Privacy Law Commons^™

Do Not Touch My Data: Exploring A Disclosure-Based Framework To Address Data Access, Francis Morency

Washington and Lee Journal of Civil Rights and Social Justice

Companies have too much control over people’s information. In the data marketplace, companies package and sell individuals’ data, and these individuals have little to no bargaining power over the process. Companies may freely buy and sell people’s data in the private sector for targeted marketing and behavior manipulation. In the justice system, an unchecked data marketplace leaves black and brown communities vulnerable to serious data access issues caused by predictive sentencing, for example. Risk assessment algorithms in predictive sentencing rely on data on individuals and run all relevant data points to provide the likelihood that a defendant will recidivate low …

Big Data, Both Friend And Foe: The Intersection Of Privacy And Trade On The Transatlantic Stage, Gabrielle C. Craft

University of Miami International and Comparative Law Review

This Note analyzes the data privacy protection initiatives implemented by the European Union and the United States and their effects on international trade. As technology develops, the feasibility of data collection increases, allowing for the collecting of inconceivable amounts of data information. Consequently, this data includes personal information, thus implicating privacy concerns and the need for data privacy protection regulations. Data privacy focuses on the use and governance of personal data and how the data is gathered, collected, and stored. In 2018, the European Union enacted the General Data Protection Regulation (GDPR), which sets out highly stringent standards for how …

Responding To Deficiencies In The Architecture Of Privacy: Co-Regulation As The Path Forward For Data Protection On Social Networking Sites, Laurent Cre ́Peau

Canadian Journal of Law and Technology

Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. …

Data Privacy Issues In West Virginia And Beyond: A Comprehensive Overview, Jena Martin

Consumer Law Scholarship

This white paper was commissioned by the Center for Consumer Law and Education, a joint initiative launched by West Virginia University and Marshall University to “coordinate the development of consumer law, policy, and education research to support and serve consumers.”

As such, this paper has a dual purpose. First, it provides a comprehensive overview of the many different legal issues that affect data privacy concerns (both nationally and in West Virginia). Second, it documents and discusses the result of a survey and specific focus groups that were undertaken throughout the fall of 2019 into January 2020 where individuals within the …

The Right To Contest Ai, Margot E. Kaminski, Jennifer M. Urban

Publications

Artificial intelligence (AI) is increasingly used to make important decisions, from university admissions selections to loan determinations to the distribution of COVID-19 vaccines. These uses of AI raise a host of concerns about discrimination, accuracy, fairness, and accountability.

In the United States, recent proposals for regulating AI focus largely on ex ante and systemic governance. This Article argues instead—or really, in addition—for an individual right to contest AI decisions, modeled on due process but adapted for the digital age. The European Union, in fact, recognizes such a right, and a growing number of institutions around the world now call for …

"Slack" In The Data Age, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

This Article examines how increasingly ubiquitous data and information affect the role of “slack” in the law. Slack is the informal latitude to break the law without sanction. Pockets of slack exist for various reasons, including information imperfections, enforcement resource constraints, deliberate nonenforcement of problematic laws, politics, biases, and luck. Slack is important in allowing flexibility and forbearance in the legal system, but it also risks enabling selective and uneven enforcement. Increasingly available data is now upending slack, causing it to contract and exacerbating the risks of unfair enforcement.

This Article delineates the various contexts in which slack arises and …

Global Privacy Concerns Of Facial Recognition Big Data, Myranda Westbrook

Honors Theses

Facial recognition technology is a system of automatic acknowledgement that recognizes individuals by categorizing specific features of their facial structure to link the scanned information to stored data. Within the past few decades facial recognition technology has been implemented on a large scale to increase the security measures needed to access personal information. This has been specifically used in surveillance systems, social media platforms, and mobile device access control. The extensive use of facial recognition systems has created challenges as it relates to biometric information control and privacy concerns. This concern raises the cost and benefit analysis of an individual’s …

A New Compact For Sexual Privacy, Danielle K. Citron

Faculty Scholarship

Intimate life is under constant surveillance. Firms track people’s periods, hot flashes, abortions, sexual assaults, sex toy use, sexual fantasies, and nude photos. Individuals hardly appreciate the extent of the monitoring, and even if they did, little can be done to curtail it. What is big business for firms is a big risk for individuals. The handling of intimate data undermines the values that sexual privacy secures—autonomy, dignity, intimacy, and equality. It can imperil people’s job, housing, insurance, and other crucial opportunities. More often, women and minorities shoulder a disproportionate amount of the burden.

Privacy law is failing us. Our …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Moving On From The Ombuds Model For Data Protection In Canada, Teresa Scassa

Canadian Journal of Law and Technology

Both the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act adopt an ombuds model when it comes to addressing complaints by members of the public. This model is also present in other data protection laws, including public sector data protection laws at the provincial level, as well as personal health information protection legislation. The focus of this short paper is the model adopted in PIPEDA and its ongoing suitability. PIPEDA was designed to apply across the full range of private sector actors and is increasingly under strain in the big data society. These factors may make …

The Ironic Privacy Act, Margaret Hu

Scholarly Articles

This Article contends that the Privacy Act of 1974, a law intended to engender trust in government records, can be implemented in a way that inverts its intent. Specifically, pursuant to the Privacy Act's reporting requirements, in September 2017, the U.S. Department of Homeland Security (DHS) notified the public that record systems would be modified to encompass the collection of social media data. The notification justified the collection of social media data as a part of national security screening and immigration vetting procedures. However, the collection will encompass social media data on both citizens and noncitizens, and was not explicitly …

Hardware, Heartware, Or Nightmare: Smart-City Technology And The Concomitant Erosion Of Privacy, Leila Lawlor

Scholarly Articles

Smart-city technology is being adopted in cities all around the world to simplify our lives, save us time, ease traffic, improve education, reduce energy usage, and keep us healthy and safe. Its adoption is necessary because of changes that are predicted for urban dwellers over the next three decades; urban population and travel are predicted to increase dramatically and our population is graying, meaning the population will include a much greater number of elderly citizens. As these changes occur, smart-city technology can have a huge impact on public safety, improving the ability of law enforcement to investigate crimes, both with …

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …

Privacy In The Age Of Medical Big Data, W. Nicholson Price Ii, I. Glenn Cohen

Articles

Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has promised to revolutionize medical practice from the allocation of resources to the diagnosis of complex diseases. But with big data comes big risks and challenges, among them significant questions about patient privacy. Here, we outline the legal and ethical challenges big data brings to patient privacy. We discuss, among other topics, how best to conceive of health privacy; the importance of equity, consent, and patient governance in data collection; discrimination in data uses; and how to handle …

The Promises And Perils Of Using Big Data To Regulate Nonprofits, Lloyd Histoshi Mayer

Journal Articles

For the optimist, government use of “Big Data” involves the careful collection of information from numerous sources. The government then engages in expert analysis of those data to reveal previously undiscovered patterns. Discovering patterns revolutionizes the regulation of criminal behavior, education, health care, and many other areas. For the pessimist, government use of Big Data involves the haphazard seizure of information to generate massive databases. Those databases render privacy an illusion and result in arbitrary and discriminatory computer-generated decisions. The reality is, of course, more complicated. On one hand, government use of Big Data may lead to greater efficiency, effectiveness, …

Pii In Context: Video Privacy And A Factor-Based Test For Assessing Personal Information, Daniel L. Macioce Jr.

Pepperdine Law Review

As a central concept in American information privacy law, personally identifiable information (PII) plays a critical role in determining whether a privacy violation has occurred. Under the Video Privacy Protection Act of 1988 (VPPA), PII “includes information which identifies a person as having requested or obtained specific video materials or services.” Despite the clarity that these words may have when the Statute was enacted, the line separating PII from non-PII in the context of streaming video is not easily drawn, in part due to the prevalence of behavior tracking technologies and the emergence of “big data” analytics. The First Circuit, …

Bulk Biometric Metadata Collection, Margaret Hu

Scholarly Articles

Smart police body cameras and smart glasses worn by law enforcement increasingly reflect state-of-the-art surveillance technology, such as the integration of live-streaming video with facial recognition and artificial intelligence tools, including automated analytics. This Article explores how these emerging cybersurveillance technologies risk the potential for bulk biometric metadata collection. Such collection is likely to fall outside the scope of the types of bulk metadata collection protections regulated by the USA FREEDOM Act of 2015. The USA FREEDOM Act was intended to bring the practice of bulk telephony metadata collection conducted by the National Security Agency (“NSA”) under tighter regulation. In …

Fourth Amendment Anxiety, Stephen E. Henderson, Kiel Brennan-Marquez

Stephen E Henderson

A Comment On Privacy And Accountability In Black-Box Medicine, Carl E. Schneider

Michigan Telecommunications & Technology Law Review

Human institutions and activities cannot avoid failures. Anxiety about them often provokes governments to try to prevent those failures. When that anxiety is vivid and urgent, government may do so without carefully asking whether regulation’s costs justify their benefits. Privacy and Accountability in Black Box Medicine admirably labors to bring discipline and rationality to thinking about an important development — the rise of “black-box medicine” — before it causes injuries regulation should have prevented and before it is impaired by improvident regulation. That is, Privacy and Accountability weighs the costs against the benefits of various forms of regulation across the …

Privacy By Design: Taking Ctrl Of Big Data, Eric Everson

Cleveland State Law Review

The concept of Privacy by Design is rooted in systems engineering. Yet, it is the legal framework of global privacy that gives new color to this concept as applied to Big Data. Increasingly, the long arm of the law is reaching into Big Data, but it is not simply by matter of regulatory enforcement or civil legal developments that Privacy by Design (PbD) is being thrust into the spotlight once more.

Given that Big Data is considered miniscule in contrast to future data environments, PbD is simply the right thing to do. This paper aims to explore the origin of …

Major League Baseball Players, Big Data, And The Right To Know: The Duty Of Major League Baseball Teams To Disclose Health Modeling Analysis To Their Players, Michael Hattery

Marquette Sports Law Review

None

From The National Surveillance State To The Cybersurveillance State, Margaret Hu

Scholarly Articles

This article anchors the phenomenon of bureaucratized cybersurveillance around the concept of the National Surveillance State, a theory attributed to Professor Jack Balkin of Yale Law School and Professor Sanford Levinson of the University of Texas School of Law. Pursuant to the theory of the National Surveillance State, because of the routinized and administrative nature of government-led surveillance, normalized mass surveillance is viewed as justified under crime and counterterrorism policy rationales. This article contends that the Cybersurveillance State is the successor to the National Surveillance State. The Cybersurveillance State harnesses technologies that fuse biometric and biographic data for risk assessment, …

Substantiating Big Data In Health Care, Nathan Cortez

Faculty Journal Articles and Book Chapters

Predictive analytics and "big data" are emerging as important new tools for diagnosing and treating patients. But as data collection becomes more pervasive, and as machine learning and analytical methods become more sophisticated, the companies that traffic in health-related big data will face competitive pressures to make more aggressive claims regarding what their programs can predict. Already, patients, practitioners, and payors are inundated with claims that software programs, "apps," and other forms of predictive analytics can help solve some of the health care system's most pressing problems. This article considers the evidence and substantiation that we should require of these …

The Use Of Big Data Analytics By The Irs: Efficient Solutions Or The End Of Privacy As We Know It?, Kimberly A. Houser, Debra Sanders

Vanderbilt Journal of Entertainment & Technology Law

This Article examines the privacy issues resulting from the IRS's big data analytics program as well as the potential violations of federal law. Although historically, the IRS chose tax returns to audit based on internal mathematical mistakes or mismatches with third party reports (such as W-2s), the IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This Article argues that current IRS practices, mostly unknown to the general public are violating fair information practices. This lack of transparency and accountability …

Privacy, Poverty, And Big Data: A Matrix Of Vulnerabilities For Poor Americans, Mary Madden, Michele E. Gilman, Karen Levy, Alice Marwick

All Faculty Scholarship

This Article examines the matrix of vulnerabilities that low-income people face as a result of the collection and aggregation of big data and the application of predictive analytics. On one hand, big data systems could reverse growing economic inequality by expanding access to opportunities for low-income people. On the other hand, big data could widen economic gaps by making it possible to prey on low-income people or to exclude them from opportunities due to biases entrenched in algorithmic decision-making tools. New kinds of “networked privacy” harms, in which users are simultaneously held liable for their own behavior and the actions …

Litigating In The 21st Century: Amending Challenges For Cause In Light Of Big Data, Andrew Kasabian

Pepperdine Law Review

The amount of data generated daily is growing exponentially. The majority of this data is unstructured data. Big Data analytics provides the capability to analyze sets of unrelated data to find hidden and meaningful correlations and predict an individual’s future actions. Therefore, Big Data can alter trial preparation by opening up new sets of information for lawyers to analyze in the jury selection process. Privacy concerns may follow Big Data’s incorporation because Big Data aggregates an individual’s information and predicts future actions. This Comment details how Big Data will provide a net benefit to trial preparation. In order to protect …

Small Data Surveillance V. Big Data Cybersurveillance, Margaret Hu

Margaret Hu

This Article highlights some of the critical distinctions between small data surveillance and big data cybersurveillance as methods of intelligence gathering. Specifically, in the intelligence context, it appears that “collect-it-all” tools in a big data world can now potentially facilitate the construction, by the intelligence community, of other individuals' digital avatars. The digital avatar can be understood as a virtual representation of our digital selves and may serve as a potential proxy for an actual person. This construction may be enabled through processes such as the data fusion of biometric and biographic data, or the digital data fusion of the …

Privacy And Accountability In Black-Box Medicine, Roger Allan Ford, W. Nicholson Price Ii

Michigan Telecommunications & Technology Law Review

Black-box medicine—the use of big data and sophisticated machine-learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, …

Big Data And The Fourth Estate: Protecting The Development Of News Media Monitoring Databases, Joseph A. Tomain

Articles by Maurer Faculty

No abstract provided.

When The Default Is No Penalty: Negotiating Privacy At The Ntia, Margot E. Kaminski

Publications

Consumer privacy protection is largely within the purview of the Federal Trade Commission. In recent years, however, the National Telecommunications and Information Administration (NTIA) at the Department of Commerce has hosted multistakeholder negotiations on consumer privacy issues. The NTIA process has addressed mobile apps, facial recognition, and most recently, drones. It is meant to serve as a venue for industry self-regulation. Drawing on the literature on co-regulation and on penalty defaults, I suggest that the NTIA process struggles to successfully extract industry expertise and participation against a dearth of federal data privacy law and enforcement. This problem is most exacerbated …