Privacy Law Commons^™

The Consumer Bundle, Shelly Kreiczer-Levy

Washington Law Review

Can property law have a consumer protection purpose? One of the most important consumer law concerns today is the limited control consumers have over the digital assets and software-embedded products they purchase. Current proposals for reform focus on classifying the transaction as either license or sale and rely mostly on contract law and consumer protection regulation with a few calls for restoring ownership rights. This Article argues that property law can protect consumers by establishing a minimum bundle of rights for consumers: the “consumer’s bundle.” Working with property theory and an analysis of property values, this Article explains the importance …

Speaking Back To Sexual Privacy Invasions, Brenda Dvoskin

Washington Law Review

Many big players in the internet ecosystem do not like hosting sexual expression. They often justify these bans as a protection of sexual privacy. For example, Meta states that it removes sexual imagery to prevent the nonconsensual distribution of sexual images. In response, this Article argues that banning digital sexual expression is counterproductive if the aim is to alleviate the harms inflicted by sexual privacy losses.

Contemporary sexual privacy theory, however, lacks analytical tools to explain why nudity bans harm the interests they intend to protect. This Article aims at building those tools. The main contribution is an invitation to …

The Kids Are Not Alright: Negative Consequences Of Student Device And Account Surveillance, Ashley Peterson

Washington Law Review

In recent years, student surveillance has rapidly grown. As schools have experimented with new technologies, transitioned to remote and hybrid instruction, and faced pressure to protect student safety, they have increased surveillance of school accounts and school-issued devices. School surveillance extends beyond school premises to monitor student activities that occur off-campus. It reaches students’ most intimate data and spaces, including things students likely believe are private: internet searches, emails, and messages. This Comment focuses on the problems associated with off-campus surveillance of school accounts and school-issued devices, including chilling effects that fundamentally alter student behavior, reinforcement of the school-to-prison pipeline, …

Privacy Matters: Data Breach Litigation In Japan, Andrew M. Pardieck

Washington International Law Journal

In 1890, when Brandeis and Warren wrote The Right to Privacy, Japan did not have a word for privacy. Today, it is closely guarded in Japan: the European Data Protection Board has found privacy protections in Japan “equivalent” to those in the EU. This research explores the evolution of privacy law in Japan, focusing on data breach and the legal rights and obligations associated with it. The writing is broken up into two parts: This article discusses private enforcement of privacy norms, as it is the courts that first established and continue to define privacy rights in Japan. A separate …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Gone Fishing: Casting A Wide Net Using Geofence Warrants, Ryan Tursi

Washington Law Review

Technology companies across the country receive requests from law enforcement agencies for cell phone location information near the scenes of crimes. These requests rely on the traditional warrant process and are known as geofence warrants, or reverse location search warrants. By obtaining location information, law enforcement can identify potential suspects or persons of interest who were near the scene of a crime when they have no leads. But the use of this investigative technique is controversial, as it threatens to intrude upon the privacy of innocent bystanders who had the misfortune of being nearby when the crime took place. Innocent …

Beware What You Google: Fourth Amendment Constitutionality Of Keyword Warrants, Chelsa Camille Edano

Washington Law Review

Many Americans have potentially had their privacy rights invaded through invisible, widespread police searches. In recent years, local and federal governments have compelled Google and other search engine companies to produce the personal information of users who have conducted a search query related to a crime. By using keyword warrants, the government can conduct a dragnet search for suspects, imposing suspicion on users and exposing their personal information. The keyword warrant is a symptom of the erosion of the Fourth Amendment protection against suspicionless searches. Not only is scholarship scarce on keyword warrants, but also instances of these warrants are …

You Are Not A Commodity: A More Efficient Approach To Commercial Privacy Rights, Benjamin T. Pardue

Washington Law Review

United States common law provides four torts for privacy invasion: (1) disclosure of private facts, (2) intrusion upon seclusion, (3) placement of a person in a false light, and (4) appropriation of name or likeness. Appropriation of name or likeness occurs when a defendant commandeers the plaintiff’s recognizability, typically for a commercial benefit. Most states allow plaintiffs who establish liability to recover defendants’ profits as damages from the misappropriation under an “unjust enrichment” theory. By contrast, this Comment argues that such an award provides a windfall to plaintiffs and contributes to suboptimal social outcomes. These include overcompensating plaintiffs and incentivizing …

Revising Reasonableness In The Cloud, Ian Walsh

Washington Law Review

Save everything—just in case––and search for it later. This is a modern mantra fueled by the ubiquity of smartphones, laptops, tablets, and free or low-cost data storage that leads users to store massive amounts of data in the cloud. But when users trust third-party cloud storage providers with private communications, they also surrender Fourth Amendment constitutional certainty. Existing statutory safeguards for these communications are lower than Fourth Amendment warrant and probable cause standards; this permits the government to seize large quantities of users’ private communications stored in the cloud with only minimal justification. Due to the revealing nature of such …

Hacks, Leaks, And Data Dumps: The Right To Publish Illegally Acquired Information Twenty Years After Bartnicki V. Vopper, Erik Ugland, Christina Mazzeo

Washington Law Review

This Article addresses a fluid and increasingly salient category of cases involving the First Amendment right to publish information that was hacked, stolen, or illegally leaked by someone else. Twenty years ago, in Bartnicki v. Vopper, the Supreme Court appeared to give broad constitutional cover to journalists and other publishers in these situations, but Justice Stevens’s inexact opinion for the Court and Justice Breyer’s muddling concurrence left the boundaries unclear. The Bartnicki framework is now implicated in dozens of new cases— from the extradition and prosecution of Julian Assange, to Donald Trump’s threatened suit of The New York Times …

Data Protection In Disarray, Thomas D. Haley

Washington Law Review

Businesses routinely lose or misuse individuals’ private information, with results that can be devastating. Federal courts often leave those individuals without legal recourse by dismissing their lawsuits for lack of standing, even though plaintiffs in these cases provide stronger showings of harm than courts usually require. Using an original data set, this Article shows how standing analysis in these cases has gone awry and argues that the standing inquiry in today’s data-protection cases harms both public policy and standing doctrine.

This Article makes three contributions to literatures in federal courts and privacy. First, it shows that current federal court practice …

U.S.-U.K. Executive Agreement: Case Study Of Incidental Collection Of Data Under The Cloud Act, Eddie B. Kim

Washington Journal of Law, Technology & Arts

In March 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act, also known as the CLOUD Act, in order to expedite the process of cross-border data transfers for the purposes of criminal investigations. The U.S. government entered into its first Executive Agreement, the main tool to achieve the goals of the statute, with the United Kingdom in October 2019. While the CLOUD Act requires the U.S. Attorney General to consider whether the foreign government counterpart has a certain level of robust data privacy laws, the relevant laws of the United Kingdom have generally been questioned numerous times for …

Privacy Dependencies, Solon Barocas, Karen Levy

Washington Law Review

This Article offers a comprehensive survey of privacy dependencies—the many ways that our privacy depends on the decisions and disclosures of other people. What we do and what we say can reveal as much about others as it does about ourselves, even when we don’t realize it or when we think we’re sharing information about ourselves alone. We identify three bases upon which our privacy can depend: our social ties, our similarities to others, and our differences from others. In a tie-based dependency, an observer learns about one person by virtue of her social relationships with others—family, friends, or other …

Cross-Border Data Flows, The Gdpr, And Data Governance, W. Gregory Voss

Washington International Law Journal

Today, cross-border data flows are an important component of international trade and an element of digital service models. However, they are impeded by restrictions on cross-border personal data transfers and data localization legislation. This Article focuses primarily on these complexities and on the impact of the new European Union (“EU”) legislation on personal data protection—the GDPR. First, this Article introduces its discussion of these flows by placing them in their economic and geopolitical setting, including a discussion of the results of a lack of international harmonization of law in the area. In this framework, rule overlap and rival standards are …

Emerging Privacy Legislation In The International Landscape: Strategy And Analysis For Compliance, Jonathan Mcgruer

Washington Journal of Law, Technology & Arts

Big data is a part of our daily reality; consumers are constantly making decisions that reflect their personal preferences, resulting in valuable personal data. Facial recognition and other emerging technologies have raised privacy concerns due to the increased efficiency and scope which businesses and governments can use consumer data. With the European Union’s General Data Protection Regulation ushering in a new age of data privacy regulation, international jurisdictions have begun implementing comparable comprehensive legislation, affecting businesses globally. This Article examines the similarities between emerging U.S. state data privacy laws and the General Data Protection Regulation, with suggestions for businesses implicated …

Candidate Privacy, Rebecca Green

Washington Law Review

In the United States, we have long accepted that candidates for public office who have voluntarily stepped into the public eye sacrifice claims to privacy. This refrain is rooted deep within the American enterprise, emanating from the Framers’ concept of the informed citizen as a bedrock of democracy. Voters must have full information about candidates to make their choices at the ballot box. Even as privacy rights for ordinary citizens have expanded, privacy theorists and courts continue to exempt candidates from privacy protections. This Article suggests that two disruptions warrant revisiting the privacy interests of candidates. The first is a …

Privacy As Safety, A. Michael Froomkin, Zak Colangelo

Washington Law Review

The idea that privacy makes you safer is unjustly neglected: public officials emphasize the dangers of privacy while contemporary privacy theorists acknowledge that privacy may have safety implications but hardly dwell on the point. We argue that this lack of emphasis is a substantive and strategic error and seek to rectify it. This refocusing is particularly timely given the proliferation of new and invasive technologies for the home and for consumer use more generally, not to mention surveillance technologies such as so-called smart cities.

Indeed, we argue—perhaps for the first time in modern conversations about privacy—that in many cases privacy …

Censorship, Free Speech & Facebook: Applying The First Amendment To Social Media Platforms Via The Public Function Exception, Matthew P. Hooker

Washington Journal of Law, Technology & Arts

Society has a love-hate relationship with social media. Thanks to social media platforms, the world is more connected than ever before. But with the ever-growing dominance of social media there have come a mass of challenges. What is okay to post? What isn't? And who or what should be regulating those standards? Platforms are now constantly criticized for their content regulation policies, sometimes because they are viewed as too harsh and other times because they are characterized as too lax. And naturally, the First Amendment quickly enters the conversation. Should social media platforms be subject to the First Amendment? Can—or …

Between You, Me, And Alexa: On The Legality Of Virtual Assistant Devices In Two-Party Consent States, Ria Kuruvilla

Washington Law Review

When an Amazon Echo is activated, the device is constantly recording and sending those recordings to Amazon’s cloud. For an always recording device such as the Echo, getting consent from every person subject to a recording proves difficult. An Echo-owner consents to the recordings when they purchase and register the device, but when does a guest in an Echo-owner’s home consent to being recorded? This Comment uses Amazon’s Echo and Washington’s privacy statute to illustrate the tension between speech-activated devices and two-party consent laws—which require that all parties subject to a recording consent to being recorded. This Comment argues that …

Animal Healthcare Robots: The Case For Privacy Regulation, Sulaf Al-Saif

Washington Journal of Law, Technology & Arts

Animal healthcare robots are a form of healthcare or wellness devices that possess the appearance of animals or pets and that collect data on the user. The appearance, use, and nature of data collected by these robots illustrate two types of devices for which privacy regulation falls short: Internet of Things (“IoT”) devices and healthcare devices. This paper surveys the animal healthcare robots currently in the market, details the special privacy concerns associated with such robots, examines the current state of potentially relevant privacy laws, and makes recommendations for privacy regulation in the future.

Science And Privacy: Data Protection Laws And Their Impact On Research, Mike Hintze

Washington Journal of Law, Technology & Arts

While privacy laws differ in their scope, focus, and approach, they all involve restrictions on the collection, use, sharing, or retention of information about people. In general, privacy laws reflect a societal consensus that privacy violations can lead to a wide range of financial, reputational, dignitary, and other harms, and that excessive collection and harmful uses of personal information should therefore be constrained. These laws require organizations to comply with a number of obligations concerning personal information. In practice, these requirements can lead organizations to refrain from collecting certain data, only use data with the consent of the individual, or …

Striking A Balance: Privacy And National Security In Section 702 U.S. Person Queries, Brittany Adams

Washington Law Review

The transformation of U.S. foreign intelligence in recent years has led to increasing privacy concerns. The Foreign Intelligence Surveillance Act of 1978 (FISA) traditionally regulated foreign intelligence surveillance by authorizing warrant-based searches of U.S. and non-U.S. persons. Individualized court orders under traditional FISA were intended to protect U.S. persons and limit the scope of intelligence collection. In a post-9/11 world, however, the intelligence community cited concerns regarding the speed and efficiency of collection under traditional methods. The intelligence and law enforcement communities recognized the “wall” preventing information sharing between the communities as a central failure leading to the 9/11 attacks. …

Privacy's Double Standards, Scott Skinner-Thompson

Washington Law Review

Where the right to privacy exists, it should be available to all people. If not universally available, then privacy rights should be particularly accessible to marginalized individuals who are subject to greater surveillance and are less able to absorb the social costs of privacy violations. But in practice, there is evidence that people of privilege tend to fare better when they bring privacy tort claims than do non-privileged individuals. This disparity occurs despite doctrine suggesting that those who occupy prominent and public social positions are entitled to diminished privacy tort protections. This Article unearths disparate outcomes in public disclosure tort …

Privacy Localism, Ira S. Rubinstein

Washington Law Review

Privacy law scholarship often focuses on domain-specific federal privacy laws and state efforts to broaden them. This Article provides the first comprehensive analysis of privacy regulation at the local level (which it dubs “privacy localism”), using recently enacted privacy laws in Seattle and New York City as principal examples. Further, this Article attributes the rise of privacy localism to a combination of federal and state legislative failures and three emerging urban trends: the role of local police in federal counterterrorism efforts; smart city and open data initiatives; and demands for local police reform in the wake of widely reported abusive …

Privacy In The Cloud: The Fourth Amendment Fog, Sarah Aitchison

Washington Law Review

The Cloud has changed how individuals record, store, and aggregate their personal information. As technology’s capacity for holding an individual’s most intimate details and recording day-to-day experiences increases, Fourth Amendment privacy protections become less equipped to respond to technological advances. These advances allow private companies to store an immense amount of their consumers’ personal information, and government entities to obtain that information. In response, tech companies have begun refusing to comply with government demands for information collected and stored in their devices and in the Cloud, and are increasingly ending up in court, fighting orders to disclose consumer information. A …

Alexa, What Should We Do About Privacy? Protecting Privacy For Users Of Voice-Activated Devices, Anne Pfeifle

Washington Law Review

Alexa, Amazon’s digital voice assistant, and devices like it, are increasingly common. With this trend comes growing problems, as illustrated by a murder investigation in Bentonville, Arkansas. Police wanted Amazon to turn over data associated with the suspect’s Echo device, hoping it had overheard something on the night of the murder. The case sparked wide-spread interest in the privacy implications of in-home devices that record audio of users. But the biggest threat to user privacy is not that Alexa may overhear a crime—it is that law enforcement will use such devices in new ways that users are not prepared for …

Privacy, Press, And The Right To Be Forgotten In The United States, Amy Gajda

Washington Law Review

When the European Court of Justice in effect accepted a Right to Be Forgotten in 2014, ruling that a man had a right to privacy in his past economic troubles, many suggested that a similar right would be neither welcomed nor constitutional in the United States given the Right’s impact on First Amendment-related freedoms. Even so, a number of state and federal courts have recently used language that embraces in a normative sense the appropriateness of such a Right. These court decisions protect an individual’s personal history in a press-relevant way: they balance individual privacy rights against the public value …

Privacy's Double Standards: Public Disclosure Tort Case Chart (2006-2016), Scott Skinner-Thompson

Washington Law Review Online

This is a chart of public disclosure tort cases analyzed in Scott Skinner-Thompson, Privacy’s Double Standards, 93 Wash. L. Rev. 2051 (2018).

Privacy Commitments, Rachel Wilka

Washington Law Review Online

What responsibilities do corporations have with regard to their consumers’ information? Many articles have looked at ways to make personal information the “property” of the consumer. Property approaches attempt to overlay personal information on the legal frameworks of trade secret, trademark, and copyright law. While each approach has its merits, and contributes to the field, none of the proposals generate a concrete way for a consumer to enforce his or her rights against a company. The proposals all suffer from the same fatal flaw, a new system must not just create a consumer right but also balance the inequities in …

Privacy Commitments, Rachel Wilka

Washington Law Review Online

What responsibilities do corporations have with regard to their consumers’ information? Many articles have looked at ways to make personal information the “property” of the consumer. Property approaches attempt to overlay personal information on the legal frameworks of trade secret, trademark, and copyright law. While each approach has its merits, and contributes to the field, none of the proposals generate a concrete way for a consumer to enforce his or her rights against a company. The proposals all suffer from the same fatal flaw, a new system must not just create a consumer right but also balance the inequities in …