Author: Daniel Solove

Enter Privacy Profession 01
2

Advice on How to Enter the Privacy Profession

Over at LinkedIn, I have a long post with advice for how law students can enter into the privacy profession.   I hope that this post can serve as a useful guide to students who want to pursue careers in privacy.

The privacy law field is growing dramatically, and demand for privacy lawyers is high.  I think that many in the academy who don’t follow privacy law, cyberlaw, or law and technology might not realize what’s going on in the field.  The field is booming.

The International Association of Privacy Professionals (IAPP), the field’s primary association, has been growing by about 30% each year.  It now has more than 17,000 members.  And this is only a subset of privacy professionals, as many privacy officials in healthcare aren’t members of IAPP and instead are members of the American Health Information Management Association (AHIMA) or the Health Care Compliance Association (HCCA).

There remains a bottleneck at the entry point to the field, but that can be overcome.  Once in the club, the opportunities are plentiful and there’s the ability to rise quickly.   I’ve been trying to push for solutions to make entry into the field easier, and this is an ongoing project of mine.

If you have students who are interested in entering the privacy law profession, please share my post with them.  I hope it will help.

0

Privacy and Data Security Harms

Privacy Harm 01

I recently wrote a series of posts on LinkedIn exploring privacy and data security harms.  I thought I’d share them here, so I am re-posting all four of these posts together in one rather long post.

I. PRIVACY AND DATA SECURITY VIOLATIONS: WHAT’S THE HARM?

“It’s just a flesh wound.”

Monty Python and the Holy Grail

Suppose your personal data is lost, stolen, improperly disclosed, or improperly used. Are you harmed?

Suppose a company violates its privacy policy and improperly shares your data with another company. Does this cause a harm?

In most cases, courts say no. This is the case even when a company is acting negligently or recklessly. No harm, no foul.

Strong Arguments on Both Sides

Some argue that courts are ignoring serious harms caused when data is not properly protected and used.

Yet others view the harm as trivial or non-existent. For example, given the vast number of records compromised in data breaches, the odds that any one instance will result in identity theft or fraud are quite low.

Read More

0

The World Dan Markel Created

dan markelThere have been such moving tributes to Dan Markel posted online that I wondered what I could add that hasn’t already been said about him. I didn’t know Dan as closely as many others, but I was fortunate to get to know him back in 2005. He was, as so many have said, one with a genuine passion for ideas.  Within the first few minutes of meeting him, Dan had already invited me to write some guest posts on his new blog, PrawfsBlawg.  I  barely knew him, but he was already cajoling me to blog as if he had known me for years.

I took him up on his offer.  As I began blogging on his site, he kept on encouraging me and sharing ideas with me.  “What do you think about this?”  “What do you think about that?” “You should write about this.”  Dan never eased in to anything, he didn’t gradually build speed.  You met him, and you’d find yourself instantly on a moving train.

I really loved blogging and stuck around PrawfsBlawg for quite a while before moving here to Concurring Opinions.  I thus owe my entry into the blogosphere to Dan.  Through Dan, and the people he brought to PrawfsBlawg, I met quite a lot of friends along the way.  When I think of the great people that Dan brought into my life — either directly or indirectly — it is quite an amazing list.

Dan had an intensity about nearly everything, especially ideas.  Typically, such intensity can push others away, but Dan’s intensity was paired with an exuberance and warmth.  I was not as closely in touch with Dan in recent years.  But whenever I saw Dan, he had a way of making me feel like we had been friends forever without any gaps.  And it was genuine — Dan really cared about people.

One of the refrains from the tributes to Dan is that he worked tirelessly to build a community.  His achievement here is something that is worth underscoring because it is so extraordinary.  The community Dan fostered was not merely a gathering of people.  It existed not just in meetings but in cyberspace too.  It encompassed junior law professors and senior ones.  It extended to scholars in a multitude of fields.  Dan’s community was one of friendship as well as one of ideas.   He was serious about academic engagement.

And what he created grew exponentially.  Our blog spun off of PrawfsBlawg, and other blogs have spun off of our blog.  Many blogs about law owe their origin in some way to Dan.   Many people were brought together because of Dan, spawning numerous co-authored works and lasting friendships.

The amount of friendships, collaborations, discussions, ideas,  and events that Dan played a role in creating is staggering.   Dan created more than just a community — he created a world.

0

Radical Pragmatism

Cambridge Companion to Pragmatism 01I recently posted on SSRN a book chapter I co-authored with Professor Michael Sullivan (Emory, Philosophy).  The chapter is called Radical Pragmatism and it is in The Cambridge Companion to Pragmatism pp. 324-344 (Alan Malachowski, ed. 2013).  This is a much shortened version of an earlier essay we wrote critiquing Judge Richard Posner’s conception of pragmatism.  We have tightened the argument, and this piece makes our key points much more succinctly.  Here’s the abstract:

“[P]ragmatist theory of law is, like much pragmatist theory, essentially banal.” So wrote Thomas Grey at the dawn of pragmatism’s renaissance in legal theory. Several contemporary pragmatists, as well as a number of critics of pragmatism, view pragmatism as a thin theory, more of a method than a philosophy with substantive commitments. For example, Richard Posner, one of the leading contemporary pragmatists, asserts that “pragmatism is more a tradition, attitude, and outlook than a body of doctrine” and that it has “no inherent political valence.” Likewise, Richard Rorty contends that pragmatism “is neutral between alternative prophecies, and thus neutral between democrats and fascists.”

Under this view, pragmatism generally leads to cautious common-sense policies. It is far from radical and unsettling, for it is too lacking in substantive value commitments to be otherwise. In this book chapter, we contest this account of pragmatism and offer a thicker account. Pragmatism does indeed have a political valence. It has substantive values. And, far from being banal, it is radical at its core.

You can download the chapter on SSRN.

T
0

The U.S. Supreme Court’s 4th Amendment and Cell Phone Case and Its Implications for the Third Party Doctrine

Today, the U.S. Supreme Court handed down a decision on two cases involving the police searching cell phones incident to arrest. The Court held 9-0 in an opinion written by Chief Justice Roberts that the Fourth Amendment requires a warrant to search a cell phone even after a person is placed under arrest.

The two cases are Riley v. California and United States v. Wurie, and they are decided in the same opinion with the title Riley v. California. The Court must have chosen toname the case after Riley to make things hard for criminal procedure experts, as there is a famous Fourth Amendment case called Florida v. Riley, 488 U,S, 445 (1989), which will now create confusion whenever someone refers to the “Riley case.”

Fourth Amendment Warrants

As a general rule, the government must obtain a warrant before engaging in a search. A warrant is an authorization by an independent judge or magistrate that is given to law enforcement officials after they properly justify their reason for conducting the search. There must be probable cause to search — a reasonable belief that the search will turn up evidence of a crime. The warrant requirement is one of the key protections of privacy because it ensures that the police just can’t search on a whim or a hunch. They must have a justified basis to search, and that must be proven before an independent decisionmaker (the judge or magistrate).

The Search Incident to Arrest Exception

But there are dozens of exceptions where government officials don’t need a warrant to conduct a search. One of these exceptions is a search incident to arrest. This exception allows police officers to search property on or near a person who has been arrested. In Chimel v. California, 395 U.S. 752 (1969), the Supreme Court held that the police could search the area near an arrestee’s immediate control. The rationale was that waiting to get a warrant might put police officers in danger in the event arrestees had hidden dangerous items hidden on them or that arrestees would have time to destroy evidence. In United States v. Robinson, 414 U.S. 218 (1973), the Court held that there doesn’t need to be identifiable danger in any specific case in order to justify searches incident to arrest. Police can just engage in such a search as a categorical rule.

What About Searching Cell Phones Incident to Arrest?

In today’s Riley case, the Court examined whether the police are allowed to search data on a cell phone incident to arrest without first obtaining a warrant. The Court held that cell phone searches should be treated differently from typical searches incident to arrest because cell phones contain so much data and present a greater invasion of privacy than more limited searches for physical objects: “Cell phones, however, place vast quantities of personal information literally in the hands of individuals. A search of the information on a cell phone bears little resemblance to the type of brief physical search considered in Robinson.”

Read More

0

Introducing Guest Blogger Chrisopher Kuner

KunerI am pleased to welcome Dr. Christopher Kuner as a guest blogger. Chris is Senior Of Counsel with Wilson Sonsini Goodrich & Rosati in Brussels, and an Honorary Professor at the University of Copenhagen. He is also a Visiting Fellow in the law department of the London School of Economics, and an Honorary Fellow of the Centre for European Legal Studies, University of Cambridge. He is editor-in-chief of the law journal “International Data Privacy Law”, and has been active in international organizations such as the Council of Europe, the OECD, and UNCITRAL.

Some of his publications include:

Transborder Data Flows and Data Privacy Law (Oxford University Press 2013)

European Data Protection Law: Corporate Compliance and Regulation (2nd edition, Oxford University Press 2007)

Foreign Nationals and Data Protection Law: A Transatlantic Analysis”, in: Hielke Hijmans and Herke Kranenborg (eds), Data Protection Anno 2014: How to Restore Trust (intersentia 2014)

“The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law”, BNA Bloomberg Privacy and Security Law Report (2012) February 6 2012, pages 1-15

“Data Protection Law and International Jurisdiction on the Internet (Parts 1 and 2), 18 International Journal of Law and Information Technology (2010) 18(2) 176 and 18(3) 227

 

1

Gabriel Garcia Marquez’s Chronicle of a Death Foretold

Garcia Marquez - Chronicle of a Death ForetoldI am deeply saddened by the passing of Gabriel Garcia Marquez, one of the world’s best contemporary authors. His magical realist style brims with life and zest — and his descriptions are unique and unforgettable. His most famous work is the magisterial One Hundred Years of Solitude, but my personal favorite is Chronicle of a Death Foretold.

I teach this great work in my law and literature class. It is a novella about a murder and its legal consequences that takes place in a small town. What is amazing about the book is that it is quite short — it is really just a long short story — yet unlike most works of its length, it focuses on not just the microcosm of one character but the macrocosm of an entire town, with an enormous array of characters. So much is packed into this short work, and I marvel at how each time I read it I discover interesting new details. The novella reminds me of a Breugel painting, a canvas filled with so much detail, so many interesting things going on.

Chronicle of a Death Foretold begins with one of Garcia Marquez’s signature openings, so gripping and enriched with unexpected details that it is impossible to stop reading:

On the day they were going to kill him, Santiago Nasar got up at five-thirty in the morning to wait for the boat the bishop was coming on. He’d dreamed he was going through a grove of timber trees where a gentle drizzle was falling, and for an instant he was happy in his dream, but when he awoke he felt completely spattered with bird shit.

The book is written by a narrator 27 years after the murder, pieced together by various interviews, memories, and documents. Chronicling memories that have faded, stories that diverge and contradict each other, the narrator writes in part like an investigative journalist piecing together an expose and in part like a detective investigating a crime. The narrative isn’t told in a linear way but in various fragments that are pasted together like a collage.

We know who will be murdered on the first page, and we find out the culprits very early on. And yet, Chronicle of a Death Foretold is a murder mystery. What it shows, as the narrator recreates the final days of Santiago Nasar’s life, is how each and every character played a role in the murder. Some were indifferent, some were too absorbed in their own pursuits to pay much attention, some were vindictive, with hidden malice, and some just didn’t take things seriously. So many are to blame, yet most played but a small part, and others who played larger roles acted in part based on societal pressures.

But beyond the individual characters, the ultimate indictment is against the town itself and its norms. This is a collective crime. We see how norms of race, class, and gender all combine to create a bitter stew, how many characters feel trapped by traditions and beliefs that lead them to act in unsavory ways. The indictment is thorough — the individuals and the very fabric of their society all interact to produce this tragedy.

I teach this work in my law and literature class to show how puny a force the law can be, and how the law can be too myopic in its focus. The law in this story fails to address the roots of what happened; it just focuses on a few branches and ignores most of the tree.

I marvel at this work every time I read it — the beauty of the prose, the vividness of the description, the brevity of the story that has enough detail for a book ten times as long, and the ability to capture a whole town and its culture and values in so many dimensions — without becoming too abstract or didactic.

If you haven’t read this book, I strongly recommend it to you. It is gripping, challenging, fascinating, and insightful. It is a true masterpiece, and can be read in just an afternoon. Often overshadowed by Garcia Marquez’s great novels — One Hundred Years of Solitude and Love in the Time of CholeraChronicle of a Death Foretold, despite its brevity, is as rich and sweeping.

Cross-posted at LinkedIn

P
0

The FTC and the New Common Law of Privacy

I’m pleased to announce that my article with Professor Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. 583 (2014), is now out in print.  You can download the final published version at SSRN.  Here’s the abstract:

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States — more so than nearly any privacy statute or any common law tort.

In this Article, we contend that the FTC’s privacy jurisprudence is functionally equivalent to a body of common law, and we examine it as such. We explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies. A common view of the FTC’s privacy jurisprudence is that it is thin, merely focusing on enforcing privacy promises. In contrast, a deeper look at the principles that emerge from FTC privacy “common law” demonstrates that the FTC’s privacy jurisprudence is quite thick. The FTC has codified certain norms and best practices and has developed some baseline privacy protections. Standards have become so specific they resemble rules. We contend that the foundations exist to develop this “common law” into a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, extends far beyond privacy policies, and involves a full suite of substantive rules that exist independently from a company’s privacy representations.

P
0

FTC v. Wyndham

The case has been quite long in the making. The opinion has been eagerly anticipated in privacy and data security circles. Fifteen years of regulatory actions have been hanging in the balance. We have waited and waited for the decision, and it has finally arrived.

The case is FTC v. Wyndham, and it is round one to the Federal Trade Commission (FTC).

Some Quick Background

For the past 15 years, the FTC has been one of the leading regulators of data security. It has brought actions against companies that fail to provide common security safeguards on personal data. The FTC has claimed that inadequate data security violates the FTC Act which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In many cases, the FTC has alleged that inadequate data security is deceptive because it contradicts promises made in privacy policies that companies will protect people’s data with “good,” “adequate,” or “reasonable” security measures. And in a number of cases, the FTC has charged that inadequate data security is unfair because it creates actual or likely unavoidable harm to consumers which isn’t outweighed by other benefits.

For more background about the FTC’s privacy and data security enforcement, please see my article with Professor Woodrow Hartzog: The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. 583 (2014). The article has just come out in print, and the final published version can be downloaded for free here.

Thus far, when faced with an FTC data security complaint, companies have settled. But finally one company, Wyndham Worldwide Corporation, challenged the FTC. A duel has been waging in court. The battle has been one of gigantic proportions because so much is at stake: Wyndham has raised fundamental challenges the FTC’s power to regulate data security under the FTC Act.

The Court’s Opinion and Some Thoughts

1. The FTC’s Unfairness Authority

Wyndham argued that because Congress enacted several data security laws to regulate specific industries (FCRA, GLBA, HIPAA, COPPA) that Congress did not intend for the FTC to be able to regulate data security more generally under FTC Act unfairness. The court rejected this argument, holding that “subsequent data-security legislation seems to complement—not preclude—the FTC’s authority.”

This holding seems quite reasonable, as the FTC Act was a very broad grant of authority to the FTC to regulate for consumer protection for most industries.

Read More

1

Introducing Christine Corcos

Corcos 01I’m very pleased to announce that Professor Christine Corcos will be keeping us updated regularly about Law & Humanities as well as Media Law.

Christine is the Richard C. Cadwallader Associate Professor of Law at the Louisiana State University Law Center and a member of the Women’s and Gender Studies Faculty at Louisiana State University A&M. She is the co-author of La Politique du Logement aux Etats-Unis (1999), the author of An International Guide to Law and Literature Studies (Hein, 2000) and editor of Law and Magic: A Collection of Essays (Carolina Academic Press 2010). She has written numerous law review articles and essays including George Carlin, Constitutional Law Scholar, and Visits to a Small Planet: Rights Talk in Some Science Fiction Film and Television Series From the 1950s to the 1990s, for the Stetson Law Review, Some Thoughts on Chuck Lorre, “Bad Words,” and the “Raging Paranoia of Our Network Censors,” in the Regent Law Review, From Agnatic Succession to Absolute Primogeniture: The Shift to Equal Rights of Succession to Thrones and Titles in the Modern European Constitutional Monarchy, for the Michigan State Law Review, an essay on the tv show Damages for the collection Lawyers in Your Living Room (ABA, 2009), Prosecutors and Psychics on the Air: Does a “Psychic Detective Effect” Exist for the collection Law and Justice on the Small Screen (Hart Publishing, 2012), and Magical Images in Law for the collection Explorations in Courtroom Discourse (Ashgate, 2011). She is currently doing some writing in the area of law and religion, particularly on the First Amendment, Spiritualism, and “crafty sciences.”

She is a co-author of several casebooks, including Theater Law (Carolina Academic Press, 2004), Law and Popular Culture (2d ed., LEXIS Publishing, 2012), and Law of the European Union: A New Constitutional Order (2d ed., Carolina Academic Press, 2013). She is Secretary/Treasurer of the Law and Humanities Institute and a member of the Board of Editors of the International Journal for the Semiotics of Law. She also blogs at Media Law Prof Blog, the Law and Magic Blog, the Law and Humanities Blog (for the Law and Humanities Institute) and Feminist Law Professors.

She speaks frequently to the media on media law and law and popular culture.

Areas of interest: First Amendment, Freedom of Expression, Law and Religion, Legal History (including Women’s Legal History), Law and Popular Culture