Law Commons^™

The New Bailments, Danielle D'Onfro

Scholarship@WashULaw

The rise of cloud computing has dramatically changed how consumers and firms store their belongings. Property that owners once managed directly now exists primarily on infrastructure maintained by intermediaries. Consumers entrust their photos to Apple instead of scrapbooks; businesses put their documents on Amazon’s servers instead of in file cabinets; seemingly everything runs in the cloud. Were these belongings tangible, the relationship between owner and intermediary would be governed by the common-law doctrine of bailment. Bailments are mandatory relationships formed when one party entrusts their property to another. Within this relationship, the bailees owe the bailors a duty of care …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

Periods For Profit And The Rise Of Menstrual Surveillance, Michele E. Gilman

All Faculty Scholarship

Menstruation is being monetized and surveilled, with the voluntary participation of millions of women. Thousands of downloadable apps promise to help women monitor their periods and manage their fertility. These apps are part of the broader, multi-billion dollar, Femtech industry, which sells technology to help women understand and improve their health. Femtech is marketed with the language of female autonomy and feminist empowerment. Despite this rhetoric, Femtech is part of a broader business strategy of data extraction, in which companies are extracting people’s personal data for profit, typically without their knowledge or meaningful consent. Femtech can oppress menstruators in several …

Meaningful Choice: A History Of Consent And Alternatives To The Consent Myth, Charlotte A. Tschider

Faculty Publications & Other Works

Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing …

Legal Opacity: Artificial Intelligence’S Sticky Wicket, Charlotte A. Tschider

Faculty Publications & Other Works

Proponents of artificial intelligence (“AI”) transparency have carefully illustrated the many ways in which transparency may be beneficial to prevent safety and unfairness issues, to promote innovation, and to effectively provide recovery or support due process in lawsuits. However, impediments to transparency goals, described as opacity, or the “black-box” nature of AI, present significant issues for promoting these goals.

An undertheorized perspective on opacity is legal opacity, where competitive, and often discretionary legal choices, coupled with regulatory barriers create opacity. Although legal opacity does not specifically affect AI only, the combination of technical opacity in AI systems with legal opacity …

Ai's Legitimate Interest: Towards A Public Benefit Privacy Model, Charlotte A. Tschider

Faculty Publications & Other Works

Health data uses are on the rise. Increasingly more often, data are used for a variety of operational, diagnostic, and technical uses, as in the Internet of Health Things. Never has quality data been more necessary: large data stores now power the most advanced artificial intelligence applications, applications that may enable early diagnosis of chronic diseases and enable personalized medical treatment. These data, both personally identifiable and de-identified, have the potential to dramatically improve the quality, effectiveness, and safety of artificial intelligence.

Existing privacy laws do not 1) effectively protect the privacy interests of individuals and 2) provide the flexibility …

Law Library Blog (January 2021): Legal Beagle's Blog Archive, Roger Williams University School Of Law

Law Library Newsletters/Blog

No abstract provided.

What Is Privacy? That’S The Wrong Question, Woodrow Hartzog

Faculty Scholarship

Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”

In this short essay reflecting upon Solove’s impact on the modern study of information privacy, I argue that the chaos and futility of competing conceptualizations of privacy is why Solove’s …

The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …

A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …

Inescapable Surveillance, Matthew Tokson

Utah Law Faculty Scholarship

Until recently, Supreme Court precedent dictated that a person waives their Fourth Amendment rights in information they disclose to another party. The Court reshaped this doctrine in Carpenter v. United States, establishing that the Fourth Amendment protects cell phone location data even though it is revealed to others. The Court emphasized that consumers had little choice but to disclose their data, because cell phone use is virtually inescapable in modern society.

In the wake of Carpenter, many scholars and lower courts have endorsed inescapability as an important factor for determining Fourth Amendment rights. Under this approach, surveillance that people cannot …

Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans

Faculty Scholarship

What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …

Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes

Publications

This symposium discussion of the Loyola of Los Angeles Law Review focuses on the newly enacted California Consumer Privacy Act (CPPA), a statute signed into state law by then-Governor Jerry Brown on June 28, 2018 and effective as of January 1, 2020. The panel was held on February 20, 2020.

The panelists discuss how businesses are responding to the new law and obstacles for consumers to make effective use of the law’s protections and rights. Most importantly, the panelists grapple with questions courts are likely to have to address, including the definition of personal information under the CCPA, the application …

The Exclusionary Rule In The Age Of Blue Data, Andrew Ferguson

Articles in Law Reviews & Other Academic Journals

In Herring v. United States, Chief Justice John Roberts reframed the Supreme Court’s understanding of the exclusionary rule: “As laid out in our cases, the exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence.” The open question remains: how can defendants demonstrate sufficient recurring or systemic negligence to warrant exclusion? The Supreme Court has never answered the question, although the absence of systemic or recurring problems has figured prominently in two recent exclusionary rule decisions. Without the ability to document recurring failures, or patterns of police misconduct, courts can dismiss …

Borders And Bits, Jennifer Daskal

Articles in Law Reviews & Other Academic Journals

Our personal data is everywhere and anywhere, moving across national borders in ways that defy normal expectations of how things and people travel from Point A to Point B. Yet, whereas data transits the globe without any intrinsic ties to territory, the governments that seek to access or regulate this data operate with territorial-based limits. This Article tackles the inherent tension between how governments and data operate, the jurisdictional conflicts that have emerged, and the power that has been delegated to the multinational corporations that manage our data across borders as a result. It does so through the lens of …

Body Cameras And The Path To Redeem Privacy Law, Woodrow Hartzog

Faculty Scholarship

From a privacy perspective, the movement towards police body cameras seems ominous. The prospect of a surveillance device capturing massive amounts of data concerning people’s most vulnerable moments is daunting. These concerns are compounded by the fact that there is little consensus and few hard rules on how and for whom these systems should be built and used. But in many ways, this blank slate is a gift. Law and policy makers are not burdened by the weight of rules and technologies created in a different time for a different purpose. These surveillance and data technologies will be modern. Many …

Risk And Resilience In Health Data Infrastructure, W. Nicholson Price Ii

Articles

Today’s health system runs on data. However, for a system that generates and requires so much data, the health care system is surprisingly bad at maintaining, connecting, and using those data. In the easy cases of coordinated care and stationary patients, the system works—sometimes. But when care is fragmented, fragmented data often result. Fragmented data create risks both to individual patients and to the system. For patients, fragmentation creates risks in care based on incomplete or incorrect information, and may also lead to privacy risks from a patched together system. For the system, data fragmentation hinders efforts to improve efficiency …

Newsroom: Cybersecurity: Obama's Conflicted Legacy 02-17-2017, Peter Margulies

Life of the Law School (1993- )

No abstract provided.

Peeling Back The Student Privacy Pledge, Alexi Pfeffer-Gillett

Scholarly Articles

Education software is a multi-billion dollar industry that is rapidly growing. The federal government has encouraged this growth through a series of initiatives that reward schools for tracking and aggregating student data. Amid this increasingly digitized education landscape, parents and educators have begun to raise concerns about the scope and security of student data collection.

Industry players, rather than policymakers, have so far led efforts to protect student data. Central to these efforts is the Student Privacy Pledge, a set of standards that providers of digital education services have voluntarily adopted. By many accounts, the Pledge has been a success. …

The Inadequate, Invaluable Fair Information Practices, Woodrow Hartzog

Faculty Scholarship

For the past thirty years, the general advice for those seeking to collect, use, and share people’s personal data in a responsible way was relatively straightforward: follow the fair information practices, often called the “FIPs.” These general guidelines were designed to ensure that data processors are accountable for their actions and that data subjects are safe, secure, and endowed with control over their personal information. The FIPs have proven remarkably sturdy against the backdrop of near-constant technological change. Yet in the age of social media, big data, and artificial intelligence, the FIPs have been pushed to their breaking point. We …

An Expressive Theory Of Privacy Intrusions, Craig Konnoth

Publications

The harms of privacy intrusions are numerous. They include discrimination, reputational harm, and chilling effects on speech, thought, and behavior. However, scholarship has yet to fully recognize a kind of privacy harm that this article terms "expressive."

Depending on where the search is taking place and who the actors involved are--a teacher in a school, the police on the street, a food inspector in a restaurant--victims and observers might infer different messages from the search. The search marks the importance of certain societal values such as law enforcement or food safety. It can also send messages about certain groups by …

The Law And Policy Of People Analytics, Matthew T. Bodie, Miriam A. Cherry, Marcia L. Mccormick, Jintong Tang

Faculty Publications

(Excerpt)

Recently, leading technology companies such as Google and IBM have started experimenting with "people analytics," a new data-driven approach to human resources management. People analytics is just one example of the phenomenon of "big data," in which analyses of huge sets of quantitative information are used to guide a variety of decisions. Applying big data to workplace situations could lead to more effective work outcomes, as in Moneyball, where the Oakland A's baseball franchise used statistics to assemble a winning team on a shoestring budget. People analytics is the name given to this new approach to personnel management …

Trending @ Rwu Law: Linn F. Freedman's Post: The Goal Of Gender Equality In Cybersecurity 08/23/2016, Linn F. Freedman

Law School Blogs

No abstract provided.

Against Data Exceptionalism, Andrew Keane Woods

Law Faculty Scholarly Articles

One of the great regulatory challenges of the Internet era—indeed, one of today's most pressing privacy questions—is how to define the limits of government access to personal data stored in the cloud. This is particularly true today because the cloud has gone global, raising a number of questions about the proper reach of one state's authority over cloud-based data. The prevailing response to these questions by scholars, practitioners, and major Internet companies like Google and Facebook has been to argue that data is different. Data is “unterritorial,” they argue, and therefore incompatible with existing territorial notions of jurisdiction. This Article …

Classification Standards For Health Information: Ethical And Practical Approaches, Craig Konnoth

Publications

Secondary health information research requires vast quantities of data in order to make clinical and health delivery breakthroughs. Restrictive policies that limit the use of such information threaten to stymie this research. While the Notice of Proposed Rulemaking (NPRM) for the new Common Rule permits patients to provide broad consent for the use of their information for research, that policy offers insufficient flexibility. This Article suggests a flexible consenting system that allows patients to consent to a range of privacy risks. The details of the system will be fleshed out in future work.

The Internet Of Heirlooms And Disposable Things, Woodrow Hartzog, Evan Selinger

Faculty Scholarship

The Internet of Things (“IoT”) is here, and we seem to be going all in. We are trying to put a microchip in nearly every object that is not nailed down and even a few that are. Soon, your cars, toasters, toys, and even your underwear will be wired up to make your lives better. The general thought seems to be that “Internet connectivity makes good objects great.” While the IoT might be incredibly useful, we should proceed carefully. Objects are not necessarily better simply because they are connected to the Internet. Often, the Internet can make objects worse and …

Riley V. California And The Beginning Of The End For The Third-Party Search Doctrine, David A. Harris

Articles

In Riley v. California, the Supreme Court decided that when police officers seize a smart phone, they may not search through its contents -- the data found by looking into the call records, calendars, pictures and so forth in the phone -- without a warrant. In the course of the decision, the Court said that the rule applied not just to data that was physically stored on the device, but also to data stored "in the cloud" -- in remote sites -- but accessed through the device. This piece of the decision may, at last, allow a re-examination of …

Cybersecurity And Law Enforcement: The Cutting Edge : Symposium, Roger Williams University School Of Law

School of Law Conferences, Lectures & Events

No abstract provided.

The Un-Territoriality Of Data, Jennifer Daskal

Articles in Law Reviews & Other Academic Journals

Territoriality looms large in our jurisprudence, particularly as it relates to the government’s authority to search and seize. Fourth Amendment rights turn on whether the search or seizure takes place territorially or extraterritorially; the government’s surveillance authorities depend on whether the target is located within the United States or without; and courts’ warrant jurisdiction extends, with limited exceptions, only to the borders’ edge. Yet the rise of electronic data challenges territoriality at its core. Territoriality, after all, depends on the ability to define the relevant “here” and “there,” and it presumes that the “here” and “there” have normative significance. The …