveillance of private communications, but also because new technologies continue to erode the boundaries of our personal space. This Article examines our loss of freedom in a variety of disparate contexts, all connected by the thread of erosion of personal privacy. In the scenarios explored here, privacy reducing activities vary from government surveillance, personal stalking conducted by individuals, and profiling by data-driven corporations, to political actors manipulating social media platforms. In each case, new technologies …

Gdpr Compliance—It Takes A Village, Susy Mendoza

Seattle University Law Review

When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the …

Footprints: Privacy For Enterprises, Processors, And Custodians…Oh My!, Blair Witzel, Carrie Mount

Seattle University Law Review

Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of …

Alexa, Amazon Assistant Or Government Informant?, Julia R. Shackleton Esq.

University of Miami Business Law Review

Alexa, are you listening to me? Technology has become an integral part of one’s everyday life with voice-controlled devices pervading our most intimate interactions and spaces within the home. The answers to our questions are now at our fingertips with the simple roll of the tongue “Alexa,” your very own personal intelligence assistant. This futuristic household tool can perform tasks that range from answering simple voice commands to ordering any online shopping. However, the advent of voice technology presents a myriad of problems. Concerns arise as these new devices live in the privacy of our homes while quietly listening for …

Nowhere To Run, Nowhere To Hide.* Applying The Fourth Amendment To Connected Cars In The Internet-Of-Things Era, Gregory C. Brown, Jr.

Journal of Civil Rights and Economic Development

(Excerpt)

Part I of this Note will briefly discuss the key components of a Connected Car, identify who collects the data from the Car, and examine the various uses for the data. Part I also explores whether Car owners consent to the collection of their Car’s data. Part II-A will trace the historical development of the automobile exception to the Fourth Amendment, which generally permits law-enforcement officers to conduct a warrantless search of a vehicle. Part II-B will discuss how the Supreme Court has applied the Fourth Amendment to pre-Internet technologies. Part II-C will discuss two recent Fourth Amendment Supreme …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Christopher Slobogin

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Is It Time For A Universal Genetic Forensic Database?, Christopher Slobogin, Ellen Wright Clayton, J. W. Hazel, B. A. Malin

Ellen Wright Clayton

The ethical objections to mandating forensic profiling of newborns and/or compelling every citizen or visitor to submit to a buccal swab or to spit in a cup when they have done nothing wrong are not trivial. But newborns are already subject to compulsory medical screening, and people coming from foreign countries to the United States already submit to fingerprinting. It is also worth noting that concerns about coercion or invasions of privacy did not give pause to legislatures (or, for that matter, even the European Court) when authorizing compelled DNA sampling from arrestees, who should not forfeit genetic privacy interests …

Younger Generations Are Infected By Continuous Socialization To Accept Diminished Privacy: A Global Analysis Of How The United States' Constitutional Doctrine Is A Main Contributor To Eroded Privacy, Tiffany Kim

Indiana Journal of Global Legal Studies

Since the nineteenth century, privacy concerns have increased with the growth of technology. The invention of instantaneous photography, coupled with the enlarged presence of press, was met with concerns of degraded privacy. Society has formed expectations of privacy, but as time passes, those expectations continue to diminish. Younger generations have been socialized to accept lessened levels of privacy in this digitalized world of mass data and connectivity.

Individual privacy expectations vary globally. The construction of China's government and culture produces a lesser expectation of individual privacy than that of the United States. As outlined in the U.S. Constitution, U.S. citizens …

The Department Of Justice Versus Apple Inc. -- The Great Encryption Debate Between Privacy And National Security, Julia P. Eckart

Catholic University Journal of Law and Technology

This article is an attempt to objectively examine and assess legal arguments made by Apple Inc. (Apple) and the Department of Justice (DOJ) concerning the DOJ’s use of the All Writs Act[1] (AWA) to require Apple to provide technical assistance to the DOJ so that it could access the encrypted data from the locked iPhone of Syed Rizwan Farook, commonly referred to as the San Bernardino shooter. The DOJ’s initial ex parte application focused on meeting the requirements of United States v. New York Telephone Co.[2] concluding the court order was authorized and appropriate. Apple not only argued …

Killer Apps: Vanishing Messages, Encrypted Communications, And Challenges To Freedom Of Information Laws When Public Officials "Go Dark", Daxton R. Stewart

Journal of Law, Technology, & the Internet

Government officials such as White House staffers and the Missouri governor have been communicating among themselves and leaking to journalists using apps such as Signal and Confide, which allow users to encrypt messages or to make them vanish after they are received. By using these apps, government officials are "going dark" by avoiding detection of their communications in a way that undercuts freedom of information laws. This article explores the challenges presented by government employee use of encrypted and ephemeral messaging apps by examining three policy approaches: (1) banning use of the apps, (2) enhancing existing archiving and record-keeping practices, …

The Exclusionary Rule In The Age Of Blue Data, Andrew Ferguson

Articles in Law Reviews & Other Academic Journals

In Herring v. United States, Chief Justice John Roberts reframed the Supreme Court’s understanding of the exclusionary rule: “As laid out in our cases, the exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence.” The open question remains: how can defendants demonstrate sufficient recurring or systemic negligence to warrant exclusion? The Supreme Court has never answered the question, although the absence of systemic or recurring problems has figured prominently in two recent exclusionary rule decisions. Without the ability to document recurring failures, or patterns of police misconduct, courts can dismiss …

Power, Process, And Automated Decision-Making, Ari Ezra Waldman

Articles & Chapters

Many decisions that used to be made by humans are now made by machines. And yet, automated decision-making systems based on “big data” – powered algorithms and machine learning are just as prone to mistakes, biases, and arbitrariness as their human counterparts. The result is a technologically driven decision-making process that seems to defy interrogation, analysis, and accountability and, therefore, undermines due process. This should make algorithmic decision-making an illegitimate source of authority in a liberal democracy. This Essay argues that algorithmic decision-making is a product of the neoliberal project to undermine social values like equality, nondiscrimination, and human flourishing …

Privacy And Legal Automation: The Dmca As A Case Study, Jonathon Penney

Articles, Book Chapters, & Popular Press

Advances in artificial intelligence, machine learning, computing capacity, and big data analytics are creating exciting new possibilities for legal automation. At the same time, these changes pose serious risks for civil liberties and other societal interests. Yet, existing scholarship is narrow, leaving uncertainty on a range of issues, including a glaring lack of systematic empirical work as to how legal automation may impact people’s privacy and freedom. This article addresses this gap with an original empirical analysis of the Digital Millennium Copyright Act (DMCA), which today sits at the forefront of algorithmic law due to its automated enforcement of copyright …

Recording As Heckling, Scott Skinner-Thompson

Publications

A growing body of authority recognizes that citizen recording of police officers and public space is protected by the First Amendment. But the judicial and scholarly momentum behind the emerging “right to record” fails to fully incorporate recording’s cost to another important right that also furthers First Amendment principles: the right to privacy.

This Article helps fill that gap by comprehensively analyzing the First Amendment interests of both the right to record and the right to privacy in public while highlighting the role of technology in altering the First Amendment landscape. Recording information can be critical to future speech and, …

Binary Governance: Lessons From The Gdpr’S Approach To Algorithmic Accountability, Margot E. Kaminski

Publications

Algorithms are now used to make significant decisions about individuals, from credit determinations to hiring and firing. But they are largely unregulated under U.S. law. A quickly growing literature has split on how to address algorithmic decision-making, with individual rights and accountability to nonexpert stakeholders and to the public at the crux of the debate. In this Article, I make the case for why both individual rights and public- and stakeholder-facing accountability are not just goods in and of themselves but crucial components of effective governance. Only individual rights can fully address dignitary and justificatory concerns behind calls for regulating …

Privacy And Security Across Borders, Jennifer Daskal

Articles in Law Reviews & Other Academic Journals

Three recent initiatives -by the United States, European Union, and Australiaare opening salvos in what will likely be an ongoing and critically important debate about law enforcement access to data, the jurisdictional limits to such access, and the rules that apply. Each of these developments addresses a common set of challenges posed by the increased digitalization of information, the rising power of private companies delimiting access to that information, and the cross-border nature of investigations that involve digital evidence. And each has profound implications for privacy, security, and the possibility of meaningful democratic accountability and control. This Essay analyzes the …

The Right To Explanation, Explained, Margot E. Kaminski

Publications

Many have called for algorithmic accountability: laws governing decision-making by complex algorithms, or AI. The EU’s General Data Protection Regulation (GDPR) now establishes exactly this. The recent debate over the right to explanation (a right to information about individual decisions made by algorithms) has obscured the significant algorithmic accountability regime established by the GDPR. The GDPR’s provisions on algorithmic accountability, which include a right to explanation, have the potential to be broader, stronger, and deeper than the preceding requirements of the Data Protection Directive. This Essay clarifies, largely for a U.S. audience, what the GDPR actually requires, incorporating recently released …

The Role Of Satellites And Smart Devices: Data Surprises And Security, Privacy, And Regulatory Challenges, Anne T. Mckenna, Amy C. Gaudion, Jenni L. Evans

Faculty Scholarly Works

Strava, a popular social media platform and mobile app like Facebook but specifically designed for athletes, posts a “heatmap” with consensually-obtained details about users’ workouts and geolocation. Strava’s heatmap depicts aggregated data of user location and movement by synthesizing GPS satellite data points and movement data from users’ smart devices together with satellite imagery. In January of 2018, a 20-year-old student tweeted that Strava’s heatmap revealed U.S. forward operating bases. The tweet revealed a significant national security issue and flagged substantial privacy and civil liberty concerns.

Smart devices, software applications, and social media platforms aggregate consumer data from multiple data …

The Value Of Deviance: Understanding Contextual Privacy, Timothy Casey

Faculty Scholarship

Recent decisions by the Supreme Court in Carpenter v. United States and the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corporation signal a shift in the traditional understanding of what exactly is protected by a privacy interest. Carpenter distinguished between a police officer’s observation of a suspect’s location and a perpetual catalogue of a person’s movements obtained through cell site location information (CSLI). The pervasive and vast quantity of information from CSLI exposed a protected privacy interest. In Rosenbach, the Illinois Supreme Court found the unique and personal quality of biometric information meant that consent and disclosure requirements …