Privacy Law Commons^™

Privacy Nicks: How The Law Normalizes Surveillance, Woodrow Hartzog, Evan Selinger, Johanna Gunawan

Faculty Scholarship

Privacy law is failing to protect individuals from being watched and exposed, despite stronger surveillance and data protection rules. The problem is that our rules look to social norms to set thresholds for privacy violations, but people can get used to being observed. In this article, we argue that by ignoring de minimis privacy encroachments, the law is complicit in normalizing surveillance. Privacy law helps acclimate people to being watched by ignoring smaller, more frequent, and more mundane privacy diminutions. We call these reductions “privacy nicks,” like the proverbial “thousand cuts” that lead to death.

Privacy nicks come from the …

“Take Your Pictures, Leave Your (Digital) Footprints”: Increasing Privacy Protections For Children On Social Media, Kodie Mcginley

Golden Gate University Law Review

As the digital sphere becomes more prevalent in people’s lives, Congress has tried to keep up. First created in 1998, the Children’s Online Privacy Protection Act (COPPA) requires operators of websites directed at children to obtain consent from parents before collecting any personal information from children. COPPA also requires that operators take reasonable measures to protect the confidentiality of any personal information collected about children. Although COPPA has helped regulate online spaces, its focus is on regulating websites that collect personal information directly from children. This focus leaves a gap in the law that ignores personal data shared on social …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Privacy Harm And Non-Compliance From A Legal Perspective, Suvineetha Herath, Haywood Gelman, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, …

Privacy And National Politics: Fingerprint And Dna Litigation In Japan And The United States Compared, Dongsheng Zang

Pace Law Review

No abstract provided.

Table Of Contents, Seattle University Law Review

Seattle University Law Review

Table of Contents

Confronting Carpenter: Rethinking The Third-Party Doctrine And Location Information, Charlie Brownstein

Fordham Law Review

The third-party doctrine enables law enforcement officers to obtain personal information shared with third parties without a warrant. In an era of highly accessible technology, individuals’ location information is consistently being transmitted to third parties. Due to the third-party doctrine, this shared information has been available to law enforcement, without the individual knowing or having an opportunity to challenge this availability. Law enforcement has utilized this doctrine to obtain comprehensive information regarding individuals’ whereabouts over long periods of time.

The U.S. Supreme Court recently limited the reach of the third-party doctrine regarding location data held by cellphone providers. However, this …

Twenty Years After Krieger V Law Society Of Alberta: Law Society Discipline Of Crown Prosecutors And Government Lawyers, Andrew Flavelle Martin

Articles, Book Chapters, & Popular Press

Krieger v. Law Society of Alberta held that provincial and territorial law societies have disciplinary jurisdiction over Crown prosecutors for conduct outside of prosecutorial discretion. The reasoning in Krieger would also apply to government lawyers. The apparent consensus is that law societies rarely exercise that jurisdiction. But in those rare instances, what conduct do Canadian law societies discipline Crown prosecutors and government lawyers for? In this article, I canvass reported disciplinary decisions to demonstrate that, while law societies sometimes discipline Crown prosecutors for violations unique to those lawyers, they often do so for violations applicable to all lawyers — particularly …

The Eyes Beyond The Screen: Digital Media Policy And Child Health, Yahia Al-Qudah

Research Symposium

Background: Modern communication technology and digital media have provided society with a foundation for instant messaging. Pictures, videos, and texts connect individuals with families, friends, and the world. Consequently, digital media has accelerated exposure to risk in which children and adolescents are most vulnerable. This project’s objective is to 1) congregate and highlight current knowledge about the impact of digital media on child health, and 2) underline deficiencies in related laws and regulations as well as offer solutions in digital media policy.

Methods: A systematic literature review was conducted through the JAMA Pediatrics database with keywords such as “digital media,” …

Keep Your Fingerprints To Yourself: New York Needs A Biometric Privacy Law, Brendan Mcnerney

St. John's Law Review

(Excerpt)

Imagine walking into a store, picking something up, and just walking out. No longer is this shoplifting, it is legal. In 2016, Amazon introduced their “Just Walk Out” technology in Seattle. “Just Walk Out” uses cameras located throughout the store to monitor shoppers, document what they pick up, and automatically charge that shoppers’ Amazon account when they leave the store. Recently, Amazon started selling “Just Walk Out” technology to other retailers. Since then, retailers have become increasingly interested in collecting and using customers’ “biometric identifiers and information.” Generally, “biometrics” is used to refer to “measurable human biological and behavioral …

Accept All Cookies: Opting-In To A Comprehensive Federal Data Privacy Framework And Opting-Out Of A Disparate State Regulatory Regime, Lauren A. Di Lella

Villanova Law Review

No abstract provided.

Battling Baby Brokers: A Comparative Analysis Of The United States’ Versus Europe’S Adoption Policies, Amanda P. Gonzales

Brooklyn Journal of International Law

Child adoption involves the permanent transfer of parental rights from a child’s biological or legal parents to another party. Parties in the Unites States (US) have engaged in this process in various forms for centuries. Today, over one hundred thousand children are adopted by American families each year. Many of these adoptions take place privately through agencies. An agency assists in the process of matching prospective adoptive parents with birth parents from whom they will adopt a child. In exchange for this assistance, the prospective adoptive parents pay tens of thousands of dollars in fees and expenses to the agency …

Deep Dive Into Deepfakes—Safeguarding Our Digital Identity, Yi Yan

Brooklyn Journal of International Law

Deepfake technology is becoming increasingly sophisticated, and with it, the potential to pose a significant threat to the digital community, democratic institutions, and private individuals. With the creation of highly convincing but entirely fabricated audio, video, and images, there is a pressing need for the international community to address the vulnerabilities posed by deepfake technology in the current legal landscape through unambiguous legislation. This Note explores the ethical, legal, and social implications of deepfakes, including issues of privacy, identity theft, and political manipulation. It also reviews existing international legal frameworks, i.e., the Convention on Cybercrime (“Budapest Convention”) and proposes a …

Complying With New And Existing Biometric Data Privacy Laws, Ariel Latzer

The Journal of Business, Entrepreneurship & the Law

After providing an overview of the history behind biometric information, this article will discuss the Illinois Biometric Privacy Act (BIPA)—which laid the foundation for biometric privacy regulations in the United States—and then discuss the California Consumer Privacy Act (CCPA) and its amendments in the California Privacy Rights Act (CPRA). It will also briefly touch on biometric information regulations in other states and then delve into how some notable companies are currently using individuals’ biometric information to give readers a general idea of what is happening to their personal information and highlight areas businesses should take note of in order to …

Encouraging Public Access To Pharmaceuticals Through Modified Protection Of Clinical Trial Data, Scott M. Nolan Ii

IP Theory

Part I of this Article investigates the development of pharmaceuticals and clinical trial data with a focus on patent and data protection. Part II evaluates the effects of protection and the challenges it poses to widespread public pharmaceutical access. Part III discusses two scholarly approaches to the public access issue that focus on clinical data protection and their associated challenges. In light of these scholarly works, Part IV suggests a new approach to clinical trial data protection that aims to improve public pharmaceutical access while maintaining the incentives to invent for drug developers.

The United States Should Take A Page Out Of Canadian Law When It Comes To Privacy, Genetic And Otherwise, Ashley Rahaim

University of Miami Inter-American Law Review

Genetic information is intimate and telling data warranting privacy in public and private realms. The privacy protections offered in the United States and Canada vastly differ when it comes to genetic privacy. Search and seizure law mirrors the privacy gap in the countries, as well as their treatment of DNA database information.

This note explores the foreshadowing of the creation of genetic privacy laws and their varying levels of protection based on the way private information was treated by state actors through search and seizure caselaw, the creation of legal precedent, and the treatment of intimate personal data in the …

National Telecommunications And Information Administration: Comments From Researchers At Boston University And The University Of Chicago, Ran Canetti, Aloni Cohen, Chris Conley, Mark Crovella, Stacey Dogan, Marco Gaboardi, Woodrow Hartzog, Rory Van Loo, Christopher Robertson, Katharine B. Silbaugh

Faculty Scholarship

These comments were composed by an interdisciplinary group of legal, computer science, and data science faculty and researchers at Boston University and the University of Chicago. This group collaborates on research projects that grapple with the legal, policy, and ethical implications of the use of algorithms and digital innovation in general, and more specifically regarding the use of online platforms, machine learning algorithms for classification, prediction, and decision making, and generative AI. Specific areas of expertise include the functionality and impact of recommendation systems; the development of Privacy Enhancing Technologies (PETs) and their relationship to privacy and data security laws; …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Opaque Notification: A Country-By-Country Review, Lauren Mantel

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Disinformation And The Defamation Renaissance: A Misleading Promise Of “Truth”, Lili Levi

University of Richmond Law Review

Today, defamation litigation is experiencing a renaissance, with progressives and conservatives, public officials and celebrities, corporations and high school students all heading to the courthouse to use libel lawsuits as a social and political fix. Many of these suits reflect a powerful new rhetoric—reframing the goal of defamation law as fighting disinformation. Appeals to the need to combat falsity in public discourse have fueled efforts to reverse the Supreme Court’s press–protective constitutional limits on defamation law under the New York Times v. Sullivan framework. The anti–disinformation frame could tip the scales and generate a majority on the Court to dismantle …