Privacy Law Commons^™

Suspect Development Systems: Databasing Marginality And Enforcing Discipline, Rashida Richardson, Amba Kak

University of Michigan Journal of Law Reform

Algorithmic accountability law—focused on the regulation of data-driven systems like artificial intelligence (AI) or automated decision-making (ADM) tools—is the subject of lively policy debates, heated advocacy, and mainstream media attention. Concerns have moved beyond data protection and individual due process to encompass a broader range of group-level harms such as discrimination and modes of democratic participation. While a welcome and long overdue shift, the current discourse ignores systems like databases, which are viewed as technically “rudimentary” and often siloed from regulatory scrutiny and public attention. Additionally, burgeoning regulatory proposals like algorithmic impact assessments are not structured to surface important –yet …

Mental Health Mobile Apps And The Need To Update Federal Regulations To Protect Users, Kewa Jiang

Michigan Technology Law Review

With greater societal emphasis on the need for better mental health services coupled with COVID-19 limits, mental health mobile applications have significantly risen in variety, availability, and accessibility. As more consumers use mental health mobile applications, more data is generated and collected by mobile application companies. However, consumers may have the false assumption that the data collected is protected under HIPAA or have an expectation of privacy protection higher than current regulations afford. This Note examines HIPAA, Health Breach Notification Rule, and section 5 of the Federal Trade Commission Act, as well as how these regulations fall short of protecting …

Another Katz Moment?: Privacy, Property, And A Dna Database, Claire Mena

University of Michigan Journal of Law Reform

The Fourth Amendment protects the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The understanding of these words seems to shift as new technologies emerge. As law enforcement’s arsenal of surveillance techniques has grown to include GPS tracking, cell phones, and cell site location information (CSLI), the Supreme Court has applied Fourth Amendment protections to these modern tools. Law enforcement continues to use one pervasive surveillance technique without limitations: the routine collection of DNA. In 2013, the Supreme Court in Maryland v. King held that law enforcement may routinely …

Privacy Frameworks For Smart Cities, Lindsey Tonsager, Jayne Ponder

Journal of Law and Mobility

This paper identifies some of the core privacy considerations raised by smart cities – government surveillance and data security in Part I. Then, Part II proposes a set of core principles for smart cities to consider in the development and deployment of smart cities to address privacy concerns. These principles include: (A) human-centric approaches to smart cities design and implementation, (B) transparency for city residents, (C) privacy by design, (D) anonymization and deidentification, (E) data minimization and purpose specification, (F) trusted data sharing, and (G) cybersecurity resilience.

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …

Who Gets To Operate On Herbie? Right To Repair Legislation In The Context Of Automated Vehicles, Jennifer J. Huseby

Journal of Law and Mobility

You bought it, you own it, but do you have the right to repair it? As right-to-repair remains a hot topic in the context of consumer electronics such as smartphones, one must consider the ramifications it may have for the automated vehicle (“AV”) industry. As the backdrop for one of the first legislative victories for right-to-repair, the automobile industry has continued to push for the expansion of right-to-repair to cover increased access to telematics and exceptions to proprietary software controls. However, as we revisit the issue for more highly connected and automated vehicles, it is important to assess the unique …

Digital Colonialism: The 21st Century Scramble For Africa Through The Extraction And Control Of User Data And The Limitations Of Data Protection Laws, Danielle Coleman

Michigan Journal of Race and Law

As Western technology companies increasingly rely on user data globally, extensive data protection laws and regulations emerged to ensure ethical use of that data. These same protections, however, do not exist uniformly in the resource-rich, infrastructure-poor African countries, where Western tech seeks to establish its presence. These conditions provide an ideal landscape for digital colonialism.

Digital colonialism refers to a modern-day “Scramble for Africa” where largescale tech companies extract, analyze, and own user data for profit and market influence with nominal benefit to the data source. Under the guise of altruism, large scale tech companies can use their power and …

Risk And Resilience In Health Data Infrastructure, W. Nicholson Price Ii

Articles

Today’s health system runs on data. However, for a system that generates and requires so much data, the health care system is surprisingly bad at maintaining, connecting, and using those data. In the easy cases of coordinated care and stationary patients, the system works—sometimes. But when care is fragmented, fragmented data often result. Fragmented data create risks both to individual patients and to the system. For patients, fragmentation creates risks in care based on incomplete or incorrect information, and may also lead to privacy risks from a patched together system. For the system, data fragmentation hinders efforts to improve efficiency …

A Comment On Privacy And Accountability In Black-Box Medicine, Carl E. Schneider

Michigan Telecommunications & Technology Law Review

Human institutions and activities cannot avoid failures. Anxiety about them often provokes governments to try to prevent those failures. When that anxiety is vivid and urgent, government may do so without carefully asking whether regulation’s costs justify their benefits. Privacy and Accountability in Black Box Medicine admirably labors to bring discipline and rationality to thinking about an important development — the rise of “black-box medicine” — before it causes injuries regulation should have prevented and before it is impaired by improvident regulation. That is, Privacy and Accountability weighs the costs against the benefits of various forms of regulation across the …

Privacy And Accountability In Black-Box Medicine, Roger Allan Ford, W. Nicholson Price Ii

Michigan Telecommunications & Technology Law Review

Black-box medicine—the use of big data and sophisticated machine-learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, …

Geographically Restricted Streaming Content And Evasion Of Geolocation: The Applicability Of The Copyright Anticircumvention Rules, Jerusha Burnett

Michigan Telecommunications & Technology Law Review

A number of methods currently exist or are being developed to determine where Internet users are located geographically when they access a particular webpage. Yet regardless of the precautions taken by website operators to limit the locations from which they allow access, it is likely that users will find ways to gain access to restricted content. Should the evasion of geolocation constitute circumvention of access controls so that § 1201 of the Digital Millennium Copyright Act ("DMCA") applies? Because location data can properly be considered personally identifiable information ("PII"), this Note argues that § 1201 should not apply absent a …

Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru

Michigan Law Review

Adoption of Wi-Fi wireless technology continues to see explosive growth. However many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications. This Note examines the Federal Wiretap Act and argues that the current Act's treatment of …

No Cause Of Action: Video Surveillance In New York City, Olivia J. Greer

Michigan Telecommunications & Technology Law Review

In 2010, New York City Police Commissioner Raymond Kelly announced a new network of video surveillance in the City. The new network would be able to prevent future terrorist attacks by identifying suspicious behavior before catastrophic events could take place. Kelly told reporters, "If we're looking for a person in a red jacket, we can call up all the red jackets filmed in the last 30 days," and "[w]e're beginning to use software that can identify suspicious objects or behaviors." Gothamist later made a witticism of Kelly's statement, remarking, "Note to terrorists: red jackets are not a good look for …

Protecting Anonymous Expression: The Internet's Role In Washington State's Disclosure Laws And The Direct Democracy Process, Karen Cullinane

University of Michigan Journal of Law Reform

This Note proposes that the Washington State Legislature amend its Public Records Act to exempt from public disclosure personal information legally required to be disclosed by signers of referendum petitions. This Note also proposes that the Washington State Legislature designate an electronic system, to be detailed in its election law, by which referendum petitions can be checked for fraud without violating the right to anonymous expression protected by the First Amendment. Part I describes Washington State's referendum process and the path of Doe v. Reed, the case animating the reform presented in this Note. Part II illustrates how the rise …

Disentangling Administrative Searches, Eve Brensike Primus

Articles

Everyone who has been screened at an international border, scanned by an airport metal detector, or drug tested for public employment has been subjected to an administrative search. Since September 11th, the government has increasingly invoked the administrative search exception to justify more checkpoints, unprecedented subway searches, and extensive wiretaps. As science and technology advance, the frequency and scope of administrative searches will only expand. Formulating the boundaries and requirements of administrative search doctrine is therefore a matter of great importance. Yet the rules governing administrative searches are notoriously unclear. This Article seeks to refocus attention on administrative searches and …

There Is A Time To Keep Silent And A Time To Speak, The Hard Part Is Knowing Which Is Which: Striking The Balance Between Privacy Protection And The Flow Of Health Care Information, Daniel J. Gilman, James C. Cooper

Michigan Telecommunications & Technology Law Review

Health information technology (HIT) has become a signal element of federal health policy, especially as the recently enacted American Recovery and Reinvestment Act of 2009 (Recovery Act or ARRA) comprises numerous provisions related to HIT and commits tens of billions of dollars to its development and adoption. These provisions charge various agencies of the federal government with both general and specific HIT-related implementation tasks including, inter alia, providing funding for HIT in various contexts: the implementation of interoperable HIT, HIT-related infrastructure, and HIT-related training and research. The Recovery Act also contains various regulatory provisions pertaining to HIT. Provisions of the …

Gina's Genotypes, David H. Kaye

Michigan Law Review First Impressions

In August 2009, the Board of Trustees of the University of Akron added to the university's employment policy the following proviso: "any applicant may be asked to submit fingerprints or DNA sample for purpose of a federal criminal background check." Although the federal government does not do background checks with DNA, the policy is significant because it highlights a largely unexplored feature of the Genetic Information Nondiscrimination Act of 2008 ("GINA"). Hailed by the late Senator Edward Kennedy as "the first civil rights bill of the new century of life sciences," GINA generally prohibits employers from asking for "genetic information." …

Privacy 3.0-The Principle Of Proportionality, Andrew B. Serwin

University of Michigan Journal of Law Reform

Individual concern over privacy has existed as long as humans have said or done things they do not wish others to know about. In their groundbreaking law review article The Right to Privacy, Warren and Brandeis posited that the common law should protect an individual's right to privacy under a right formulated as the right to be let alone-Privacy 1.0. As technology advanced and societal values also changed, a belief surfaced that the Warren and Brandeis formulation did not provide sufficient structure for the development of privacy laws. As such, a second theoretical construct of privacy, Privacy 2.0 as …

When Mobile Phones Are Rfid-Equipped - Finding E.U.-U.S. Solutions To Protect Consumer Privacy And Facilitate Mobile Commerce, Nancy J. King

Michigan Telecommunications & Technology Law Review

New mobile phones have been designed to include delivery of mobile advertising and other useful location-based services, but have they also been designed to protect consumers' privacy? One of the key enabling technologies for these new types of phones and new mobile services is Radio Frequency Identification (RFID), a wireless communication technology that enables the unique identification of tagged objects. In the case of RFID-enabled mobile phones, the personal nature of the devices makes it very likely that, by locating a phone, businesses will also be able to locate its owner. Consumers are currently testing new RFID-enabled phones around the …

Biometrics: Weighing Convenience And National Security Against Your Privacy, Lauren D. Adkins

Michigan Telecommunications & Technology Law Review

The biometric identifier relies on an individual's unique biological information such as a hand, iris, fingerprint, facial or voice print. When used for verification purposes, a "one-to-one" match is generated in under one second. Biometric technology can substantially improve national security by identifying and verifying individuals in a number of different contexts, providing security in ways that exceed current identification technology and limiting access to areas where security breaches are especially high, such as airport tarmacs and critical infrastructure facilities. At the same time, a legitimate public concern exists concerning the misuse of biometric technology to invade or violate personal …

A World Without Privacy: Why Property Does Not Define The Limits Of The Right Against Unreasonable Searches And Seizures, Sherry F. Colb

Michigan Law Review

Imagine for a moment that it is the year 2020. An American company has developed a mind-reading device, called the "brain wave recorder" ("BWR"). The BWR is a highly sensitive instrument that detects electrical impulses from any brain within ten feet of the machine. Though previously thought impossible, the BWR can discern the following information about the target individual: (1) whether he or she is happy, sad, anxious, depressed, or irritable; (2) whether he or she is even slightly sexually aroused; (3) whether he or she is taking any medication (and if so, what the medication is); (4) if a …

The Fourth Amendment And New Technologies: Constitutional Myths And The Case For Caution, Orin S. Kerr

Michigan Law Review

To one who values federalism, federal preemption of state law may significantly threaten the autonomy and core regulatory authority of The Supreme Court recently considered whether a1mmg an infrared thermal imaging device at a suspect's home can violate the Fourth Amendment. Kyllo v. United States announced a new and comprehensive rule: the government's warrantless use of senseenhancing technology that is "not in general use" violates the Fourth Amendment when it yields "details of the home that would previously have been unknowable without physical intrusion." Justice Scalia's majority opinion acknowledged that the Court's rule was not needed to resolve the case …

Technology, Privacy, And The Courts: A Reply To Colb And Swire, Orin S. Kerr

Michigan Law Review

I thank Sherry Colb and Peter Swire for devoting their time and considerable talents to responding to my article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution. I will conclude with a few comments.

Katz Is Dead. Long Live Katz, Peter P. Swire

Michigan Law Review

Katz v. United States is the king of Supreme Court surveillance cases. Written in 1967, it struck down the earlier regime of property rules, declaring that "the Fourth Amendment protects people, not places." The concurrence by Justice Harlan announced the new regime - court-issued warrants are required where there is an infringement on a person's "reasonable expectation of privacy." Together with the companion case Berger v. New York, Katz has stood for a grand conception of the Fourth Amendment as a bulwark against wiretaps and other emerging forms of surveillance. Professor Orin Kerr, in his excellent article, shows that …

The Emergence Of Website Privacy Norms, Steven A. Hetcher

Michigan Telecommunications & Technology Law Review

Part I of the Article will first look at the original privacy norms that emerged at the Web's inception in the early 1990s. Two groups have been the main contributors to the emergence of these norms; the thousands of commercial websites on the early Web, on the one hand, and the millions of users of the early Web, on the other hand. The main structural feature of these norms was that websites benefitted through the largely unrestricted collection of personal data while consumers suffered injury due to the degradation of their personal privacy from this data collection. In other words, …

Whose Genes Are These Anyway?: Familial Conflicts Over Access To Genetic Information, Sonia M. Suter

Michigan Law Review

This Note argues first that courts and legislatures should follow a presumption against mandating disclosure of a person's genetic information to third parties. Second, genetic testing for the benefit of a third party should not, and constitutionally cannot, be compelled. Part I presents an overview of genetics and discusses the special legal and ethical issues genetic testing poses. Part II examines the issue of nonconsensual disclosure to family members, who could potentially use the information from tests that have already been performed. This Part concludes that there should be a presumption against disclosure. Part III examines a related, but different, …

Police Use Of Cctv Surveillance: Constitutional Implications And Proposed Regulations, Gary C. Robb

University of Michigan Journal of Law Reform

This article evaluates the constitutionality of CCTV "searches." Part I discusses the present uses being made of closed circuit technology and evaluates the merits of the CCTV surveillance system. The critical policy trade-off is the system's effectiveness in combatting crime against the resulting loss of privacy to individual citizens.

Part II considers the constitutional implications of CCTV use in terms of three major doctrines: the Fourth Amendment prohibition against "unreasonable searches and seizures"; the constitutional right of privacy; and the First Amendment guarantees of free speech and association. This part briefly summarizes the state of the law concerning these constitutional …

Protection Of Privacy Of Computerized Records In The National Crime Information Center, Stuart R. Hemphill

University of Michigan Journal of Law Reform

The purpose of this article is to describe the social benefits and costs of the NCIC and to indicate the need for a program of operational controls to temper the system's impact on the balance between individual privacy and law enforcement needs. Various approaches which could be incorporated into a program of safeguards are introduced and briefly analyzed. Finally, the article discusses several overall design issues which should be considered in the construction of an adequate program of safeguards. Particular emphasis is placed on the NCCH file since it is the major source of the tensions underlying the issues addressed.

Personal Privacy In The Computer Age: The Challenge Of A New Technology In An Information-Oriented Society, Arthur R. Miller

Michigan Law Review

The purpose of this Article is to survey the new technology's implications for personal privacy and to evaluate the contemporary common-law and statutory pattern relating to data-handling. In the course of this examination, it will appraise the existing framework's capacity to deal with the problems created by society's growing awareness of the primordial character of information. The Article is intended to be suggestive; any attempt at definitiveness would be premature. Avowedly, it was written with the bias of one who believes that the new information technology has enormous long-range societal implications and who is concerned about the consequences of the …

Westin: Privacy And Freedom, Stanley K. Laughlin Jr.

Michigan Law Review

A Review of Privacy and Freedom by Alan F. Westin