Law Commons^™

Toward Stronger Data Protection Laws, Margot E. Kaminski

Publications

No abstract provided.

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

The New Bailments, Danielle D'Onfro

Scholarship@WashULaw

The rise of cloud computing has dramatically changed how consumers and firms store their belongings. Property that owners once managed directly now exists primarily on infrastructure maintained by intermediaries. Consumers entrust their photos to Apple instead of scrapbooks; businesses put their documents on Amazon’s servers instead of in file cabinets; seemingly everything runs in the cloud. Were these belongings tangible, the relationship between owner and intermediary would be governed by the common-law doctrine of bailment. Bailments are mandatory relationships formed when one party entrusts their property to another. Within this relationship, the bailees owe the bailors a duty of care …

Chinese Technology Platforms Operating In The United States: Assessing The Threat (Originally Published As A Joint Report Of The National Security, Technology, And Law Working Group At The Hoover Institution At Stanford University And The Tech, Law & Security Program At American University Washington College Of Law), Gary Corn, Jennifer Daskal, Jack Goldsmith, Chris Inglis, Paul Rosenzweig, Samm Sacks, Bruce Schneier, Alex Stamos, Vincent Stewart

Joint PIJIP/TLS Research Paper Series

No abstract provided.

A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …

The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …

Inescapable Surveillance, Matthew Tokson

Utah Law Faculty Scholarship

Until recently, Supreme Court precedent dictated that a person waives their Fourth Amendment rights in information they disclose to another party. The Court reshaped this doctrine in Carpenter v. United States, establishing that the Fourth Amendment protects cell phone location data even though it is revealed to others. The Court emphasized that consumers had little choice but to disclose their data, because cell phone use is virtually inescapable in modern society.

In the wake of Carpenter, many scholars and lower courts have endorsed inescapability as an important factor for determining Fourth Amendment rights. Under this approach, surveillance that people cannot …

The Internet As A Speech Machine And Other Myths Confounding Section 230 Reform, Danielle K. Citron, Mary Anne Franks

Faculty Scholarship

A robust public debate is currently underway about the responsibility of online platforms. We have long called for this discussion, but only recently has it been seriously taken up by legislators and the public. The debate begins with a basic question: should platforms should be responsible for user-generated content? If so, under what circumstances? What exactly would such responsibility look like? Under consideration is Section 230 of the Communications Decency Act—a provision originally designed to encourage tech companies to clean up “offensive” online content. The public discourse around Section 230, however, is riddled with misconceptions. As an initial matter, many …

Law School News: Logan To Serve As Adviser On Restatement Third Of Torts 11-07-2019, Michael M. Bowden

Life of the Law School (1993- )

No abstract provided.

Contracting For Fourth Amendment Privacy Online, Wayne A. Logan, Jake Linford

Scholarly Publications

No abstract provided.

Revenge Porn, Thomas Lonardo, Tricia P. Martland, Rhode Island Bar Journal

Life of the Law School (1993- )

No abstract provided.

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

Borders And Bits, Jennifer Daskal

Articles in Law Reviews & Other Academic Journals

Our personal data is everywhere and anywhere, moving across national borders in ways that defy normal expectations of how things and people travel from Point A to Point B. Yet, whereas data transits the globe without any intrinsic ties to territory, the governments that seek to access or regulate this data operate with territorial-based limits. This Article tackles the inherent tension between how governments and data operate, the jurisdictional conflicts that have emerged, and the power that has been delegated to the multinational corporations that manage our data across borders as a result. It does so through the lens of …

When Whispers Enter The Cloud, Heidi H. Liu

All Faculty Scholarship

With increased awareness of workplace harassment in recent years, the idea of enhanced reporting around sexual misconduct has gained traction. As a result, several technologies – from smartphone apps to well-publicized services – have been introduced with the goals of preventing, enabling reports of, and even predicting sexual misconduct at work, school and in public. But to what extent are these technologies secure and accessible to survivors? This Note documents the existing resources and proposes a framework focusing on privacy and participation for evaluating these tools intended to benefit survivors.

Session On "Geoblocking Tools And The Law" At Law, Borders, And Speech Conference At Stanford Law School, Marketa Trimble

Boyd Briefs / Road Scholars

Professor Marketa Trimble appeared on a panel at the Law, Borders, and Speech Conference hosted by The Center for Internet and Society at Stanford Law School on October 24, 2016. The session defined and discussed geoblocking and its implications for internet users, government, and private companies.

A video of the session is available here. Additionally, Professor Trimble's presentation is available here.

Internet Surveillance, Regulation, And Chilling Effects Online: A Comparative Case Study, Jonathon Penney

Articles, Book Chapters, & Popular Press

With internet regulation and censorship on the rise, states increasingly engaging in online surveillance, and state cyber-policing capabilities rapidly evolving globally, concerns about regulatory “chilling effects” online — the idea that laws, regulations, or state surveillance can deter people from exercising their freedoms or engaging in legal activities on the internet have taken on greater urgency and public importance. But just as notions of “chilling effects” are not new, neither is skepticism about their legal, theoretical, and empirical basis; in fact, the concept remains largely un-interrogated with significant gaps in understanding, particularly with respect to chilling effects online. This work …

Internet Surveillance, Regulation, And Chilling Effects Online: A Comparative Case Study, Jonathon Penney

Articles, Book Chapters, & Popular Press

With internet regulation and censorship on the rise, states increasingly engaging in online surveillance, and state cyber-policing capabilities rapidly evolving globally, concerns about regulatory “chilling effects” online — the idea that laws, regulations, or state surveillance can deter people from exercising their freedoms or engaging in legal activities on the internet have taken on greater urgency and public importance. But just as notions of “chilling effects” are not new, neither is skepticism about their legal, theoretical, and empirical basis; in fact, the concept remains largely un-interrogated with significant gaps in understanding, particularly with respect to chilling effects online. This work …

Protecting One's Own Privacy In A Big Data Economy, Anita L. Allen

All Faculty Scholarship

Big Data is the vast quantities of information amenable to large-scale collection, storage, and analysis. Using such data, companies and researchers can deploy complex algorithms and artificial intelligence technologies to reveal otherwise unascertained patterns, links, behaviors, trends, identities, and practical knowledge. The information that comprises Big Data arises from government and business practices, consumer transactions, and the digital applications sometimes referred to as the “Internet of Things.” Individuals invisibly contribute to Big Data whenever they live digital lifestyles or otherwise participate in the digital economy, such as when they shop with a credit card, get treated at a hospital, apply …

Against Data Exceptionalism, Andrew Keane Woods

Law Faculty Scholarly Articles

One of the great regulatory challenges of the Internet era—indeed, one of today's most pressing privacy questions—is how to define the limits of government access to personal data stored in the cloud. This is particularly true today because the cloud has gone global, raising a number of questions about the proper reach of one state's authority over cloud-based data. The prevailing response to these questions by scholars, practitioners, and major Internet companies like Google and Facebook has been to argue that data is different. Data is “unterritorial,” they argue, and therefore incompatible with existing territorial notions of jurisdiction. This Article …

Cybersecurity And Law Enforcement: The Cutting Edge : Symposium, Roger Williams University School Of Law

School of Law Conferences, Lectures & Events

No abstract provided.

Newsroom: Fcc's Sohn On Consumer Protection, Roger Williams University School Of Law

Life of the Law School (1993- )

No abstract provided.

Internet Giants As Quasi-Governmental Actors And The Limits Of Contractual Consent, D. A. Jeremy Telman

Law Faculty Publications

Although the government’s data-mining program relied heavily on information and technology that the government received from private companies, relatively little of the public outrage generated by Edward Snowden’s revelations was directed at those private companies. We argue that the mystique of the Internet giants and the myth of contractual consent combine to mute criticisms that otherwise might be directed at the real data-mining masterminds. As a result, consumers are deemed to have consented to the use of their private information in ways that they would not agree to had they known the purposes to which their information would be put …

Are They Worth Reading? An In-Depth Analysis Of Online Trackers’ Privacy Policies, Candice Hoke, Lorrie Faith Cranor, Pedro Giovanni Leon, Alyssa Au

Law Faculty Articles and Essays

We analyzed the privacy policies of 75 online tracking companies with the goal of assessing whether they contain information relevant for users to make privacy decisions. We compared privacy policies from large companies, companies that are members of self-regulatory organizations, and nonmember companies and found that many of them are silent with regard to important consumer-relevant practices including the collection and use of sensitive information and linkage of tracking data with personally-identifiable information. We evaluated these policies against self-regulatory guidelines and found that many policies are not fully compliant. Furthermore, the overly general requirements established in those guidelines allow companies …

Amplifying Abuse: The Fusion Of Cyberharassment And Discrimination, Ari Ezra Waldman

Articles & Chapters

Cyberharassment devastates its victims. Anxiety, panic attacks, and fear are common effects; post-traumatic stress disorder, anorexia and bulimia, and clinical depression are common diagnoses. Targets of online hate and abuse have gone into hiding, changed schools, and quit jobs to prevent further abuse. Some lives are devastated in adolescence and are never able to recover. Some lives come to tragic, premature ends. Danielle Keats Citron not only teases out these effects in her masterful work, Hate Crimes in Cyberspace; she also makes the profound conclusion that these personal effects are part of a larger social cancer that breeds sexism, subjugation, …

Privacy As Trust: Sharing Personal Information In A Networked World, Ari Ezra Waldman

Articles & Chapters

This Article is the first in a series on the legal and sociological aspects of privacy, arguing that private contexts are defined by relationships of trust among individuals. The argument reorients privacy scholarship from an individual right to social relationships of disclosure. This has implications for a wide variety of vexing problems of modern privacy law, from limited disclosures to “revenge porn.”

The common everyday understanding is that privacy is about choice, autonomy, and individual freedom. It encompasses the individual’s right to determine what he will keep hidden and what, how, and when he will disclose to the public. Privacy …

From Anonymity To Identification, A. Michael Froomkin

Articles

This article examines whether anonymity online has a future. In the early days of the Internet, strong cryptography, anonymous remailers, and a relative lack of surveillance created an environment conducive to anonymous communication. Today, the outlook for online anonymity is poor. Several forces combine against it: ideologies that hold that anonymity is dangerous, or that identifying evil-doers is more important than ensuring a safe mechanism for unpopular speech; the profitability of identification in commerce; government surveillance; the influence of intellectual property interests and in requiring hardware and other tools that enforce identification; and the law at both national and supranational …

Interview On The Black Box Society, Lawrence Joseph, Frank A. Pasquale

Faculty Scholarship

Hidden algorithms drive decisions at major Silicon Valley and Wall Street firms. Thanks to automation, those firms can approve credit, rank websites, and make myriad other decisions instantaneously. But what are the costs of their methods? And what exactly are they doing with their digital profiles of us?

Leaks, whistleblowers, and legal disputes have shed new light on corporate surveillance and the automated judgments it enables. Self-serving and reckless behavior is surprisingly common, and easy to hide in code protected by legal and real secrecy. Even after billions of dollars of fines have been levied, underfunded regulators may have only …

Regulating The Internet Of Things: First Steps Toward Managing Discrimination, Privacy, Security, And Consent, Scott R. Peppet

Publications

The consumer "Internet of Things" is suddenly reality, not science fiction. Electronic sensors are now ubiquitous in our smartphones, cars, homes, electric systems, health-care devices, fitness monitors, and workplaces. These connected, sensor-based devices create new types and unprecedented quantities of detailed, high-quality information about our everyday actions, habits, personalities, and preferences. Much of this undoubtedly increases social welfare. For example, insurers can price automobile coverage more accurately by using sensors to measure exactly how you drive (e.g., Progressive 's Snapshot system), which should theoretically lower the overall cost of insurance. But the Internet of Things raises new and difficult questions …

Failing Expectations: Fourth Amendment Doctrine In The Era Of Total Surveillance, Olivier Sylvain

Faculty Scholarship

Today’s reasonable expectation test and the third-party doctrine have little to nothing to offer by way of privacy protection if users today are at least conflicted about whether transactional noncontent data should be shared with third parties, including law enforcement officials. This uncertainty about how to define public expectation as a descriptive matter has compelled courts to defer to legislatures to find out what public expectation ought to be more as a matter of prudence than doctrine. Courts and others presume that legislatures are far better than courts at defining public expectations about emergent technologies.This Essay argues that the reasonable …