Privacy Law Commons^™

A Trusted Framework For Cross-Border Data Flows, Alex Joel

Joint PIJIP/TLS Research Paper Series

The German Marshall Fund of the United States (GMF), in cooperation with the Tech, Law and Security Program (TLS) of the American University Washington College of Law, and with support from Microsoft, convened a Global Taskforce to Promote Trusted Sharing of Data comprising experts from civil society, academia, and industry to submit proposals for harmonizing approaches to global data use and sharing. Former US Ambassador to the Organisation for Economic Co-operation and Development (OECD) and GMF Distinguished Fellow Karen Kornbluh and Microsoft Chief Privacy Officer and Corporate Vice President Julie Brill co-chaired the taskforce; TLS Senior Project Director Alex Joel …

A Sleeping Giant: Mhelath Applications, The Gdpr, And The Need For Federal Privacy Regulation In The United States, Kali Peeples

Notre Dame Journal on Emerging Technologies

An analysis of privacy regulation concerning mHealth apps is a multifaceted process that requires the examination of changes within not only the healthcare space but also the technological world, as well as the legislative history and intent of various nations.The main issue being addressed in this paper is whether the United States should create nationwide legislation that directly relates to mHealth data protection or continue with a self-regulatory method. Part I focuses on the development and rapid creation of mHealth apps within the past decade. Part II seeks to illustrate the distinct privacy concerns of mHealth apps by concentrating on …

Deep Dive Into Deepfakes—Safeguarding Our Digital Identity, Yi Yan

Brooklyn Journal of International Law

Deepfake technology is becoming increasingly sophisticated, and with it, the potential to pose a significant threat to the digital community, democratic institutions, and private individuals. With the creation of highly convincing but entirely fabricated audio, video, and images, there is a pressing need for the international community to address the vulnerabilities posed by deepfake technology in the current legal landscape through unambiguous legislation. This Note explores the ethical, legal, and social implications of deepfakes, including issues of privacy, identity theft, and political manipulation. It also reviews existing international legal frameworks, i.e., the Convention on Cybercrime (“Budapest Convention”) and proposes a …

Battling Baby Brokers: A Comparative Analysis Of The United States’ Versus Europe’S Adoption Policies, Amanda P. Gonzales

Brooklyn Journal of International Law

Child adoption involves the permanent transfer of parental rights from a child’s biological or legal parents to another party. Parties in the Unites States (US) have engaged in this process in various forms for centuries. Today, over one hundred thousand children are adopted by American families each year. Many of these adoptions take place privately through agencies. An agency assists in the process of matching prospective adoptive parents with birth parents from whom they will adopt a child. In exchange for this assistance, the prospective adoptive parents pay tens of thousands of dollars in fees and expenses to the agency …

Complying With New And Existing Biometric Data Privacy Laws, Ariel Latzer

The Journal of Business, Entrepreneurship & the Law

After providing an overview of the history behind biometric information, this article will discuss the Illinois Biometric Privacy Act (BIPA)—which laid the foundation for biometric privacy regulations in the United States—and then discuss the California Consumer Privacy Act (CCPA) and its amendments in the California Privacy Rights Act (CPRA). It will also briefly touch on biometric information regulations in other states and then delve into how some notable companies are currently using individuals’ biometric information to give readers a general idea of what is happening to their personal information and highlight areas businesses should take note of in order to …

Encouraging Public Access To Pharmaceuticals Through Modified Protection Of Clinical Trial Data, Scott M. Nolan Ii

IP Theory

Part I of this Article investigates the development of pharmaceuticals and clinical trial data with a focus on patent and data protection. Part II evaluates the effects of protection and the challenges it poses to widespread public pharmaceutical access. Part III discusses two scholarly approaches to the public access issue that focus on clinical data protection and their associated challenges. In light of these scholarly works, Part IV suggests a new approach to clinical trial data protection that aims to improve public pharmaceutical access while maintaining the incentives to invent for drug developers.

Administrative Regulation Of Programmatic Policing: Why "Leaders Of A Beautiful Struggle" Is Both Right And Wrong, Christopher Slobogin

Vanderbilt Law School Faculty Publications

In Leaders of a Beautiful Struggle v. Baltimore Police Department, the Fourth Circuit Court of Appeals held that Aerial Investigation Research (AIR), Baltimore's aerial surveillance program, violated the Fourth Amendment because it was not authorized by a warrant. AIR was constitutionaly problematic, but not for the reason given by the Fourth Circuit. AIR, like many other technologically-enhanced policing programs that rely on closed-circuit television (CCTV), automated license plate readers and the like, involves the collection and retention of information about huge numbers ofpeople. Because individualized suspicion does not exist with respect to any of these people's information, an individual-specific warrant …

The Future Of Data Protection Enforcement In Canada: Lessons From The Gdpr, Guilda Rostama, Teresa Scassa

Canadian Journal of Law and Technology

Imagine a not-too-distant scenario in which a private sector organization in Canada is investigated by the Privacy Commissioner of Canada jointly with the Commissioners of Quebec, British Columbia (‘‘BC”), and Alberta in relation to complaints that it shared massive quantities of personal data with third parties contrary to its stated practices in its privacy policies. Imagine also that each of the commissioners is empowered under newly amended data protection legislation to issue substantial Administrative Monetary Penalties (‘‘AMPs”). If each of the commissioners finds that its respective laws were breached, should the organization be subject to four different AMPs, or just …

Slouching Toward Regulation: Assessing Bill 88 As A Solution For Workplace Surveillance Harms, Danielle E. Thompson, Adam Molnar

Canadian Journal of Law and Technology

Employee monitoring applications (‘‘EMAs”) are proliferating in Canada and provide employers with sophisticated surveillance tools for the monitoring of workers (e.g., on-device video surveillance, browser activity, and email monitoring). In response to concerns about these increasingly invasive surveillance practices, the Government of Ontario passed Bill 88, the Working for Workers Act, 2022, which requires all employers with 25 or more workers to have a written policy stating whether and how they electronically monitor their employees. Bill 88 marks a more explict attempt to regulate workplace surveillance in a modern digital context in Canada; however; however, an analysis of the Bill’s …

When Your Boss Is An Algorithm: Preserving Canadian Employment Standards In The Digital Economy, Fife Ogunde

Canadian Journal of Law and Technology

The platform or ‘‘gig” economy is a rapidly growing economy in Canada. Between 2005 and 2016, the share of gig workers among all workers in Canada rose from 5.5% to 8.2%. These include independent contractors, select freelancers and platform workers. In 2018, 28% of Canadians aged 18 and older reported making money through online platforms. Research by Payments Canada in 2021 showed gig workers as representing more than one in 10 Canadian adults with more than one in three Canadian businesses employing gig workers. As the share of platform workers in the economy has grown, so has the discussion regarding …

The Challenge Designing Intermediary Liability Laws, Emily Laidlaw

Canadian Journal of Law and Technology

The ideal framework for intermediary liability has vexed policymakers since the internet’s commercialization. The quest has taken on a frenzied pace in recent years with intense scrutiny of who they are, what they do and what they should be responsible for. Over the years a theme has emerged from my discussions about intermediaries, and its subset platforms, and it prompts me to explore it as the focus of this article. My question is simple: why is it so difficult for law and policymakers to agree on a regulatory framework?

This article tackles two parts of the regulatory challenge that are …

The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro

Canadian Journal of Law and Technology

In 2018, NASA’s Jet Propulsion Laboratory was the subject of a data breach where over 500 megabytes of data from a major mission system was stolen by hackers. This attack affected NASA’s Deep Space Network, prompting the United States Johnson Space Center to disconnect the International Space Station from the affected gateway due to fears that mission systems could become compromised. NASA has acknowledged that its vast online presence, which includes thousands of publicly accessible datasets, offers a large potential target for cybercriminals. The 2018 incident was one of many, with NASA experiencing more than 6000 cyberattacks from 2017-2021 alone. …

The United States Should Take A Page Out Of Canadian Law When It Comes To Privacy, Genetic And Otherwise, Ashley Rahaim

University of Miami Inter-American Law Review

Genetic information is intimate and telling data warranting privacy in public and private realms. The privacy protections offered in the United States and Canada vastly differ when it comes to genetic privacy. Search and seizure law mirrors the privacy gap in the countries, as well as their treatment of DNA database information.

This note explores the foreshadowing of the creation of genetic privacy laws and their varying levels of protection based on the way private information was treated by state actors through search and seizure caselaw, the creation of legal precedent, and the treatment of intimate personal data in the …

National Telecommunications And Information Administration: Comments From Researchers At Boston University And The University Of Chicago, Ran Canetti, Aloni Cohen, Chris Conley, Mark Crovella, Stacey Dogan, Marco Gaboardi, Woodrow Hartzog, Rory Van Loo, Christopher Robertson, Katharine B. Silbaugh

Faculty Scholarship

These comments were composed by an interdisciplinary group of legal, computer science, and data science faculty and researchers at Boston University and the University of Chicago. This group collaborates on research projects that grapple with the legal, policy, and ethical implications of the use of algorithms and digital innovation in general, and more specifically regarding the use of online platforms, machine learning algorithms for classification, prediction, and decision making, and generative AI. Specific areas of expertise include the functionality and impact of recommendation systems; the development of Privacy Enhancing Technologies (PETs) and their relationship to privacy and data security laws; …

What You Don’T Know Will Hurt You: Fighting The Privacy Paradox By Designing For Privacy And Enforcing Protective Technology, Perla Khattar

Washington Journal of Law, Technology & Arts

The persistence of the privacy paradox is proof that current industry regulation is insufficient to protect consumer’s privacy. Although consumer choice is essential, we argue that it should not be the main pillar of modern data privacy legislation. This article argues that legislation should aim to protect consumer’s personal data in the first place, while also giving internet users the choice to opt-in to the processing of their information. Ideally, privacy by design principles would be mandated by law, making privacy an essential component of the architecture of every tech-product and service.

Disinformation And The Defamation Renaissance: A Misleading Promise Of “Truth”, Lili Levi

University of Richmond Law Review

Today, defamation litigation is experiencing a renaissance, with progressives and conservatives, public officials and celebrities, corporations and high school students all heading to the courthouse to use libel lawsuits as a social and political fix. Many of these suits reflect a powerful new rhetoric—reframing the goal of defamation law as fighting disinformation. Appeals to the need to combat falsity in public discourse have fueled efforts to reverse the Supreme Court’s press–protective constitutional limits on defamation law under the New York Times v. Sullivan framework. The anti–disinformation frame could tip the scales and generate a majority on the Court to dismantle …

Opaque Notification: A Country-By-Country Review, Lauren Mantel

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Femtechnodystopia, Leah R. Fowler, Michael Ulrich

Faculty Scholarship

Reproductive rights, as we have long understood them, are dead. But at the same time history seems to be moving backward, technology moves relentlessly forward. Femtech products, a category of consumer technology addressing an array of “female” health needs, seem poised to fill gaps created by states and stakeholders eager to limit birth control and abortion access and increase pregnancy surveillance and fetal rights. Period and fertility tracking applications could supplement or replace other contraception. Early digital alerts to missed periods can improve the chances of obtaining a legal abortion in states with ever-shrinking windows of availability or prompt behavioral …

The Tesla Meets The Fourth Amendment, Adam M. Gershowitz

BYU Law Review

Can police search a smart car’s computer without a warrant? Although the Supreme Court banned warrantless searches of cell phones incident to arrest in Riley v. California, the Court left the door open for warrantless searches under other exceptions to the warrant requirement. This is the first article to argue that the Fourth Amendment’s automobile exception currently permits the police to warrantlessly dig into a vehicle’s computer system and extract vast amounts of cell phone data. Just as the police can rip open seats or slash tires to search for drugs under the automobile exception, the police can warrantlessly extract …

Asking For It: Gendered Dimensions Of Surveillance Capitalism, Jessica Rizzo

Emancipations: A Journal of Critical Social Analysis

Advertising and privacy were once seen as mutually antagonistic. In the 1950s and 1960s, Americans went to court to fight for their right to be free from the invasion of privacy presented by unwanted advertising, but a strange realignment took place in the 1970s. Radical feminists were among those who were extremely concerned about the collection and computerization of personal data—they worried about private enterprise getting a hold of that data and using it to target women—but liberal feminists went in a different direction, making friends with advertising because they saw it as strategically valuable.

Liberal feminists argued that in …