Privacy Law Commons^™

Research Access To Social Media Data: Lessons From Clinical Trial Data Sharing, Christopher J. Morten, Gabriel Nicholas, Salomé Vilgoen

Articles

For years, social media companies have sparred with lawmakers over how much independent access to platform data they should provide researchers. Sharing data with researchers allows the public to better understand the risks and harms associated with social media, including areas such as misinformation, child safety, and political polarization. Yet researcher access is controversial. Privacy advocates and companies raise the potential privacy threats of researchers using such data irresponsibly. In addition, social media companies raise concerns over trade secrecy: the data these companies hold and the algorithms powered by that data are secretive sources of competitive advantage. This Article shows …

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …

Digital Colonialism: The 21st Century Scramble For Africa Through The Extraction And Control Of User Data And The Limitations Of Data Protection Laws, Danielle Coleman

Michigan Journal of Race and Law

As Western technology companies increasingly rely on user data globally, extensive data protection laws and regulations emerged to ensure ethical use of that data. These same protections, however, do not exist uniformly in the resource-rich, infrastructure-poor African countries, where Western tech seeks to establish its presence. These conditions provide an ideal landscape for digital colonialism.

Digital colonialism refers to a modern-day “Scramble for Africa” where largescale tech companies extract, analyze, and own user data for profit and market influence with nominal benefit to the data source. Under the guise of altruism, large scale tech companies can use their power and …

Automating Threat Sharing: How Companies Can Best Ensure Liability Protection When Sharing Cyber Threat Information With Other Companies Or Organizations, Ari Schwartz, Sejal C. Shah, Matthew H. Mackenzie, Sheena Thomas, Tara Sugiyama Potashnik, Bri Law

University of Michigan Journal of Law Reform

This Article takes an in-depth look at the evolution of cybersecurity information sharing legislation, leading to the recent passage of the Cybersecurity Information Sharing Act (CISA) and offers insights into how automated information sharing mechanisms and associated requirements implemented pursuant to CISA can be leveraged to help ensure liability protections when engaging in cyber threat information sharing with and amongst other non-federal government entities.

Social Media And The Job Market: How To Reconcile Applicant Privacy With Employer Needs, Peter B. Baumhart

University of Michigan Journal of Law Reform

In the modern technological age, social media allows us to communicate vast amounts of personal information to countless people instantaneously. This information is valuable to more than just our “friends” and “followers,” however. Prospective employers can use this personal data to inform hiring decisions, thereby maximizing fit and minimizing potential liability. The question then arises, how best to acquire this information? For job applicants, the counter-question is how best to protect the privacy of their social media accounts. As these two competing desires begin to clash, it is important to find a method to mediate the conflict. Existing privacy law, …

Geographically Restricted Streaming Content And Evasion Of Geolocation: The Applicability Of The Copyright Anticircumvention Rules, Jerusha Burnett

Michigan Telecommunications & Technology Law Review

A number of methods currently exist or are being developed to determine where Internet users are located geographically when they access a particular webpage. Yet regardless of the precautions taken by website operators to limit the locations from which they allow access, it is likely that users will find ways to gain access to restricted content. Should the evasion of geolocation constitute circumvention of access controls so that § 1201 of the Digital Millennium Copyright Act ("DMCA") applies? Because location data can properly be considered personally identifiable information ("PII"), this Note argues that § 1201 should not apply absent a …

Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru

Michigan Law Review

Adoption of Wi-Fi wireless technology continues to see explosive growth. However many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications. This Note examines the Federal Wiretap Act and argues that the current Act's treatment of …

The Need To Prevent Employers From Accessing Private Social Network Profiles, Brett Novick

University of Michigan Journal of Law Reform Caveat

In March 2012, social network privacy became a conversation topic after news reports of the story of Justin Bassett, a job applicant who withdrew his application in the middle of an interview when the interviewer asked him for the username and password of his private Facebook account. Although the issue has received much attention from the public and media, the Department of Justice (DOJ) has stated that it has no interest in prosecuting employers for asking for social networking account information. Fortunately, legislation that would make it illegal for employers to ask for the username and passwords for social networking …

Privacy Policies, Terms Of Service, And Ftc Enforcement: Broadening Unfairness Regulation For A New Era, G. S. Hans

Michigan Telecommunications & Technology Law Review

This Note examines website privacy policies in the context of FTC regulation. The relevant portion of Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a), uses the following language to define the scope of the agency's regulatory authority: "Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful." Specifically, this Note analyzes the FTC's power to regulate unfair practices (referred to as the FTC's "unfairness power") granted by Section 5, and also discusses the deception prong of Section 5, which allows the agency to …

Protecting Anonymous Expression: The Internet's Role In Washington State's Disclosure Laws And The Direct Democracy Process, Karen Cullinane

University of Michigan Journal of Law Reform

This Note proposes that the Washington State Legislature amend its Public Records Act to exempt from public disclosure personal information legally required to be disclosed by signers of referendum petitions. This Note also proposes that the Washington State Legislature designate an electronic system, to be detailed in its election law, by which referendum petitions can be checked for fraud without violating the right to anonymous expression protected by the First Amendment. Part I describes Washington State's referendum process and the path of Doe v. Reed, the case animating the reform presented in this Note. Part II illustrates how the rise …

Does Law Matter Online - Empirical Evidence On Privacy Law Compliance, Michael Birnhack, Niva Elkin-Koren

Michigan Telecommunications & Technology Law Review

Does law matter in the information environment? What can we learn from the experience of applying a particular legal regime to the online environment? Informational privacy (or to use the European term, data protection) provides an excellent illustration of the challenges faced by regulators who seek to secure user rights and shape online behavior. A comprehensive study of Israeli website compliance with information privacy regulation in 2003 and 2006 provides insights for understanding these challenges. The study examined the information privacy practices of 1360 active websites, determining the extent to which these sites comply with applicable legal requirements related to …

A Path Toward User Control Of Online Profiling, Tracy A. Steindel

Michigan Telecommunications & Technology Law Review

Online profiling is "the practice of tracking information about consumers' interests by monitoring their movements online." A primary purpose of online profiling is to "deliver advertising tailored to the individual's interests," a practice known as online behavioral advertising (OBA). In order to accomplish this, publishers and advertisers track a individual's online behavior using cookies and other means. Publishers and advertisers aggregate the information, often compile it with information from offline sources, and sort individuals into groups based on characteristics such as age, income, and hobbies. Advertisers can then purchase access to these consumer groups, controlling their selections with such specificity …

Privacy 3.0-The Principle Of Proportionality, Andrew B. Serwin

University of Michigan Journal of Law Reform

Individual concern over privacy has existed as long as humans have said or done things they do not wish others to know about. In their groundbreaking law review article The Right to Privacy, Warren and Brandeis posited that the common law should protect an individual's right to privacy under a right formulated as the right to be let alone-Privacy 1.0. As technology advanced and societal values also changed, a belief surfaced that the Warren and Brandeis formulation did not provide sufficient structure for the development of privacy laws. As such, a second theoretical construct of privacy, Privacy 2.0 as …

Password Theft: Rethinking An Old Crime In A New Era, Daniel S. Shamah

Michigan Telecommunications & Technology Law Review

By putting themselves out in front as the victims, the Recording Industry Association of America (RIAA) helped reshape the governing norms of the times, and as a result, people viewed the act of file-sharing differently. By forcing people to see music downloading as a form of theft, the RIAA was quite successful in deterring it. In the process, they also proposed a radical view of theft that changes our basic economic understandings of the action[...] This paper argues that the RIAA's model for deterring music theft could be successfully used to deter many other forms of computer theft, and, specifically, …

'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes

Michigan Telecommunications & Technology Law Review

The notion of software code replacing legal code as a mechanism to control human behavior--"code as law"--is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of "code as law" on privacy. To what extent is privacy-related "code" being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it …

Transgovernmental Networks Vs. Democracy: The Case Of The European Information Privacy Network, Francesca Bignami

Michigan Journal of International Law

The perspective offered by this Article is twofold. The emergence of transgovernmental networks gives rise to two questions, one causal and the other normative. First, how do we explain transnational cooperation through networks? Why do governments and regulators choose to establish networks rather than retain virtually limitless discretion over policymaking, conditioned only by international legal obligations? Based on the author’s examination of the records of the intergovernmental negotiations on the Data Protection Directive, this Article concludes that one precondition for fettering national discretion through networks is common preferences among governments on the substance of the policy to be administered. Compared …

The Need For Revisions To The Law Of Wiretapping And Interception Of Email, Robert A. Pikowsky

Michigan Telecommunications & Technology Law Review

I argue that a person's privacy interest in his email is the same as his privacy interest in a telephone conversation. Moreover, the privacy interest in email remains unchanged regardless of whether it is intercepted in transmission or covertly accessed from the recipient's mailbox. If one accepts this assumption, it follows that the level of protection against surveillance by law enforcement officers should be the same[...] As technology continues to blur the distinction between wire and electronic communication, it becomes apparent that a new methodology must be developed in order to provide logical and consistent protection to private communications. The …

Snake-Oil Security Claims The Systematic Misrepresentation Of Product Security In The E-Commerce Arena, John R. Michener, Steven D. Mohan, James B. Astrachan, David R. Hale

Michigan Telecommunications & Technology Law Review

The modern commercial systems and software industry in the United States have grown up in a snake-oil salesman's paradise. The largest sector of this industry by far is composed of standard commercial systems that are marketed to provide specified functionality (e.g. Internet web server, firewall, router, etc.) Such products are generally provided with a blanket disclaimer stating that the purchaser must evaluate the suitability of the product for use, and that the user assumes all liability for product behavior. In general, users cannot evaluate and cannot be expected to evaluate the security claims of a product. The ability to analyze …

Corporate Cybersmear: Employers File John Doe Defamation Lawsuits Seeking The Identity Of Anonymous Employee Internet Posters, Margo E. K. Reder, Christine Neylon O'Brien

Michigan Telecommunications & Technology Law Review

Communications systems are now wide open and fully accessible, with no limits in range, scope or geography. Targeted audiences are accessible with pinpoint accuracy. Messages reach millions of readers with one click. There is a chat room for everyone. Most importantly, there is no limit on content. Therefore, employees can register their dissatisfaction by posting a message in a chat room. Moreover, the identity of the posting employee is not easily discoverable due to anonymous and pseudonymous communications capabilities. The nature of these online messages is qualitatively different from real-world communications. By way of example, newspapers have a responsibility regarding …

Marking Carnivore's Territory: Rethinking Pen Registers On The Internet, Anthony E. Orr

Michigan Telecommunications & Technology Law Review

"Carnivore" entered the online world's collective consciousness in June 2000 when the Federal Bureau of Investigation unveiled the Internet surveillance software program to telecommunications industry specialists. The FBI claims the program allows agents to scan the traffic of an Internet Service Provider (ISP) for messages or commands to or from a criminal suspect and then intercept only those messages, capturing copies of e-mails, web site downloads and other file transfers[...] A central issue in the controversy surrounding Carnivore is whether current law permits the FBI to employ the program in the Internet context. Bureau officials claim statutory authority for deployments …

The Emergence Of Website Privacy Norms, Steven A. Hetcher

Michigan Telecommunications & Technology Law Review

Part I of the Article will first look at the original privacy norms that emerged at the Web's inception in the early 1990s. Two groups have been the main contributors to the emergence of these norms; the thousands of commercial websites on the early Web, on the one hand, and the millions of users of the early Web, on the other hand. The main structural feature of these norms was that websites benefitted through the largely unrestricted collection of personal data while consumers suffered injury due to the degradation of their personal privacy from this data collection. In other words, …

Criminalization Of True Anonymity In Cyberspace, The, George F. Du Pont

Michigan Telecommunications & Technology Law Review

The question of whether a state or the federal government can create a narrowly tailored restriction on cyberspace anonymity without violating the First Amendment remains unresolved[...]The Supreme Court has not directly addressed the issue, but it may soon consider the constitutionality of criminalizing certain kinds of cyber-anonymity in light of the unique nature of cyberspace. This comment explores the various forms of anonymity, examines the First Amendment status of anonymity in and outside of cyberspace, analyzes relevant scholarly commentary, and concludes that a narrowly tailored legislative restriction on "true" anonymity in cyberspace would not violate the First Amendment.

Establishing A Legitimate Expectation Of Privacy In Clickstream Data, Gavin Skok

Michigan Telecommunications & Technology Law Review

This Article argues that Web users should enjoy a legitimate expectation of privacy in clickstream data. Fourth Amendment jurisprudence as developed over the last half-century does not support an expectation of privacy. However, reference to the history of the Fourth Amendment and the intent of its drafters reveals that government investigation and monitoring of clickstream data is precisely the type of activity the Framers sought to limit. Courts must update outdated methods of expectation of privacy analysis to address the unique challenges posed by the Internet in order to fulfill the Amendment's purpose. Part I provides an overview of the …

Building A Community Through Workplace E-Mail: The New Privacy Frontier, Peter Schnaitman

Michigan Telecommunications & Technology Law Review

The relatively new technology of electronic mail (e-mail) presents an entirely new issue of workplace privacy. Currently, whether a person has a privacy interest in their workplace e-mail communications is as unsettled an issue as it has been since the technology emerged in the early part of this decade as the preferred mode of communication in the workplace. Indeed, e-mail may soon be the preferred mode of communication in general. This comment will argue that all e-mail users have a privacy interest in workplace e-mail communications and that the current law does not afford e-mail users any type of protection …