Harvard Law Review Symposium on Privacy and Technology: Call for Papers
posted by Daniel Solove
The Harvard Law Review is hosting a Symposium this November on the topic of Privacy & Technology. The Law Review is currently accepting abstracts for papers to be considered for publication in the Symposium Issue. To be considered for publication, please send an abstract of no more than 750 words to HLRsymposium2012@gmail.com by June 15. Space in the issue is limited and papers will be selected on a rolling basis, so early submission is recommended. We strongly prefer abstracts for shorter essays that can be executed in fewer than 12,500 words (about 25 law review pages).
The following proposal gives a taste of what kinds of inquiries we are interested in. We are most interested in papers that challenge old concepts and categories and propose new ones that could potentially drive the development of privacy law in the following decades.
Today, we are witnessing astounding new technologies that efficiently gather, use, and analyze massive amounts of data. These changes have created a set of profound challenges for regulating privacy, as existing regulatory approaches are straining to keep up with rapid technological advances. The regulatory ideas and frameworks over the past few decades have failed to adequately respond to the constantly shifting technological landscape. Policymakers—among many different stakeholders—recognize that a new direction is needed for privacy law, but there remains much to be resolved about what direction it should head. Moreover, deep divides have emerged in how different societies regulate privacy despite the increased need for governments and businesses to share information across borders. These changes present challenges for the core conceptual underpinnings of privacy itself. We thus stand at a crossroads about how to regulate privacy and even how to think about privacy. The road forward will require a deep re-imagining of privacy in both theory and practice.
Theory: On the level of theory, the most crucial demand is to find out what interests are really at stake. What do we as a society really want? (Relatedly, should we even concern ourselves with the privacy regimes of other nations?) The relationship between the robustness of personalized services and their practically necessary encroachment on traditional zones of privacy needs to be addressed. Furthermore, what is the relationship between social and political culture and the architectural design of privacy protection? How do different conceptions of privacy bear on the capacity of participatory democracy? On liberalism generally? On the rule of law? In order to address the practical problems of protecting a particular set of privacy rights, we should be clear on what values we are trying to promote with privacy.
Executive Surveillance: Individuals and policy makers continually grapple with expanding executive encroachment on privacy brought about by new technologies. In the three separate opinions in Jones, the Supreme Court bantered about the constitutional concept of privacy in the realm of government surveillance. Although the opinion of the Court decided the case on narrow grounds, the concurrences suggest at least five justices might entertain a new, more expansive, and more nuanced conception of what constitutes a reasonable expectation of privacy. Should the Court turn in this new direction and overhaul Fourth Amendment jurisprudence? In the modern information society, a wealth of data can now be obtained about the minutia of a person’s life. To what extent should the government have access to this data when maintained by private-sector entities? What limits should the government have in how it may use data after being collected? How should the fusion centers be regulated? How long should data be kept? The laws that regulate electronic surveillance and data use by the government are practically ancient, most being passed in the 1970s and 1980s. Hardly anyone can disagree that the law needs to be updated. But what, exactly, should the law provide? And in what direction will the Court take the Fourth Amendment? Is a more nuanced and contextual approach to the Fourth Amendment desirable or workable?
Private Data Collection: Meanwhile, Google, foremost among the corporate entities suggestively called “Big Data,” continues to amass scraps of information associated with Internet users, in hopes of aggregating the information into a powerfully predictive consumer profile with which it and other companies can selectively target individuals for services and advertising. Although the legal status of this activity in America is unclear, Google has been challenged in Europe for lack of transparency in its privacy policy. What should users expect companies to do with their personal data? Should there be limits on the extent that data is aggregated? Relatedly, do old conceptions of public and private help us properly analyze the social phenomenon of sharing? How does the rise of social media and the extensive self-exposure it brings alter privacy expectations? Should the data people share publicly be scraped together and aggregated and used in ways people were not expecting?
Comparative Perspectives: While American privacy law has varied substantially in different industries, and has often relied extensively on a self-regulatory approach, the Europeans have advanced broad and strong constitutional and statutory privacy rights through the European Court of Human Rights and the European Commission. This year, the EC unveiled a new regulation that would expand on the 1995 Data Protection Directive, and will include within it new privacy rights, including the controversial “right to be forgotten.” What can American privacy law learn from these developments in Europe? Is it possible to translate some of the European privacy rights into American law? What can the EU learn from American privacy law? More practically, the significant differences between EU and American privacy approaches impede information flow and create immense challenges in an increasingly global economy. Can these differences be bridged?
May 21, 2012 at 2:02 pm
Posted in: Articles and Books, Privacy
Print This Post
Responses (2)
Antonella MIletti - June 15, 2012 at 2:52 am
I am an aggregate Professor of Institutions of Private Law, University of Naples Federico II, School of Economics.
I send abstracts to the Symposium of private law.
I hope you can interest. Thank you.
Antonella Miletti
Antonella MIletti - June 15, 2012 at 2:53 am
I am an aggregate professor of Institutions of Private Law, University of Naples Federico II, School of Economics.
I send abstracts to the symposium of private law.
I hope you can interest. Thank you.
Antonella Miletti
New laws about European privacy rights
Globalized world requires new rules to govern a system based on advanced technologies and with different needs: on the one hand there is the need that privacy rights will not be violated frequently, on the other hand the need that large amount of information traveling on the network, released by companies, public authorities, private citizens who disseminate information, will not be hindered by constantly hampered by constraints and barriers of any kinds due to concerns about data security.
Economic development, e-business, digital economy, cannot prescind to use of current technologies and in the general exchange of information is essential to create confidence in users, looking for shared solutions to global and international scope, because matter cannot be subject to strict national barriers.
In Europe we are working very hard in this direction, with important new laws.
European regulation is based on fundamental principles of Article 16 of the Treaty on the Functioning of the European Union (TFEU) and Article 8 of the Charter of Fundamental Rights which recognize right of protection of personal data, and establish rules for their freedom of circulation.
On this legislative basis there was a very interesting proposal for an European Union directive that will profoundly change all current normative about personal data, updating and modernizing principles enshrined in the preexisting Directive of 1995, n.46, presented in Brussels on 25 January 2012 to develop a single global market for all EU countries, but will also involve American companies operating in European market and all companies working outside EU, but that manage personal data of citizens belonging to EU.
In this proposal are forecast greater responsibility in the event of data breaches, it is established the right to their portability, improving competitiveness among enterprises operating in the area and acknowledging more rights to users.
Now is born the right to be forgotten: it will be possible erase data for those who prefer to eliminate them from the network, in order to counteract risks (concerning the right to be forgotten Italian Supreme Court of Cassation with the decision n.5525 of 5 April 2012 recognized personal data as good with an economic value establishing that for news existing in network it is necessary respect criteria of proportionality, necessity, relevance and not excessive information, ensuring context and especially the update).
EU directive of October 25, 2011, n.83, for the first time, about cross-border trade by Internet has dealt with digital content and consumer protection in order to improve competitiveness and competition among enterprises, tending to a complete harmonization of EU countries about legal movement of digital data within contracts of sale (including standard and forms and obtaining a reduction of transaction costs).
This is in line with the political strategy “Europe 2020″, direct to smart growth, sustainable and inclusive with Digital Agenda for Europe to foster the creation of a digital single market characterized by a single market of security and a legal with the objective of EU growth, fostering innovation, economic growth and progress, strengthening trust and security online, improving the literacy, skills and inclusion in the digital world.
In line with the Digital Agenda for Europe in Italy have been issued two legislative decrees issued May 28, 2012, n. 69 and n.70, aimed at increase protection of consumers and their privacy against the violation of personal data; they have changed the Code about the protection of personal data (Legislative Decree no. 196 of 2003), in force in Italy. Among the innovations it is to remember in particular the prior consent that have to be provided for the cookies (which store the choices and preferences in user navigation) by users contracting allowing the storage of information of a contractor or a user only if they gave their consent.
Italian Data Protection Authority has issued an handbook on the proper use of cloud computing that involves the outsourcing of data and documents with problems difficult to resolve at national scope and require a shared reflection at European and international level, for implications on processing of personal data.
More attention should be paid to the contractual conditions for the delivery of cloud services with reference to obligations and responsibilities in case of loss of data stored in the cloud and the consequences in case of decision to change provider.
All these new laws are a good point of departure point for a productive comparison on this matter.
Antonella Miletti
Leave a Reply