Law Commons^™

Fintech Lending In India: Taking Stock Of Implications For Privacy And Autonomy, Vidushi Marda, Amber Sinha

Indian Journal of Law and Technology

In the last five years, the Fintech sector has thrived in India, with Machine Learning (ML) driven credit scoring based on alternative data, emerging as a growing segment. The credit scoring industry in India needs to be viewed in light of a careful examination of rights, inclusion, appropriate safeguards and discrimination, currently missing from the discourse and practices. In this paper, we explain how ML-based credit scoring works, and the regulatory and commercial factors that have enabled and impeded its growth in India. Through legal and technological analysis, richened by insights from qualitative interviews with entrepreneurs and practitioners, we provide …

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

The Data Trust Solution To Data Sharing Problems, Kimberly A. Houser, John W. Bagby

Vanderbilt Journal of Entertainment & Technology Law

A small number of large companies hold most of the world’s data. Once in the hands of these companies, data subjects have little control over the use and sharing of their data. Additionally, this data is not generally available to small and medium enterprises or organizations who seek to use it for social good. A number of solutions have been proposed to limit Big Tech “power,” including antitrust actions and stricter privacy laws, but these measures are not likely to address both the oversharing and under-sharing of personal data. Although the data trust concept is being actively explored in the …

Perlindungan Atas Privasi Konsumen Dalam Layanan Reservasi Tiket Online Dari Pt. Kereta Api Indonesia, Aprilia Susanti

"Dharmasisya” Jurnal Program Magister Hukum FHUI

The significant increase in online activities cannot be separated from the many active internet users who use mobile internet connections to carry out their daily activities, one of which is for the convenience of making ticket reservations at PT. Indonesian Railways (KAI). The purpose of this research is to find out the study of the business law of protecting consumer privacy in the online ticketing service of PT. KAI. Data collection was carried out by means of a literature study of the relationship between laws and regulations in consumer protection and the position of PT. KAI as business actors and …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

Forensic Discoverability Of Ios Vault Applications, Alissa Gilbert, Kathryn C. Seigfried-Spellar

Journal of Digital Forensics, Security and Law

Vault Applications are used to store potentially sensitive information on a smartphone; and are available on Android and iOS. The purpose of using these applications could be used to hide potential evidence or illicit photos. After comparing five different iOS photo vaults, each vault left evidence and photos behind. However, of the three forensic toolkits used, each produced different results in their scans of the phone. The media left behind was due to the photo vaults not protecting their information as claimed, and using basic obfuscation techniques in place of security controls. Future research will look at how newer security …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Freedom Of Expression V. Social Responsibility On The Internet: Vivi Down Association V. Google, Raphael Cohen-Almagor, Natalina Stamile

Seattle Journal of Technology, Environmental & Innovation Law

The aim of the article is to reflect on Google’s social responsibility by analyzing a milestone court decision, Vivi Down Association v. Google, that took place in Italy, involving the posting of an offensive video clip on Google Video. It was a landmark decision because it refuted the assertion that the Internet knows no boundaries, that the Internet transcends national laws due to its international nature, and that Internet intermediaries, such as Google, are above the law. This case shows that when the legal authorities of a given country decide to assert their jurisdiction, Internet companies need to abide by …

Show Me The (Data About The) Money!, Nizan Geslevich Packin

Utah Law Review

Information about consumers, their money, and what they do with it is the lifeblood of the flourishing financial technology (“FinTech”) sector. Historically, highly regulated banks jealously protected this data. However, consumers themselves now share their data with businesses more than ever before. These businesses monetize and use the data for countless prospects, often without the consumers’ actual consent. Understanding the dimensions of this recent phenomenon, more and more consumer groups, scholars, and lawmakers have started advocating for consumers to have the ability to control their data as a modern imperative. This ability is tightly linked to the concept of open …

Keeping The Zombies At Bay: Fourth Amendment Problems In The Fight Against Botnets, Danielle Potter

Washington and Lee Journal of Civil Rights and Social Justice

You may not have heard of a botnet. If you have, you may have linked it to election shenanigans and nothing else. But if you are reading this on a computer or smartphone, there is a good chance you are in contact with a botnet right now.

Botnets, sometimes called “Zombie Armies,” are networks of devices linked by a computer virus and controlled by cybercriminals. Botnets operate on everyday devices owned by millions of Americans, and thus pose a substantial threat to individual device owners as well as the nation’s institutions and economy.

Accordingly, the United States government has been …

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

The First Amendment And Data Privacy: Securing Data Privacy Laws That Withstand Constitutional Muster, Kathryn Peyton

Pepperdine Law Review

Given the growing ubiquity of digital technology’s presence in people’s lives today, it is becoming increasingly more necessary to secure data privacy protections. People interact with technology constantly, ranging from when engaging in business activates, such as corresponding through emails or doing research online, to more innocuous activities like driving, shopping, or talking with friends and family. The advances in technology have made possible the creation of digital trails whenever someone interacts with such technology. Companies aggregate data from data trails and use predictive analytics to create detailed profiles about citizen-consumers. This information is typically used for profit generating purposes. …

Can Pipeda ‘Face’ The Challenge? An Analysis Of The Adequacy Of Canada’S Private Sector Privacy Legislation Against Facial Recognition Technology, Tunca Bolca

Canadian Journal of Law and Technology

Facial recognition technology is one of the most intrusive and privacy threatening technologies available today. The literature around this technology mainly focuses on its use by the public sector as a mass surveillance tool; however, the private sector uses of facial recognition technologies also raise significant privacy concerns. This paper aims to identify and examine the privacy implications of the private sector uses of facial recognition technologies and the adequacy of Canada’s federal private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), in addressing these privacy concerns. Facial templates produced and recorded by these technologies are …

From Protecting To Performing Privacy, Garfield Benjamin

The Journal of Sociotechnical Critique

Privacy is increasingly important in an age of facial recognition technologies, mass data collection, and algorithmic decision-making. Yet it persists as a contested term, a behavioural paradox, and often fails users in practice. This article critiques current methods of thinking privacy in protectionist terms, building on Deleuze's conception of the society of control, through its problematic relation to freedom, property and power. Instead, a new mode of understanding privacy in terms of performativity is provided, drawing on Butler and Sedgwick as well as Cohen and Nissenbaum. This new form of privacy is based on identity, consent and collective action, a …

The Limits And Possibilities Of Data-Driven Antitrafficking Efforts, Jennifer Musto Ph.D.

Georgia State University Law Review

An examination of technology in the countertrafficking space reveals recurring tensions between law enforcement and rights-based approaches. It also illuminates assumptions, such as the one that posits more law enforcement-focused, nonstate-actor-supported data-driven efforts are necessary to securing justice for people in trafficking situations. However, a closer look at how technology is used and by whom also invites us to ask different questions and to leverage the power of our all-too-human creative potential in thinking about how to value and prioritize data ethics, transparency, and accountability in future countertrafficking work.

Opting Out: Biometric Information Privacy And Standing, Michelle Jackson

Duke Law & Technology Review

No abstract provided.

The Danger Of Facial Recognition In Our Children’S Classrooms, Nila Bala

Duke Law & Technology Review

No abstract provided.

Closed Adoption: An Illusory Promise To Birth Parents And The Changing Landscape Of Sealed Adoption Records, Bryn Baffer

Catholic University Journal of Law and Technology

Imagine spitting into a tube and mailing your DNA off only to discover that you had a sibling who had been adopted by another family or that a parent’s affair had resulted in a half-sibling. For many individuals, these family secrets have been exposed due to direct-to-consumer DNA testing companies, such as 23andMe.

By the 1950s, most states had enacted statutes that sealed adoption record files in order to preserve the privacy of the birth parents, adoptees, and adoptive families. While some states have moved toward granting adoptees access to their adoption records, most states still have some type of …

Protecting Online Privacy In The Digital Age: Carpenter V. United States And The Fourth Amendment’S Third-Party Doctrine, Cristina Del Rosso, Carol M. Bast

Catholic University Journal of Law and Technology

The goal of this paper is to examine the future of the third-party doctrine with the proliferation of technology and the online data we are surrounded with daily, specifically after the Supreme Court’s decision in Carpenter v. United States. It is imperative that individuals do not forfeit their Constitutional guarantees for the benefit of living in a technologically advanced society. This requires an understanding of the modern-day functional equivalents of “papers” and “effects.”

Looking to the future, this paper contemplates solutions on how to move forward in this technology era by scrutinizing the relevancy of the third-party doctrine due …

Implementing Ethics Into Artificial Intelligence: A Contribution, From A Legal Perspective, To The Development Of An Ai Governance Regime, Axel Walz, Kay Firth-Butterfield

Duke Law & Technology Review

The increasing use of AI and autonomous systems will have revolutionary impacts on society. Despite many benefits, AI and autonomous systems involve considerable risks that need to be managed. Minimizing these risks will emphasize the respective benefits while at the same time protecting the ethical values defined by fundamental rights and basic constitutional principles, thereby preserving a human centric society. This Article advocates for the need to conduct in-depth risk-benefit-assessments with regard to the use of AI and autonomous systems. This Article points out major concerns in relation to AI and autonomous systems such as likely job losses, causation of …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy, Freedom, And Technology—Or “How Did We Get Into This Mess?”, Alex Alben

Seattle University Law Review

Can we live in a free society without personal privacy? The question is worth pondering, not only in light of the ongoing debate about government surveillance of private communications, but also because new technologies continue to erode the boundaries of our personal space. This Article examines our loss of freedom in a variety of disparate contexts, all connected by the thread of erosion of personal privacy. In the scenarios explored here, privacy reducing activities vary from government surveillance, personal stalking conducted by individuals, and profiling by data-driven corporations, to political actors manipulating social media platforms. In each case, new technologies …

Gdpr Compliance—It Takes A Village, Susy Mendoza

Seattle University Law Review

When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the …

Footprints: Privacy For Enterprises, Processors, And Custodians…Oh My!, Blair Witzel, Carrie Mount

Seattle University Law Review

Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of …

Bytes Bite: Why Corporate Data Breaches Should Give Standing To Affected Individuals, Caden Hayes

Washington and Lee Journal of Civil Rights and Social Justice

High-profile data hacks are not uncommon. In fact, according to the Privacy Rights Clearinghouse, there have been at least 7,961 data breaches, exposing over 10,000,000,000 accounts in total, since 2005. These shocking numbers are not particularly surprising when taking into account the value of information stolen. For example, cell phone numbers, as exposed in a Yahoo! hack, are worth $10 a piece on the black market, meaning the hackers stood to make $30,000,000,000 from that one hack. That dollar amount does not even consider copies the hackers could make and later resell. Yet while these hackers make astronomical payoffs, the …