Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 10 of 10
Full-Text Articles in Privacy Law
Legislating Data Loyalty, Woodrow Hartzog, Neil Richards
Legislating Data Loyalty, Woodrow Hartzog, Neil Richards
Faculty Scholarship
Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.
In this short Essay, we propose a model for legislating data loyalty. Our …
The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards
The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards
Faculty Scholarship
Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …
What Is Privacy? That’S The Wrong Question, Woodrow Hartzog
What Is Privacy? That’S The Wrong Question, Woodrow Hartzog
Faculty Scholarship
Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”
In this short essay reflecting upon Solove’s impact on the modern study of information privacy, I argue that the chaos and futility of competing conceptualizations of privacy is why Solove’s …
The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson
The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson
Faculty Scholarship
Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …
A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog
A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog
Faculty Scholarship
Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.
Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …
Privacy's Constitutional Moment And The Limits Of Data Protection, Woodrow Hartzog, Neil M. Richards
Privacy's Constitutional Moment And The Limits Of Data Protection, Woodrow Hartzog, Neil M. Richards
Faculty Scholarship
America’s privacy bill has come due. Since the dawn of the Internet, Congress has repeatedly failed to build a robust identity for American privacy law. But now both California and the European Union have forced Congress’s hand by passing the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). These data protection frameworks, structured around principles for Fair Information Processing called the “FIPs,” have industry and privacy advocates alike clamoring for a “U.S. GDPR.” States seemed poised to blanket the country with FIP-based laws if Congress fails to act. The United States is thus in the midst …
Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans
Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans
Faculty Scholarship
What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …
The Pathologies Of Digital Consent, Neil M. Richards, Woodrow Hartzog
The Pathologies Of Digital Consent, Neil M. Richards, Woodrow Hartzog
Faculty Scholarship
Consent permeates both our law and our lives — especially in the digital context. Consent is the foundation of the relationships we have with search engines, social networks, commercial web sites, and any one of the dozens of other digitally mediated businesses we interact with regularly. We are frequently asked to consent to terms of service, privacy notices, the use of cookies, and so many other commercial practices. Consent is important, but it’s possible to have too much of a good thing. As a number of scholars have documented, while consent models permeate the digital consumer landscape, the practical conditions …
Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg
Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg
Faculty Scholarship
To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …
The Case Against Idealising Control, Woodrow Hartzog
The Case Against Idealising Control, Woodrow Hartzog
Faculty Scholarship
Seemingly everyone, from scholars, industry, and privacy advocates to lawmakers, regulators, and judges seems to have settled on the idea that the key to privacy is control over personal information. But in practice, there is only so much a person can do. Control is far too precious and finite of a concept to meaningfully scale. It will never work for personal data mediated by technology.
Now we have an entire empire of data protection built around the crumbling edifice of control. The idealisation of control in modern data protection regimes like the GDPR and the ePrivacy Directive creates a pursuit …