Privacy Law Commons^™

Privacy Nicks: How The Law Normalizes Surveillance, Woodrow Hartzog, Evan Selinger, Johanna Gunawan

Faculty Scholarship

Privacy law is failing to protect individuals from being watched and exposed, despite stronger surveillance and data protection rules. The problem is that our rules look to social norms to set thresholds for privacy violations, but people can get used to being observed. In this article, we argue that by ignoring de minimis privacy encroachments, the law is complicit in normalizing surveillance. Privacy law helps acclimate people to being watched by ignoring smaller, more frequent, and more mundane privacy diminutions. We call these reductions “privacy nicks,” like the proverbial “thousand cuts” that lead to death.

Privacy nicks come from the …

Complying With New And Existing Biometric Data Privacy Laws, Ariel Latzer

The Journal of Business, Entrepreneurship & the Law

After providing an overview of the history behind biometric information, this article will discuss the Illinois Biometric Privacy Act (BIPA)—which laid the foundation for biometric privacy regulations in the United States—and then discuss the California Consumer Privacy Act (CCPA) and its amendments in the California Privacy Rights Act (CPRA). It will also briefly touch on biometric information regulations in other states and then delve into how some notable companies are currently using individuals’ biometric information to give readers a general idea of what is happening to their personal information and highlight areas businesses should take note of in order to …

The United States Should Take A Page Out Of Canadian Law When It Comes To Privacy, Genetic And Otherwise, Ashley Rahaim

University of Miami Inter-American Law Review

Genetic information is intimate and telling data warranting privacy in public and private realms. The privacy protections offered in the United States and Canada vastly differ when it comes to genetic privacy. Search and seizure law mirrors the privacy gap in the countries, as well as their treatment of DNA database information.

This note explores the foreshadowing of the creation of genetic privacy laws and their varying levels of protection based on the way private information was treated by state actors through search and seizure caselaw, the creation of legal precedent, and the treatment of intimate personal data in the …

National Telecommunications And Information Administration: Comments From Researchers At Boston University And The University Of Chicago, Ran Canetti, Aloni Cohen, Chris Conley, Mark Crovella, Stacey Dogan, Marco Gaboardi, Woodrow Hartzog, Rory Van Loo, Christopher Robertson, Katharine B. Silbaugh

Faculty Scholarship

These comments were composed by an interdisciplinary group of legal, computer science, and data science faculty and researchers at Boston University and the University of Chicago. This group collaborates on research projects that grapple with the legal, policy, and ethical implications of the use of algorithms and digital innovation in general, and more specifically regarding the use of online platforms, machine learning algorithms for classification, prediction, and decision making, and generative AI. Specific areas of expertise include the functionality and impact of recommendation systems; the development of Privacy Enhancing Technologies (PETs) and their relationship to privacy and data security laws; …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Opaque Notification: A Country-By-Country Review, Lauren Mantel

Joint PIJIP/TLS Research Paper Series

No abstract provided.

The Tesla Meets The Fourth Amendment, Adam M. Gershowitz

BYU Law Review

Can police search a smart car’s computer without a warrant? Although the Supreme Court banned warrantless searches of cell phones incident to arrest in Riley v. California, the Court left the door open for warrantless searches under other exceptions to the warrant requirement. This is the first article to argue that the Fourth Amendment’s automobile exception currently permits the police to warrantlessly dig into a vehicle’s computer system and extract vast amounts of cell phone data. Just as the police can rip open seats or slash tires to search for drugs under the automobile exception, the police can warrantlessly extract …

Asking For It: Gendered Dimensions Of Surveillance Capitalism, Jessica Rizzo

Emancipations: A Journal of Critical Social Analysis

Advertising and privacy were once seen as mutually antagonistic. In the 1950s and 1960s, Americans went to court to fight for their right to be free from the invasion of privacy presented by unwanted advertising, but a strange realignment took place in the 1970s. Radical feminists were among those who were extremely concerned about the collection and computerization of personal data—they worried about private enterprise getting a hold of that data and using it to target women—but liberal feminists went in a different direction, making friends with advertising because they saw it as strategically valuable.

Liberal feminists argued that in …

Artificial Intelligence Tools In Clinical Neuroradiology: Essential Medico-Legal Aspects, Dennis M. Hedderich, Christian Weisstanner, Sofie Van Cauter, Christian Federau, Myriam Edjlali, Alexander Radbruch, Sara Gerke, Sven Haller

Faculty Scholarly Works

Commercial software based on artificial intelligence (AI) is entering clinical practice in neuroradiology. Consequently, medico-legal aspects of using Software as a Medical Device (SaMD) become increasingly important. These medico-legal issues warrant an interdisciplinary approach and may affect the way we work in daily practice. In this article, we seek to address three major topics: medical malpractice liability, regulation of AI-based medical devices, and privacy protection in shared medical imaging data, thereby focusing on the legal frameworks of the European Union and the USA. As many of the presented concepts are very complex and, in part, remain yet unsolved, this article …

Privacy Lost: How The Montana Supreme Court Undercuts The Right Of Privacy, Kevin Frazier

Seattle Journal of Technology, Environmental & Innovation Law

In 1972, Montanans ratified a new constitution that included a “right of privacy.” The plain text of the provision fails to express the intent of the Framers who not only intended to afford Montanans a right, but also to impose a responsibility on the State to continuously and thoroughly examine State practices in light of evolving means of invading residents’ privacy. This intent has gone unrealized despite the fact that the intent of the Framers is clear, readily available, and the primary source state courts ought to use when interpreting the Constitution. This article delves into the transcripts of the …

From Hashtag To Hash Value: Using The Hash Value Model To Report Child Sex Abuse Material, Jessica Mcgarvie

Seattle Journal of Technology, Environmental & Innovation Law

In the summer of 2021, Apple announced it would release a Child Safety Feature (CSF) aimed at reducing Child Sex Abuse Materials (CSAM) on its platform. The CSF would scan all images a user uploaded to their iCloud for CSAM, and Apple would report an account with 30 or more flagged images to the National Center for Missing and Exploited Children. Despite Apple’s good intentions, they received intense backlash, with many critics arguing the proposed CSF eroded a user’s privacy. This article explores the technology behind Apple’s CSF and compares it to similar features used by other prominent tech companies. …

A New Right Is The Wrong Tactic: Bring Legal Actions Against States For Internet Shutdowns Instead Of Working Towards A Human Right To The Internet (Part 1), Jay Conrad

Seattle Journal of Technology, Environmental & Innovation Law

A New Right is the Wrong Tactic: Bring Legal Actions Against States for Internet Shutdowns Instead of Working Towards a Human Right to the Internet (Part 1) is the first of a two-part series dealing with an increasingly prevalent threat to human rights: State-sanctioned Internet shutdowns. Part 1 details the current tactics and impacts of Internet shutdowns and which human rights are most likely to be violated by or during a shutdown. Part 2 will address the deficiencies of advocating for Internet access to be a recognized human right as a means of combatting shutdowns. Despite the popularity of this …

Texas’ War On Social Media: Censorship Or False Flag, Leni Morales

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

The Health Care Industry Is Ready For A Revolution: Its Privacy Laws Are Not, Erin Rutherford

Student Scholarship

This paper highlights the costs and benefits associated with the gathering, storing, analyzing, and digitizing of health information; examines current privacy laws and their inadequacies in the new and constantly changing digital health world; and then provides a proposal framework to balance encouraging innovation while protecting individual autonomy. The article specifically proceeds as follows. This paper first discusses of the evolution of the health industry, from paper records to the wide array of sources generating health information today. Next, it considers the benefits to the ever-increasing amount of health information, which, while considerable can often be in tension with privacy …

Consumers' Perceptions Of Digital Privacy In The United States And Japan, Destiny Randle

Whittier Scholars Program

The purpose of my study is to explore the contours of contemporary consumer privacy protections derived from legislation, regulations and publicly available company policies as a way to get a better understanding of how consumer data is protected. A few examples ranging from company-based consumer protection in the United States to data breaches in Japan will be explored and examined. Finally, this paper includes a comparative survey of consumer perceptions and concerns related to personal data privacy in the U.S. and Japan. As a way to assess the degree to which digital privacy and personal data breaches have adversely influenced …

Necessity, Proportionality, And Executive Order 14086, Alex Joel

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Aerial Trespass And The Fourth Amendment, Randall F. Khalil

Michigan Law Review

Since 1973, courts have analyzed aerial surveillance under the Fourth Amendment by applying the test from Katz v. United States, which states that a search triggers the Fourth Amendment when a government actor violates a person’s “reasonable expectation of privacy.” The Supreme Court applied Katz to aerial surveillance three times throughout the 1980s, yet this area of the law remains unsettled and outcomes are unpredictable. In 2012, the Supreme Court recognized an alternative to the Katz test in Jones v. United States, which held that a search triggers the Fourth Amendment when a government actor physically intrudes into …

Mainstreaming Unjust Enrichment And Restitution In Data Security Law, Ying Hu

UC Irvine Law Review

This Article seeks to improve enforcement of the duty of companies to safeguard personal data in their possession. It is notoriously difficult for data breach victims to succeed in class actions against companies that failed to take reasonable steps to safeguard their personal data. Many commentators have argued that existing legal rules should be relaxed or applied differently in data breach cases.

This Article argues instead that litigants and the courts should take more seriously unjust enrichment as a cause of action in those cases. The Article makes two main contributions. First, it critically analyzes the two main theories of …

A Game Theoretic Approach To Balance Privacy Risks And Familial Benefits, Ellen W. Clayton, Jia Guo, Murat Kantarcioglu, Et Al.

Vanderbilt Law School Faculty Publications

As recreational genomics continues to grow in its popularity, many people are afforded the opportunity to share their genomes in exchange for various services, including third-party interpretation (TPI) tools, to understand their predisposition to health problems and, based on genome similarity, to find extended family members. At the same time, these services have increasingly been reused by law enforcement to track down potential criminals through family members who disclose their genomic information. While it has been observed that many potential users shy away from such data sharing when they learn that their privacy cannot be assured, it remains unclear how …