Privacy Law Commons^™

Healthy Data Protection, Lothar Determann

Michigan Technology Law Review

Modern medicine is evolving at a tremendous speed. On a daily basis, we learn about new treatments, drugs, medical devices, and diagnoses. Both established technology companies and start-ups focus on health-related products and services in competition with traditional healthcare businesses. Telemedicine and electronic health records have the potential to improve the effectiveness of treatments significantly. Progress in the medical field depends above all on data, specifically health information. Physicians, researchers, and developers need health information to help patients by improving diagnoses, customizing treatments and finding new cures.

Yet law and policymakers are currently more focused on the fact that health …

A Comment On Privacy And Accountability In Black-Box Medicine, Carl E. Schneider

Michigan Telecommunications & Technology Law Review

Human institutions and activities cannot avoid failures. Anxiety about them often provokes governments to try to prevent those failures. When that anxiety is vivid and urgent, government may do so without carefully asking whether regulation’s costs justify their benefits. Privacy and Accountability in Black Box Medicine admirably labors to bring discipline and rationality to thinking about an important development — the rise of “black-box medicine” — before it causes injuries regulation should have prevented and before it is impaired by improvident regulation. That is, Privacy and Accountability weighs the costs against the benefits of various forms of regulation across the …

Privacy And Accountability In Black-Box Medicine, Roger Allan Ford, W. Nicholson Price Ii

Michigan Telecommunications & Technology Law Review

Black-box medicine—the use of big data and sophisticated machine-learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, …

Social Media And The Job Market: How To Reconcile Applicant Privacy With Employer Needs, Peter B. Baumhart

University of Michigan Journal of Law Reform

In the modern technological age, social media allows us to communicate vast amounts of personal information to countless people instantaneously. This information is valuable to more than just our “friends” and “followers,” however. Prospective employers can use this personal data to inform hiring decisions, thereby maximizing fit and minimizing potential liability. The question then arises, how best to acquire this information? For job applicants, the counter-question is how best to protect the privacy of their social media accounts. As these two competing desires begin to clash, it is important to find a method to mediate the conflict. Existing privacy law, …

Rethinking Reporter's Privilege, Ronnell Andersen Jones

Michigan Law Review

Forty years ago, in Branzburg v. Hayes, the Supreme Court made its first and only inquiry into the constitutional protection of the relationship between a reporter and a confidential source. This case - decided at a moment in American history in which the role of an investigative press, and of information provided by confidential sources, was coming to the forefront of public consciousness in a new and significant way - produced a reporter-focused "privilege" that is now widely regarded to be both doctrinally questionable and deeply inconsistent in application. Although the post-Branzburg privilege has been recognized as flawed in a …

The Politics Of Privacy In The Criminal Justice System: Information Disclosure, The Fourth Amendment, And Statutory Law Enforcement Exemptions, Erin Murphy

Michigan Law Review

When criminal justice scholars think of privacy, they think of the Fourth Amendment. But lately its domain has become far less absolute. The United States Code currently contains over twenty separate statutes that restrict both the acquisition and release of covered information. Largely enacted in the latter part of the twentieth century, these statutes address matters vital to modern existence. They control police access to driver's licenses, educational records, health histories, telephone calls, email messages, and even video rentals. They conform to no common template, but rather enlist a variety of procedural tools to serve as safeguards - ranging from …

Geographically Restricted Streaming Content And Evasion Of Geolocation: The Applicability Of The Copyright Anticircumvention Rules, Jerusha Burnett

Michigan Telecommunications & Technology Law Review

A number of methods currently exist or are being developed to determine where Internet users are located geographically when they access a particular webpage. Yet regardless of the precautions taken by website operators to limit the locations from which they allow access, it is likely that users will find ways to gain access to restricted content. Should the evasion of geolocation constitute circumvention of access controls so that § 1201 of the Digital Millennium Copyright Act ("DMCA") applies? Because location data can properly be considered personally identifiable information ("PII"), this Note argues that § 1201 should not apply absent a …

Surrender And Subordination: Birth Mothers And Adoption Law Reform, Elizabeth J. Samuels

Michigan Journal of Gender & Law

For more than thirty years, adoption law reform advocates have been seeking to restore for adult adoptees the right to access their original birth certificates, a right that was lost in all but two states between the late 1930s and 1990. The advocates have faced strong opposition and have succeeded only in recent years and only in eight states. Among the most vigorous advocates for access are birth mothers who surrendered their children during a time it was believed that adoption would relieve unmarried women of shame and restore them to a respectable life. The birth mother advocates say that …

Information Escrows, Ian Ayres, Cait Unkovic

Michigan Law Review

A variety of information escrows - including allegation escrows, suspicion escrows, and shared-interest escrows - hold the promise of reducing the first-mover disadvantage that can deter people with socially valuable private information from disclosing that information to others. Information escrows allow people to transmit sensitive information to a trusted intermediary, an escrow agent, who only forwards the information under prespecified conditions. For example, an allegation escrow for sexual harassment might allow a victim to place a private complaint into escrow with instructions that the complaint be lodged with the proper authorities only if the escrow agent receives at least one …

Privacy Policies, Terms Of Service, And Ftc Enforcement: Broadening Unfairness Regulation For A New Era, G. S. Hans

Michigan Telecommunications & Technology Law Review

This Note examines website privacy policies in the context of FTC regulation. The relevant portion of Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a), uses the following language to define the scope of the agency's regulatory authority: "Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful." Specifically, this Note analyzes the FTC's power to regulate unfair practices (referred to as the FTC's "unfairness power") granted by Section 5, and also discusses the deception prong of Section 5, which allows the agency to …

Property As Control: The Case Of Information, Jane B. Baron

Michigan Telecommunications & Technology Law Review

If heath policy makers' wishes come true, by the end of the current decade the paper charts in which most of our medical information is currently recorded will be replaced by networked electronic health records ("EHRs").[...] Like all computerized records, networked EHRs are difficult to secure, and the information in EHRs is both particularly sensitive and particularly valuable for commercial purposes. Sadly, the existing federal statute meant to address this problem, the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), is probably inadequate to the task.[...] Health law, privacy, and intellectual property scholars have all suggested that the river …

No Cause Of Action: Video Surveillance In New York City, Olivia J. Greer

Michigan Telecommunications & Technology Law Review

In 2010, New York City Police Commissioner Raymond Kelly announced a new network of video surveillance in the City. The new network would be able to prevent future terrorist attacks by identifying suspicious behavior before catastrophic events could take place. Kelly told reporters, "If we're looking for a person in a red jacket, we can call up all the red jackets filmed in the last 30 days," and "[w]e're beginning to use software that can identify suspicious objects or behaviors." Gothamist later made a witticism of Kelly's statement, remarking, "Note to terrorists: red jackets are not a good look for …

Protecting Anonymous Expression: The Internet's Role In Washington State's Disclosure Laws And The Direct Democracy Process, Karen Cullinane

University of Michigan Journal of Law Reform

This Note proposes that the Washington State Legislature amend its Public Records Act to exempt from public disclosure personal information legally required to be disclosed by signers of referendum petitions. This Note also proposes that the Washington State Legislature designate an electronic system, to be detailed in its election law, by which referendum petitions can be checked for fraud without violating the right to anonymous expression protected by the First Amendment. Part I describes Washington State's referendum process and the path of Doe v. Reed, the case animating the reform presented in this Note. Part II illustrates how the rise …

Does Law Matter Online - Empirical Evidence On Privacy Law Compliance, Michael Birnhack, Niva Elkin-Koren

Michigan Telecommunications & Technology Law Review

Does law matter in the information environment? What can we learn from the experience of applying a particular legal regime to the online environment? Informational privacy (or to use the European term, data protection) provides an excellent illustration of the challenges faced by regulators who seek to secure user rights and shape online behavior. A comprehensive study of Israeli website compliance with information privacy regulation in 2003 and 2006 provides insights for understanding these challenges. The study examined the information privacy practices of 1360 active websites, determining the extent to which these sites comply with applicable legal requirements related to …

A Path Toward User Control Of Online Profiling, Tracy A. Steindel

Michigan Telecommunications & Technology Law Review

Online profiling is "the practice of tracking information about consumers' interests by monitoring their movements online." A primary purpose of online profiling is to "deliver advertising tailored to the individual's interests," a practice known as online behavioral advertising (OBA). In order to accomplish this, publishers and advertisers track a individual's online behavior using cookies and other means. Publishers and advertisers aggregate the information, often compile it with information from offline sources, and sort individuals into groups based on characteristics such as age, income, and hobbies. Advertisers can then purchase access to these consumer groups, controlling their selections with such specificity …

There Is A Time To Keep Silent And A Time To Speak, The Hard Part Is Knowing Which Is Which: Striking The Balance Between Privacy Protection And The Flow Of Health Care Information, Daniel J. Gilman, James C. Cooper

Michigan Telecommunications & Technology Law Review

Health information technology (HIT) has become a signal element of federal health policy, especially as the recently enacted American Recovery and Reinvestment Act of 2009 (Recovery Act or ARRA) comprises numerous provisions related to HIT and commits tens of billions of dollars to its development and adoption. These provisions charge various agencies of the federal government with both general and specific HIT-related implementation tasks including, inter alia, providing funding for HIT in various contexts: the implementation of interoperable HIT, HIT-related infrastructure, and HIT-related training and research. The Recovery Act also contains various regulatory provisions pertaining to HIT. Provisions of the …

When Mobile Phones Are Rfid-Equipped - Finding E.U.-U.S. Solutions To Protect Consumer Privacy And Facilitate Mobile Commerce, Nancy J. King

Michigan Telecommunications & Technology Law Review

New mobile phones have been designed to include delivery of mobile advertising and other useful location-based services, but have they also been designed to protect consumers' privacy? One of the key enabling technologies for these new types of phones and new mobile services is Radio Frequency Identification (RFID), a wireless communication technology that enables the unique identification of tagged objects. In the case of RFID-enabled mobile phones, the personal nature of the devices makes it very likely that, by locating a phone, businesses will also be able to locate its owner. Consumers are currently testing new RFID-enabled phones around the …

Password Theft: Rethinking An Old Crime In A New Era, Daniel S. Shamah

Michigan Telecommunications & Technology Law Review

By putting themselves out in front as the victims, the Recording Industry Association of America (RIAA) helped reshape the governing norms of the times, and as a result, people viewed the act of file-sharing differently. By forcing people to see music downloading as a form of theft, the RIAA was quite successful in deterring it. In the process, they also proposed a radical view of theft that changes our basic economic understandings of the action[...] This paper argues that the RIAA's model for deterring music theft could be successfully used to deter many other forms of computer theft, and, specifically, …

Hipaa-Cracy, Carl E. Schneider

Articles

The Department of Health and Human Services has recently been exercising its authority under the (wittily named) "administrative simplification" part of the Health Insurance Portability and Accountability Act to regulate the confidentiality of medical records. I love the goal; I loathe the means. The benefits are obscure; the costs are onerous. Putatively, the regulations protect my autonomy; practically, they ensnarl me in red tape and hijack my money for services I dislike. HIPAA (a misnomer-HIPAA is the statute, not the regulations) is too lengthy, labile, complex, confused, unfinished, and unclear to be summarized intelligibly or reliably. (Brevis esse laboro, …

'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes

Michigan Telecommunications & Technology Law Review

The notion of software code replacing legal code as a mechanism to control human behavior--"code as law"--is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of "code as law" on privacy. To what extent is privacy-related "code" being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it …

Transgovernmental Networks Vs. Democracy: The Case Of The European Information Privacy Network, Francesca Bignami

Michigan Journal of International Law

The perspective offered by this Article is twofold. The emergence of transgovernmental networks gives rise to two questions, one causal and the other normative. First, how do we explain transnational cooperation through networks? Why do governments and regulators choose to establish networks rather than retain virtually limitless discretion over policymaking, conditioned only by international legal obligations? Based on the author’s examination of the records of the intergovernmental negotiations on the Data Protection Directive, this Article concludes that one precondition for fettering national discretion through networks is common preferences among governments on the substance of the policy to be administered. Compared …

Constitutional Issues In Information Privacy, Fred H. Cate, Robert Litan

Michigan Telecommunications & Technology Law Review

The U.S. Constitution has been largely ignored in the recent flurry of privacy laws and regulations designed to protect personal information from incursion by the private sector despite the fact that many of these enactments and efforts to enforce them significantly implicate the First Amendment. Questions about the role of the Constitution have assumed new importance in the aftermath of the September 11, 2001 terrorist attacks on the World Trade Center and the Pentagon. Recent efforts to identify and apprehend terrorists and to protect against future attacks threaten to weaken constitutional protections against government intrusions into personal privacy. However, these …

The Emergence Of Website Privacy Norms, Steven A. Hetcher

Michigan Telecommunications & Technology Law Review

Part I of the Article will first look at the original privacy norms that emerged at the Web's inception in the early 1990s. Two groups have been the main contributors to the emergence of these norms; the thousands of commercial websites on the early Web, on the one hand, and the millions of users of the early Web, on the other hand. The main structural feature of these norms was that websites benefitted through the largely unrestricted collection of personal data while consumers suffered injury due to the degradation of their personal privacy from this data collection. In other words, …

The Secrecy Interest In Contract Law, Omri Ben-Shahar, Lisa Bernstein

Articles

A long and distinguished line of law-and-economics articles has established that in many circumstances fully compensatory expectation damages are a desirable remedy for breach of contract because they induce both efficient performance and efficient breach. The expectation measure, which seeks to put the breached-against party in the position she would have been in had the contract been performed, has, therefore, rightly been chosen as the dominant contract default rule. It does a far better job of regulating breach-or-perform incentives than its leading competitors-the restitution measure, the reliance measure, and specific performance. This Essay does not directly take issue with the …

Whose Genes Are These Anyway?: Familial Conflicts Over Access To Genetic Information, Sonia M. Suter

Michigan Law Review

This Note argues first that courts and legislatures should follow a presumption against mandating disclosure of a person's genetic information to third parties. Second, genetic testing for the benefit of a third party should not, and constitutionally cannot, be compelled. Part I presents an overview of genetics and discusses the special legal and ethical issues genetic testing poses. Part II examines the issue of nonconsensual disclosure to family members, who could potentially use the information from tests that have already been performed. This Part concludes that there should be a presumption against disclosure. Part III examines a related, but different, …

Government Information And The Rights Of Citizens, Michigan Law Review

Michigan Law Review

This Project delineates the federal and state responses to these two fundamental societal concerns. The course of the discussion suggests the vitality of these concerns, and the flexibility and continuing development of the governmental responses. Clearly, the interests in maximizing disclosure of government-held information and minimizing the handling and dissemination of unnecessary or inaccurate personal information can conflict. The contours of this conflict, only intimated herein, will doubtless become more bold with the maturation of the opposing statutory schemes.

A Suggested Legislative Device For Dealing With Abuses Of Criminal Records, Walter W. Steele Jr.

University of Michigan Journal of Law Reform

There are pitfalls apparent in ameliorating the overuse of criminal records. For example, techniques of expunging, sealing, and limiting access do not affect legal status. No amount of expunging, or sealing, or limiting access is truly useful unless civil rights, such as the right to vote, are restored as well. Another problem is the inherent breadth of a criminal record, which can involve acts or allegations of acts ranging from traffic offenses to murder or rape. Thus, it is difficult to draw precise guidelines delineating those parts of the record which may be legitimately used. The apparently illegitimate use of …

Personal Privacy In The Computer Age: The Challenge Of A New Technology In An Information-Oriented Society, Arthur R. Miller

Michigan Law Review

The purpose of this Article is to survey the new technology's implications for personal privacy and to evaluate the contemporary common-law and statutory pattern relating to data-handling. In the course of this examination, it will appraise the existing framework's capacity to deal with the problems created by society's growing awareness of the primordial character of information. The Article is intended to be suggestive; any attempt at definitiveness would be premature. Avowedly, it was written with the bias of one who believes that the new information technology has enormous long-range societal implications and who is concerned about the consequences of the …