Privacy Law Commons^™

The Consumer Bundle, Shelly Kreiczer-Levy

Washington Law Review

Can property law have a consumer protection purpose? One of the most important consumer law concerns today is the limited control consumers have over the digital assets and software-embedded products they purchase. Current proposals for reform focus on classifying the transaction as either license or sale and rely mostly on contract law and consumer protection regulation with a few calls for restoring ownership rights. This Article argues that property law can protect consumers by establishing a minimum bundle of rights for consumers: the “consumer’s bundle.” Working with property theory and an analysis of property values, this Article explains the importance …

The Kids Are Not Alright: Negative Consequences Of Student Device And Account Surveillance, Ashley Peterson

Washington Law Review

In recent years, student surveillance has rapidly grown. As schools have experimented with new technologies, transitioned to remote and hybrid instruction, and faced pressure to protect student safety, they have increased surveillance of school accounts and school-issued devices. School surveillance extends beyond school premises to monitor student activities that occur off-campus. It reaches students’ most intimate data and spaces, including things students likely believe are private: internet searches, emails, and messages. This Comment focuses on the problems associated with off-campus surveillance of school accounts and school-issued devices, including chilling effects that fundamentally alter student behavior, reinforcement of the school-to-prison pipeline, …

Speaking Back To Sexual Privacy Invasions, Brenda Dvoskin

Washington Law Review

Many big players in the internet ecosystem do not like hosting sexual expression. They often justify these bans as a protection of sexual privacy. For example, Meta states that it removes sexual imagery to prevent the nonconsensual distribution of sexual images. In response, this Article argues that banning digital sexual expression is counterproductive if the aim is to alleviate the harms inflicted by sexual privacy losses.

Contemporary sexual privacy theory, however, lacks analytical tools to explain why nudity bans harm the interests they intend to protect. This Article aims at building those tools. The main contribution is an invitation to …

Distinguishing Privacy Law: A Critique Of Privacy As Social Taxonomy, María P. Angel, Ryan Calo

Articles

What distinguishes privacy violations from other harms? This has proven a surprisingly difficult question to answer. For over a century, privacy law scholars labored to define the elusive concept of privacy. Then they gave up. Efforts to distinguish privacy were superseded at the turn of the millennium by a new approach: a taxonomy of privacy problems grounded in social recognition. Privacy law became the field that simply studies whatever courts or scholars talk about as related to privacy.

Decades into privacy as social taxonomy, the field has expanded to encompass a broad range of information-based harms—from consumer manipulation to algorithmic …

Privacy Matters: Data Breach Litigation In Japan, Andrew M. Pardieck

Washington International Law Journal

In 1890, when Brandeis and Warren wrote The Right to Privacy, Japan did not have a word for privacy. Today, it is closely guarded in Japan: the European Data Protection Board has found privacy protections in Japan “equivalent” to those in the EU. This research explores the evolution of privacy law in Japan, focusing on data breach and the legal rights and obligations associated with it. The writing is broken up into two parts: This article discusses private enforcement of privacy norms, as it is the courts that first established and continue to define privacy rights in Japan. A separate …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Who Owns Data? Constitutional Division In Cyberspace, Dongsheng Zang

Articles

Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property …

Gone Fishing: Casting A Wide Net Using Geofence Warrants, Ryan Tursi

Washington Law Review

Technology companies across the country receive requests from law enforcement agencies for cell phone location information near the scenes of crimes. These requests rely on the traditional warrant process and are known as geofence warrants, or reverse location search warrants. By obtaining location information, law enforcement can identify potential suspects or persons of interest who were near the scene of a crime when they have no leads. But the use of this investigative technique is controversial, as it threatens to intrude upon the privacy of innocent bystanders who had the misfortune of being nearby when the crime took place. Innocent …

Privacy And National Politics: Fingerprint And Dna Litigation In Japan And The United States Compared, Dongsheng Zang

Articles

Drawing cases from two related areas of law-fingerprint and DNA (deoxyribonucleic acid) data-this Article proposes a modified framework, built on the Balkin-Levinson emphasis on national politics: First, national politics understood as partisan rivalry cannot account for what I call doctrinal lock-in in this Article, where I will demonstrate that in different stages of American politics-the Lochner era, the New Deal era, and Civil Rights era-courts across the nation ruled predominantly in favor of public data collectors-state and federal law enforcement in fingerprint cases. From the 1990s, when DNA data became hot targets of law enforcement, the United States Supreme Court …

Beware What You Google: Fourth Amendment Constitutionality Of Keyword Warrants, Chelsa Camille Edano

Washington Law Review

Many Americans have potentially had their privacy rights invaded through invisible, widespread police searches. In recent years, local and federal governments have compelled Google and other search engine companies to produce the personal information of users who have conducted a search query related to a crime. By using keyword warrants, the government can conduct a dragnet search for suspects, imposing suspicion on users and exposing their personal information. The keyword warrant is a symptom of the erosion of the Fourth Amendment protection against suspicionless searches. Not only is scholarship scarce on keyword warrants, but also instances of these warrants are …

Why Govern Broken Tools?, Ryan Calo

Articles

In Assessing the Governance of Digital Contact Tracing in Response to COVID-19: Results of a Multi-National Study, Brian Hutler et al. ably compare two approaches to the governance of digital contract tracing (DCT). In this brief essay, I want to examine to what extent governance actually played a meaningful role in the failure of DCT. If DCT failed primarily for other reasons, then the authors’ normative suggestion to pursue “a new governance approach … for designing and implementing DCT technology going forward” may be misplaced.

Self-Control Of Personal Data And The Constitution In East Asia, Dongsheng Zang

Articles

No abstract provided.

The Hidden Harms Of Privacy Penalties, Mary D. Fan

Articles

How to frame privacy penalties to protect our personal information is an important question as demands for legislation and proposals proliferate. The predominant assumption in calls for a comprehensive consumer privacy regime is that regulation and penalties arm the consumer David against Goliath businesses. Missing in the focus on powerful companies is attention to the potential harms of expanding privacy penalties for small-fry individuals and entities, especially from disfavored or marginalized groups. This article is the first to illuminate the regressive risks of privacy penalties, showing how broad privacy penalties can become tools for harassment of small businesses and individuals …

You Are Not A Commodity: A More Efficient Approach To Commercial Privacy Rights, Benjamin T. Pardue

Washington Law Review

United States common law provides four torts for privacy invasion: (1) disclosure of private facts, (2) intrusion upon seclusion, (3) placement of a person in a false light, and (4) appropriation of name or likeness. Appropriation of name or likeness occurs when a defendant commandeers the plaintiff’s recognizability, typically for a commercial benefit. Most states allow plaintiffs who establish liability to recover defendants’ profits as damages from the misappropriation under an “unjust enrichment” theory. By contrast, this Comment argues that such an award provides a windfall to plaintiffs and contributes to suboptimal social outcomes. These include overcompensating plaintiffs and incentivizing …

Revising Reasonableness In The Cloud, Ian Walsh

Washington Law Review

Save everything—just in case––and search for it later. This is a modern mantra fueled by the ubiquity of smartphones, laptops, tablets, and free or low-cost data storage that leads users to store massive amounts of data in the cloud. But when users trust third-party cloud storage providers with private communications, they also surrender Fourth Amendment constitutional certainty. Existing statutory safeguards for these communications are lower than Fourth Amendment warrant and probable cause standards; this permits the government to seize large quantities of users’ private communications stored in the cloud with only minimal justification. Due to the revealing nature of such …

Hacks, Leaks, And Data Dumps: The Right To Publish Illegally Acquired Information Twenty Years After Bartnicki V. Vopper, Erik Ugland, Christina Mazzeo

Washington Law Review

This Article addresses a fluid and increasingly salient category of cases involving the First Amendment right to publish information that was hacked, stolen, or illegally leaked by someone else. Twenty years ago, in Bartnicki v. Vopper, the Supreme Court appeared to give broad constitutional cover to journalists and other publishers in these situations, but Justice Stevens’s inexact opinion for the Court and Justice Breyer’s muddling concurrence left the boundaries unclear. The Bartnicki framework is now implicated in dozens of new cases— from the extradition and prosecution of Julian Assange, to Donald Trump’s threatened suit of The New York Times …

The Right To Benefit From Big Data As A Public Resource, Mary D. Fan

Articles

The information that we reveal from interactions online and with electronic devices has massive value—for both private profit and public benefit, such as improving health, safety, and even commute times. Who owns the lucrative big data that we generate through the everyday necessity of interacting with technology? Calls for legal regulation regarding how companies use our data have spurred laws and proposals framed by the predominant lens of individual privacy and the right to control and delete data about oneself. By focusing on individual control over droplets of personal data, the major consumer privacy regimes overlook the important question of …

Data Protection In Disarray, Thomas D. Haley

Washington Law Review

Businesses routinely lose or misuse individuals’ private information, with results that can be devastating. Federal courts often leave those individuals without legal recourse by dismissing their lawsuits for lack of standing, even though plaintiffs in these cases provide stronger showings of harm than courts usually require. Using an original data set, this Article shows how standing analysis in these cases has gone awry and argues that the standing inquiry in today’s data-protection cases harms both public policy and standing doctrine.

This Article makes three contributions to literatures in federal courts and privacy. First, it shows that current federal court practice …

U.S.-U.K. Executive Agreement: Case Study Of Incidental Collection Of Data Under The Cloud Act, Eddie B. Kim

Washington Journal of Law, Technology & Arts

In March 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act, also known as the CLOUD Act, in order to expedite the process of cross-border data transfers for the purposes of criminal investigations. The U.S. government entered into its first Executive Agreement, the main tool to achieve the goals of the statute, with the United Kingdom in October 2019. While the CLOUD Act requires the U.S. Attorney General to consider whether the foreign government counterpart has a certain level of robust data privacy laws, the relevant laws of the United Kingdom have generally been questioned numerous times for …

Privacy Dependencies, Solon Barocas, Karen Levy

Washington Law Review

This Article offers a comprehensive survey of privacy dependencies—the many ways that our privacy depends on the decisions and disclosures of other people. What we do and what we say can reveal as much about others as it does about ourselves, even when we don’t realize it or when we think we’re sharing information about ourselves alone. We identify three bases upon which our privacy can depend: our social ties, our similarities to others, and our differences from others. In a tie-based dependency, an observer learns about one person by virtue of her social relationships with others—family, friends, or other …

Cross-Border Data Flows, The Gdpr, And Data Governance, W. Gregory Voss

Washington International Law Journal

Today, cross-border data flows are an important component of international trade and an element of digital service models. However, they are impeded by restrictions on cross-border personal data transfers and data localization legislation. This Article focuses primarily on these complexities and on the impact of the new European Union (“EU”) legislation on personal data protection—the GDPR. First, this Article introduces its discussion of these flows by placing them in their economic and geopolitical setting, including a discussion of the results of a lack of international harmonization of law in the area. In this framework, rule overlap and rival standards are …

Emerging Privacy Legislation In The International Landscape: Strategy And Analysis For Compliance, Jonathan Mcgruer

Washington Journal of Law, Technology & Arts

Big data is a part of our daily reality; consumers are constantly making decisions that reflect their personal preferences, resulting in valuable personal data. Facial recognition and other emerging technologies have raised privacy concerns due to the increased efficiency and scope which businesses and governments can use consumer data. With the European Union’s General Data Protection Regulation ushering in a new age of data privacy regulation, international jurisdictions have begun implementing comparable comprehensive legislation, affecting businesses globally. This Article examines the similarities between emerging U.S. state data privacy laws and the General Data Protection Regulation, with suggestions for businesses implicated …

Candidate Privacy, Rebecca Green

Washington Law Review

In the United States, we have long accepted that candidates for public office who have voluntarily stepped into the public eye sacrifice claims to privacy. This refrain is rooted deep within the American enterprise, emanating from the Framers’ concept of the informed citizen as a bedrock of democracy. Voters must have full information about candidates to make their choices at the ballot box. Even as privacy rights for ordinary citizens have expanded, privacy theorists and courts continue to exempt candidates from privacy protections. This Article suggests that two disruptions warrant revisiting the privacy interests of candidates. The first is a …

Privacy As Safety, A. Michael Froomkin, Zak Colangelo

Washington Law Review

The idea that privacy makes you safer is unjustly neglected: public officials emphasize the dangers of privacy while contemporary privacy theorists acknowledge that privacy may have safety implications but hardly dwell on the point. We argue that this lack of emphasis is a substantive and strategic error and seek to rectify it. This refocusing is particularly timely given the proliferation of new and invasive technologies for the home and for consumer use more generally, not to mention surveillance technologies such as so-called smart cities.

Indeed, we argue—perhaps for the first time in modern conversations about privacy—that in many cases privacy …

Censorship, Free Speech & Facebook: Applying The First Amendment To Social Media Platforms Via The Public Function Exception, Matthew P. Hooker

Washington Journal of Law, Technology & Arts

Society has a love-hate relationship with social media. Thanks to social media platforms, the world is more connected than ever before. But with the ever-growing dominance of social media there have come a mass of challenges. What is okay to post? What isn't? And who or what should be regulating those standards? Platforms are now constantly criticized for their content regulation policies, sometimes because they are viewed as too harsh and other times because they are characterized as too lax. And naturally, the First Amendment quickly enters the conversation. Should social media platforms be subject to the First Amendment? Can—or …

Between You, Me, And Alexa: On The Legality Of Virtual Assistant Devices In Two-Party Consent States, Ria Kuruvilla

Washington Law Review

When an Amazon Echo is activated, the device is constantly recording and sending those recordings to Amazon’s cloud. For an always recording device such as the Echo, getting consent from every person subject to a recording proves difficult. An Echo-owner consents to the recordings when they purchase and register the device, but when does a guest in an Echo-owner’s home consent to being recorded? This Comment uses Amazon’s Echo and Washington’s privacy statute to illustrate the tension between speech-activated devices and two-party consent laws—which require that all parties subject to a recording consent to being recorded. This Comment argues that …

Animal Healthcare Robots: The Case For Privacy Regulation, Sulaf Al-Saif

Washington Journal of Law, Technology & Arts

Animal healthcare robots are a form of healthcare or wellness devices that possess the appearance of animals or pets and that collect data on the user. The appearance, use, and nature of data collected by these robots illustrate two types of devices for which privacy regulation falls short: Internet of Things (“IoT”) devices and healthcare devices. This paper surveys the animal healthcare robots currently in the market, details the special privacy concerns associated with such robots, examines the current state of potentially relevant privacy laws, and makes recommendations for privacy regulation in the future.

Science And Privacy: Data Protection Laws And Their Impact On Research, Mike Hintze

Washington Journal of Law, Technology & Arts

While privacy laws differ in their scope, focus, and approach, they all involve restrictions on the collection, use, sharing, or retention of information about people. In general, privacy laws reflect a societal consensus that privacy violations can lead to a wide range of financial, reputational, dignitary, and other harms, and that excessive collection and harmful uses of personal information should therefore be constrained. These laws require organizations to comply with a number of obligations concerning personal information. In practice, these requirements can lead organizations to refrain from collecting certain data, only use data with the consent of the individual, or …

Striking A Balance: Privacy And National Security In Section 702 U.S. Person Queries, Brittany Adams

Washington Law Review

The transformation of U.S. foreign intelligence in recent years has led to increasing privacy concerns. The Foreign Intelligence Surveillance Act of 1978 (FISA) traditionally regulated foreign intelligence surveillance by authorizing warrant-based searches of U.S. and non-U.S. persons. Individualized court orders under traditional FISA were intended to protect U.S. persons and limit the scope of intelligence collection. In a post-9/11 world, however, the intelligence community cited concerns regarding the speed and efficiency of collection under traditional methods. The intelligence and law enforcement communities recognized the “wall” preventing information sharing between the communities as a central failure leading to the 9/11 attacks. …

Privacy Law's Indeterminacy, Ryan Calo

Articles

American legal realism numbers among the most important theoretical contributions of legal academia to date. Given the movement’s influence, as well as the common centrality of certain key figures, it is surprising that privacy scholarship in the United States has paid next to no attention to the movement. This inattention is unfortunate for several reasons, including that privacy law furnishes rich examples of the indeterminacy thesis—a key concept of American legal realism—and because the interdisciplinary efforts of privacy scholars to explore extra-legal influences on privacy law arguably further the plot of legal realism itself