Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Keyword
Articles 1 - 24 of 24
Full-Text Articles in Privacy Law
What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar
What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar
Washington Journal of Law, Technology & Arts
The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.
U.S.-U.K. Executive Agreement: Case Study Of Incidental Collection Of Data Under The Cloud Act, Eddie B. Kim
U.S.-U.K. Executive Agreement: Case Study Of Incidental Collection Of Data Under The Cloud Act, Eddie B. Kim
Washington Journal of Law, Technology & Arts
In March 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act, also known as the CLOUD Act, in order to expedite the process of cross-border data transfers for the purposes of criminal investigations. The U.S. government entered into its first Executive Agreement, the main tool to achieve the goals of the statute, with the United Kingdom in October 2019. While the CLOUD Act requires the U.S. Attorney General to consider whether the foreign government counterpart has a certain level of robust data privacy laws, the relevant laws of the United Kingdom have generally been questioned numerous times for …
Emerging Privacy Legislation In The International Landscape: Strategy And Analysis For Compliance, Jonathan Mcgruer
Emerging Privacy Legislation In The International Landscape: Strategy And Analysis For Compliance, Jonathan Mcgruer
Washington Journal of Law, Technology & Arts
Big data is a part of our daily reality; consumers are constantly making decisions that reflect their personal preferences, resulting in valuable personal data. Facial recognition and other emerging technologies have raised privacy concerns due to the increased efficiency and scope which businesses and governments can use consumer data. With the European Union’s General Data Protection Regulation ushering in a new age of data privacy regulation, international jurisdictions have begun implementing comparable comprehensive legislation, affecting businesses globally. This Article examines the similarities between emerging U.S. state data privacy laws and the General Data Protection Regulation, with suggestions for businesses implicated …
Censorship, Free Speech & Facebook: Applying The First Amendment To Social Media Platforms Via The Public Function Exception, Matthew P. Hooker
Censorship, Free Speech & Facebook: Applying The First Amendment To Social Media Platforms Via The Public Function Exception, Matthew P. Hooker
Washington Journal of Law, Technology & Arts
Society has a love-hate relationship with social media. Thanks to social media platforms, the world is more connected than ever before. But with the ever-growing dominance of social media there have come a mass of challenges. What is okay to post? What isn't? And who or what should be regulating those standards? Platforms are now constantly criticized for their content regulation policies, sometimes because they are viewed as too harsh and other times because they are characterized as too lax. And naturally, the First Amendment quickly enters the conversation. Should social media platforms be subject to the First Amendment? Can—or …
Animal Healthcare Robots: The Case For Privacy Regulation, Sulaf Al-Saif
Animal Healthcare Robots: The Case For Privacy Regulation, Sulaf Al-Saif
Washington Journal of Law, Technology & Arts
Animal healthcare robots are a form of healthcare or wellness devices that possess the appearance of animals or pets and that collect data on the user. The appearance, use, and nature of data collected by these robots illustrate two types of devices for which privacy regulation falls short: Internet of Things (“IoT”) devices and healthcare devices. This paper surveys the animal healthcare robots currently in the market, details the special privacy concerns associated with such robots, examines the current state of potentially relevant privacy laws, and makes recommendations for privacy regulation in the future.
Science And Privacy: Data Protection Laws And Their Impact On Research, Mike Hintze
Science And Privacy: Data Protection Laws And Their Impact On Research, Mike Hintze
Washington Journal of Law, Technology & Arts
While privacy laws differ in their scope, focus, and approach, they all involve restrictions on the collection, use, sharing, or retention of information about people. In general, privacy laws reflect a societal consensus that privacy violations can lead to a wide range of financial, reputational, dignitary, and other harms, and that excessive collection and harmful uses of personal information should therefore be constrained. These laws require organizations to comply with a number of obligations concerning personal information. In practice, these requirements can lead organizations to refrain from collecting certain data, only use data with the consent of the individual, or …
Neighborhood Watch 2.0: Private Surveillance And The Internet Of Things, Daniel Healow
Neighborhood Watch 2.0: Private Surveillance And The Internet Of Things, Daniel Healow
Washington Journal of Law, Technology & Arts
The use of low-cost cameras and internet-connected sensors is sharply increasing among local law enforcement, businesses, and average Americans. While the motives behind adopting these devices may differ, this trend means more data about the events on Earth is rapidly being collected and aggregated each day. Current and future products, such as drones and self-driving cars, contain cameras and other embedded sensors used by private individuals in public settings. To function, these devices must passively collect information about other individuals who have not given the express consent that is commonly required when one is actively using an online service, such …
The Drone Wars: The Need For Federal Protection Of Individual Privacy, Toban Platt
The Drone Wars: The Need For Federal Protection Of Individual Privacy, Toban Platt
Washington Journal of Law, Technology & Arts
Drones—also known as unmanned aerial vehicles—are lightweight, easy to use, and relatively inexpensive aircraft with a wide variety of applications. Drone popularity has recently exploded, with an estimated two million recreational drones sold in 2016 and analysts predicting that sales will increase to 4.3 million units sold annually by 2020. With this increased popularity comes increased concerns about how they will be used and who will fly them. The Federal Aviation Administration (FAA) and state legislatures have created drone-specific legislation and rules governing drone use. However, these rules and regulations are more concerned with regulating drones with in relation to …
Revenge Porn And Narrowing The Cda: Litigating A Web-Based Tort In Washington, Jessy R. Nations
Revenge Porn And Narrowing The Cda: Litigating A Web-Based Tort In Washington, Jessy R. Nations
Washington Journal of Law, Technology & Arts
Effective September 2015, the Washington State Legislature passed two statutes which created both civil and criminal liability against individuals who distribute "intimate images" of others without their consent. These statutes were created to combat the modern phenomenon colloquially known as "revenge porn." Revenge porn is the non-consensual distribution of nude or sexually explicit photographs or videos, created with the intent to humiliate or harass the person these images depict. In addition to causing emotional damage to the victim, revenge porn can also produce broader consequences such as loss of employment and stalking. Traditionally, litigating these kinds of offenses has been …
"Reasonable Zones Of Privacy"—The Supreme Court's Struggle To Find Clarity In The American Landscape Regarding Fourth Amendment Rights, Alex Alben
Washington Journal of Law, Technology & Arts
The U.S. Supreme Court has struggled over the years to develop the concept of what constitutes a "reasonable zone of privacy" when it comes to intrusion on an individual's physical space or activities. With the advent and widespread adoption of new technologies such as drones and listening devices, concern for protecting privacy has magnified, yet court doctrine remains inconsistent. The author, Washington State's Chief Privacy Officer, reviews the history of Supreme Court "search and seizure" rulings in prominent cases to identify both patterns and flaws on the topic of protecting citizen privacy.
Privacy Harmonization And The Developing World: The Impact Of The Eu's General Data Protection Regulation On Developing Economies, Tiffany Curtiss
Privacy Harmonization And The Developing World: The Impact Of The Eu's General Data Protection Regulation On Developing Economies, Tiffany Curtiss
Washington Journal of Law, Technology & Arts
Through strengthened third-party obligations for data protection, the European Union’s General Data Protection Regulation will export privacy norms. However, developing economies may want to consider a co-regulatory industry approach to data protection before adopting similar national legislation. The General Data Protection Regulation can be an ideal model for global harmonization of privacy laws, particularly for adoption among industries and willing participants. To benefit from a co-regulatory approach, however, a developing economy would need to invest in education and legal systems in order to capture the benefits of the growing e-commerce market that will undoubtedly be influenced by the General Data …
Equitable Recovery For Ashley Madison Hack Victims: The Federal Trade Commission As Executor Of A Narrow Right To Be Forgotten In The United States, Mackenzie Olson
Equitable Recovery For Ashley Madison Hack Victims: The Federal Trade Commission As Executor Of A Narrow Right To Be Forgotten In The United States, Mackenzie Olson
Washington Journal of Law, Technology & Arts
Events following the Ashley Madison data breach exposed the personal information of millions of users. Victims filed class action suits in multiple courts in the United States, seeking various forms of monetary and equitable relief. However, these plaintiffs have been unable to compel the removal of personal information from third-party Internet sites hosting the information previously circulated by hackers. Citizens of the European Union, by contrast, could likely compel the removal of such personal information. Unlike the United States, the European Union recognizes a “right to be forgotten”, which authorizes individuals to demand the removal of their personal information from …
Location Surveillance By Gps: Balancing An Employer's Business Interest With Employee Privacy, Kendra Rosenberg
Location Surveillance By Gps: Balancing An Employer's Business Interest With Employee Privacy, Kendra Rosenberg
Washington Journal of Law, Technology & Arts
Employers are increasingly using GPS tracking devices as business tools to monitor employee movements. Recent judicial decisions have found an employer’s interest in using location surveillance on employer-owned property generally trumps an employee’s privacy interests. However, employers deciding to use GPS should be aware of the potential limitations on tracking an employee based on state constitutional, statutory, and common law rights to privacy. This Article focuses on the permissible scope of an employer’s use of GPS to track employees in the workplace.
Internet User Anonymity, First Amendment Protections And Mobilisa: Changing The Cahill Test, Kristina Ringland
Internet User Anonymity, First Amendment Protections And Mobilisa: Changing The Cahill Test, Kristina Ringland
Washington Journal of Law, Technology & Arts
The Arizona Court of Appeals recently developed a new test to determine whether an anonymous Internet poster’s identity should be revealed through a subpoena. While the First Amendment protects anonymous speech, this protection does not extend to defamation and other illegal behavior. Courts have balanced these two competing interests—protection of anonymous speech and revelation of a person’s identity via subpoena—by applying varying tests regarding the disclosure of an anonymous poster’s identity. The Arizona Court of Appeals, in Mobilisa, Inc. v. Doe, recently adopted a three-part test that incorporates elements from two, previously distinct lines of cases. This Article explores …
De-Identified Data And Third Party Data Mining: The Risk Of Re-Identification Of Personal Information, C. Christine Porter
De-Identified Data And Third Party Data Mining: The Risk Of Re-Identification Of Personal Information, C. Christine Porter
Washington Journal of Law, Technology & Arts
Recent computer science research demonstrates that anonymized data can sometimes be easily re-identified with particular individuals, despite companies’ attempts to isolate personal information. Netflix and AOL are two examples of companies that released personal data intended to be anonymous but which was reidentified with individual users with the use of very small amounts of auxiliary data. Re-identification of anonymized data may expose companies to increased liability, as the information may no longer be treated as anonymous. In addition, companies may violate their own privacy policies by releasing anonymous information to third parties that can be easily re-identified with individual users. …
Liability For Consumer Information Security Breaches: Deconstructing Ftc Complaints And Settlements, Joel B. Hanson
Liability For Consumer Information Security Breaches: Deconstructing Ftc Complaints And Settlements, Joel B. Hanson
Washington Journal of Law, Technology & Arts
For several years, hackers taking advantage of security holes in the information system of TJX Companies, Inc. stole sensitive credit and debit card information belonging to at least 45.7 million customers. The TJX breach is one of the largest thefts of consumer information in history and is illustrative of the recent wave of security breaches. Private lawsuits against companies that fail to protect consumer information have typically failed. However, the Federal Trade Commission has taken enforcement action against such companies that fail to implement reasonable security measures to protect customers’ personal information. These complaints have resulted in settlement agreements requiring …
No Harm, No Foul: Limits On Damages Awards For Individuals Subject To A Data Breach, Derek A. Bishop
No Harm, No Foul: Limits On Damages Awards For Individuals Subject To A Data Breach, Derek A. Bishop
Washington Journal of Law, Technology & Arts
Recently, TJX, Inc. announced that computer hackers breached several of TJX’s databases containing the driver’s license and credit card numbers of over 47 million customers. Within a month, a class action lawsuit attempting to hold TJX responsible for losing control of this information was filed. In the past, class action lawsuits based on the release of consumer’s personal data have failed because the plaintiffs have not alleged sufficient harms. This article examines legal claims relating to the release of personal data by companies during security breaches. To date, courts have refused to find individuals harmed by the negligent release of …
Data Privacy And Breach Reporting: Compliance With Various State Laws, G. Martin Bingisser
Data Privacy And Breach Reporting: Compliance With Various State Laws, G. Martin Bingisser
Washington Journal of Law, Technology & Arts
This Article discusses state laws requiring notification of a party whose personal information is held by a business or government agency when the third party’s security is breached and an unauthorized person accesses the personal information. In the wake of the 2005 ChoicePoint data breach, over half of the states passed legislation requiring that companies notify the affected parties after breach of personal information. Most of the state statutes followed the model set forth by California’s Security Breach Notification Act of 2002. However, significant variations exist between the different statutes, which can create compliance problems. This Article specifically illustrates the …
Electronic Health Records: Interoperability Challenges Patients' Right To Privacy, Laura Dunlop
Electronic Health Records: Interoperability Challenges Patients' Right To Privacy, Laura Dunlop
Washington Journal of Law, Technology & Arts
President George W. Bush's administration has outlined initial necessary steps to transform the healthcare delivery system through adoption of interoperable electronic health records ("EHRs") by the year 2014. This Article examines the nation's shift toward the use of EHR technology, which largely facilitates patient care by providing clinicians with the ability to review a more complete medical record at the time of treatment. Current legislation calls for financial support and technical standards. However, lawmakers neglect to fully address the Health Insurance Portability and Accountability Act ("HIPAA") and the need to expand its application and enforcement. In addition, healthcare provider Anti-Kickback …
Follow That Car! Legal Issues Arising From Installation Of Tracking Devices In Leased Consumer Goods And Equipment, Leah Altaras
Follow That Car! Legal Issues Arising From Installation Of Tracking Devices In Leased Consumer Goods And Equipment, Leah Altaras
Washington Journal of Law, Technology & Arts
Recent court cases in Connecticut and California have challenged the commercial use of Global Positioning Systems (GPS) for tracking and gathering data about consumers. Specifically, these cases focused on the terms and disclosures contained in automobile rental contracts relating to the use of GPS to monitor the driving patterns of rental car drivers. In response to concerns about consumer privacy, several states have also enacted legislation that addresses the use of tracking technology in the rental car market. This Article examines recent litigation concerning the use of GPS in rental cars and related legislative efforts. Although recent legislation and litigation …
Hiding Evidence From The Boss: Attorney-Client Privilege And Company Computers, Kelcey Nichols
Hiding Evidence From The Boss: Attorney-Client Privilege And Company Computers, Kelcey Nichols
Washington Journal of Law, Technology & Arts
Recent court decisions in In re Asia Global Crossing, Ltd., People v. Jiang, and Curto v. Medical World Communications have held that attorney-client privilege can protect certain information located on an employer-issued computer from disclosure if the employee had a reasonable expectation of privacy. This Article provides a brief background on attorney-client privilege and explores the factors courts consider when determining whether an employee has this reasonable expectation. These factors include the scope of employer monitoring, the employer-employee agreement pertaining to the computer, the presence of password-protection, the location of the computer, and the relevancy of the evidence …
To Serve And Protect: Do Businesses Have A Legal Duty To Protect Collections Of Personal Information?, Derek A. Bishop
To Serve And Protect: Do Businesses Have A Legal Duty To Protect Collections Of Personal Information?, Derek A. Bishop
Washington Journal of Law, Technology & Arts
Commercial, governmental, and nonprofit organizations are more frequently reporting instances of data security breaches. This has, in turn, raised fears of identity theft. In some limited instances, companies that maintain large amounts of personal information—such as credit reporting agencies—have been subject to statutory duties to protect that personal information. In some instances, such legislation has also permitted a private cause of action for breach of these duties. Legislatures have expanded these statutes to encompass, at least to a limited degree, all business entities that collect personal information. Recent precedent indicates that courts may follow this trend by declaring security breaches …
Compliance With California Privacy Laws: Federal Law Also Provides Guidance To Businesses Nationwide, Anthony D. Milewski Jr.
Compliance With California Privacy Laws: Federal Law Also Provides Guidance To Businesses Nationwide, Anthony D. Milewski Jr.
Washington Journal of Law, Technology & Arts
Over the past several years, personal information has been lost or stolen as a result of a series of high profile security breaches. In January 2006, the U.S. Federal Trade Commission announced that ChoicePoint will be required to pay $15 million in fines and penalties for a high profile security breach that occurred in 2005. The ChoicePoint breach and similar events have spurred an explosion of state and federal privacy legislation. In particular, the State of California has taken the lead by enacting the strictest disclosure and security procedure requirements in the country. The implications of California’s new laws can …
Safe Harbor Agreement—Boon Or Bane?, Sylvia Mercado Kierkegaard
Safe Harbor Agreement—Boon Or Bane?, Sylvia Mercado Kierkegaard
Washington Journal of Law, Technology & Arts
U.S. businesses that handle personal information about individuals living in European Union countries should be aware that, as a general rule, it is unlawful for them to transfer that data out of the European Union to the United States. Exceptions to this general prohibition apply in specified circumstances, that is, where there is consent to the transfer or where there is some assurance that U.S. businesses will comply with the transfers requirements of EU privacy laws when handling that information. These restrictions apply to U.S. businesses that have employees or customers in EU countries, as well as U.S. businesses that …