Privacy Law Commons^™

The Trade Origins Of Privacy Law, Anupam Chander

Georgetown Law Faculty Publications and Other Works

The desire for trade propelled the growth of data privacy law across the world. Countries with strong privacy laws sought to ensure that their citizens’ privacy would not be compromised when their data traveled to other countries. Even before this vaunted Brussels Effect pushed privacy law across the world through the enticement of trade with the European Union, Brussels had to erect privacy law within the Union itself. And as the Union itself expanded, privacy law was a critical condition for accession.

But this coupling of privacy and trade leaves a puzzle: how did the U.S. avoid a comprehensive privacy …

Data Privacy In The Time Of Plague, Cason Schmit, Brian N. Larson, Hye-Chung Kum

Faculty Scholarship

Data privacy is a life-or-death matter for public health. Beginning in late fall 2019, two series of events unfolded, one everyone talked about and one hardly anyone noticed: The greatest world-health crisis in at least 100 years, the COVID-19 pandemic; and the development of the Personal Data Protection Act Committee by the Uniform Law Commissioners (ULC) in the United States. By July 2021, each of these stories had reached a turning point. In the developed, Western world, most people who wanted to receive the vaccine against COVID- 19 could do so. Meanwhile, the ULC adopted the Uniform Personal Data Protection …

Race And Regulation Podcast Episode 5 - Racial Equity And Data Privacy, Anita L. Allen

Penn Program on Regulation Podcasts

In this episode, Anita Allen, an internationally renowned expert on the philosophical dimensions of privacy and data protection law, reveals how race-neutral privacy laws in the U.S. have failed to address the unequal burdens faced online by Black Americans, whose personal data are used in racially discriminatory ways. Professor Allen articulates what she terms an African American Online Equity Agenda to guide the development of race-conscious privacy regulations that can better promote racial justice in the modern digital economy.

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

Data Privacy, Human Rights, And Algorithmic Opacity, Sylvia Lu

Fellow, Adjunct, Lecturer, and Research Scholar Works

Decades ago, it was difficult to imagine a reality in which artificial intelligence (AI) could penetrate every corner of our lives to monitor our innermost selves for commercial interests. Within just a few decades, the private sector has seen a wild proliferation of AI systems, many of which are more powerful and penetrating than anticipated. In many cases, AI systems have become “the power behind the throne,” tracking user activities and making fateful decisions through predictive analysis of personal information. Despite the growing power of AI, proprietary algorithmic systems can be technically complex, legally claimed as trade secrets, and managerially …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

The Surprising Virtues Of Data Loyalty, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

Lawmakers in the United States and Europe are seriously considering imposing duties of data loyalty that implement ideas from privacy law scholarship, but critics claim such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues. Loyalty, it turns out, can support collective well-being by embracing privacy’s relational turn; it can be a powerful state of mind for reenergizing privacy reform; it prioritizes human values rather than potentially empty formalism; and it offers solutions that are flexible and clear rather than …

Meaningful Choice: A History Of Consent And Alternatives To The Consent Myth, Charlotte A. Tschider

Faculty Publications & Other Works

Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing …

Ai's Legitimate Interest: Towards A Public Benefit Privacy Model, Charlotte A. Tschider

Faculty Publications & Other Works

Health data uses are on the rise. Increasingly more often, data are used for a variety of operational, diagnostic, and technical uses, as in the Internet of Health Things. Never has quality data been more necessary: large data stores now power the most advanced artificial intelligence applications, applications that may enable early diagnosis of chronic diseases and enable personalized medical treatment. These data, both personally identifiable and de-identified, have the potential to dramatically improve the quality, effectiveness, and safety of artificial intelligence.

Existing privacy laws do not 1) effectively protect the privacy interests of individuals and 2) provide the flexibility …

Catalyzing Privacy Law, Anupam Chander, Margot E. Kaminski, William Mcgeveran

Publications

The United States famously lacks a comprehensive federal data privacy law. In the past year, however, over half the states have proposed broad privacy bills or have established task forces to propose possible privacy legislation. Meanwhile, congressional committees are holding hearings on multiple privacy bills. What is catalyzing this legislative momentum? Some believe that Europe’s General Data Protection Regulation (GDPR), which came into force in 2018, is the driving factor. But with the California Consumer Privacy Act (CCPA) which took effect in January 2020, California has emerged as an alternate contender in the race to set the new standard for …

What Is Privacy? That’S The Wrong Question, Woodrow Hartzog

Faculty Scholarship

Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”

In this short essay reflecting upon Solove’s impact on the modern study of information privacy, I argue that the chaos and futility of competing conceptualizations of privacy is why Solove’s …

"Slack" In The Data Age, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

This Article examines how increasingly ubiquitous data and information affect the role of “slack” in the law. Slack is the informal latitude to break the law without sanction. Pockets of slack exist for various reasons, including information imperfections, enforcement resource constraints, deliberate nonenforcement of problematic laws, politics, biases, and luck. Slack is important in allowing flexibility and forbearance in the legal system, but it also risks enabling selective and uneven enforcement. Increasingly available data is now upending slack, causing it to contract and exacerbating the risks of unfair enforcement.

This Article delineates the various contexts in which slack arises and …

Stealing (Identity) From The Poor, Sara S. Greene

Faculty Scholarship

The law of data breaches is new, dynamic, and evolving. The number and complexity of breaches increases each year and legal scholars, courts, and policymakers scramble to respond. In 2019, 14.4 million consumers became victims of identity theft, the most problematic consequence of data breaches for consumers. Indeed, one-third of all Americans have experienced identity theft at some point in their lives. Yet despite low-income groups comprising at least thirty percent of all identity theft victims, existing discourse and debate on the regulatory regime governing data breaches and identity theft primarily reflects the experiences and concerns of middle- and high-income …

The Covid-19 Pandemic And The Technology Trust Gap, Johanna Gunawan, David Choffnes, Woodrow Hartzog, Christo Wilson

Faculty Scholarship

Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment. Why weren’t these efforts more effective? This Essay argues that industry and government efforts to leverage technology were doomed to fail because tech platforms have failed over the past few decades to make their tools trustworthy, and lawmakers have done little to hold these companies accountable. People cannot trust the interfaces they interact with, the devices they use, and the systems that power tech …

A Duty Of Loyalty For Privacy Law, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Data privacy law fails to stop companies from engaging in self-serving, opportunistic behavior at the expense of those who trust them with their data. This is a problem. Modern tech companies are so entrenched in our lives and have so much control over what we see and click that the self-dealing exploitation of people has become a major element of the internet’s business model.

Academics and policymakers have recently proposed a possible solution: require those entrusted with people’s data and online experiences to be loyal to those who trust them. But many have concerns about a duty of loyalty. What, …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Privacy's Constitutional Moment And The Limits Of Data Protection, Woodrow Hartzog, Neil M. Richards

Faculty Scholarship

America’s privacy bill has come due. Since the dawn of the Internet, Congress has repeatedly failed to build a robust identity for American privacy law. But now both California and the European Union have forced Congress’s hand by passing the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). These data protection frameworks, structured around principles for Fair Information Processing called the “FIPs,” have industry and privacy advocates alike clamoring for a “U.S. GDPR.” States seemed poised to blanket the country with FIP-based laws if Congress fails to act. The United States is thus in the midst …

Ethics, Ai, Mass Data And Pandemic Challenges: Responsible Data Use And Infrastructure Application For Surveillance And Pre-Emptive Tracing Post-Crisis, Mark Findlay, Jia Yuan Loke, Nydia Remolina Leon, Yum Yin, Benjamin (Tan Renyan) Tham

Research Collection Yong Pung How School Of Law

As the COVID-19 health pandemic rages governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have the capacity to amass personal data and share for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside such times of real and present danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission, this paper argues that this infrastructure …

Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans

Faculty Scholarship

What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …

A Recent Renaissance In Privacy Law, Margot Kaminski

Publications

Considering the recent increased attention to privacy law issues amid the typically slow pace of legal change.

Open Banking: Regulatory Challenges For A New Form Of Financial Intermediation In A Data-Driven World, Nydia Remolina

Centre for AI & Data Governance

Data has taken immense importance in the last years. Consider the amount of data that is being collected worldwide every day, industries are reshaping their activities into a data-driven business. The digital transformation of all industries, portent of the fourth industrial revolution, is creating a new kind of economy based on the datafication of almost any aspect of human social, political and economic activity as a result of the information generated by the numerous daily routines of digitally connected individuals and technology. The financial services industry is part of this trend. Embracing the digital revolution and creating the right foundations …

When Data Comes Home: Next Steps In International Taxation’S Information Revolution, Shu-Yi Oei, Diane M. Ring

Faculty Scholarship

Over the last decade, there has been a revolution in cross-border tax information exchange and reporting. While this dramatic shift was the product of multiple forces and events, a fundamental reality is that politics, technology, and law intersected to drive the shift to the point where nation-states will now transmit and receive from each other significant ongoing flows of taxpayer information. States can now expect to accumulate large stashes of data on cross-border income, assets, and activities on a scale and level of comprehensiveness unmatched by previous information exchange regimes.

This article examines the pressing follow-up question of how this …

Introducing The Global Data Privacy Prize, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

If The Legislature Had Been Serious About Data Privacy..., Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Pathologies Of Digital Consent, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Consent permeates both our law and our lives — especially in the digital context. Consent is the foundation of the relationships we have with search engines, social networks, commercial web sites, and any one of the dozens of other digitally mediated businesses we interact with regularly. We are frequently asked to consent to terms of service, privacy notices, the use of cookies, and so many other commercial practices. Consent is important, but it’s possible to have too much of a good thing. As a number of scholars have documented, while consent models permeate the digital consumer landscape, the practical conditions …

Protecting Consumers' Personal Data In The Digital World: Challenges And Changes, Man Yip

Research Collection Yong Pung How School Of Law

At the Personal Data Protection Seminar 2017, Dr Yaacob Ibrahim, Minister for Communications and Information, said that Singapore must “aspire towards a high standard of data protection that strengthens trust with the public, gives confidence to customers whose data is collected and used, while providing an environment for companies to thrive in the digital economy”.

Protecting Consumers' Personal Data In The Digital World: Challenges And Changes, Man Yip

Research Collection Yong Pung How School Of Law

At the Personal Data Protection Seminar 2017, Dr Yaacob Ibrahim, Minister for Communications and Information, said that Singapore must “aspire towards a high standard of data protection that strengthens trust with the public, gives confidence to customers whose data is collected and used, while providing an environment for companies to thrive in the digital economy”.

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

Tactful Inattention: Erving Goffman, Privacy In The Digital Age, And The Virtue Of Averting One's Eyes, Elizabeth De Armond

All Faculty Scholarship

No abstract provided.

Expanding The Artificial Intelligence-Data Protection Debate, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.