Site Meter

Author: Daniel Solove

0

What Is Personally Identifiable Information (PII)? Finding Common Ground in the EU and US

This post was co-authored by Professor Paul Schwartz.

We recently released a draft of our new essay, Reconciling Personal Information in the European Union and the United States, and we want to highlight some of its main points here.

The privacy law of the United States (US) and European Union (EU) differs in many fundamental ways, greatly complicating commerce between the US and EU.  At the broadest level, US privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions.  In the EU, privacy is hailed as a fundamental right that trumps other interests.  The result is that EU privacy protections are much more restrictive on the use and transfer of personal data than US privacy law.

Numerous attempts have been made to bridge the gap between US and EU privacy law, but a very large initial hurdle stands in the way.  The two bodies of law can’t even agree on the scope of protection let alone the substance of the protections.  The scope of protection of privacy laws turns on the definition of “personally identifiable information” (PII).  If there is PII, privacy laws apply.  If PII is absent, privacy laws do not apply.

In the US, the law provides multiple definitions of PII, most focusing on whether the information pertains to an identified person.  In contrast, in the EU, there is a single definition of personal data to encompass all information identifiable to a person.  Even if the data alone cannot be linked to a specific individual, if it is reasonably possible to use the data in combination with other information to identify a person, then the data is PII.

In our essay, Reconciling Personal Information in the European Union and the United States, we argue that both the US and EU approaches to defining PII are flawed.  We also contend that a tiered approach to the concept of PII can bridge the differences between the US and EU approaches.

Read More

3

Mug Shot Blackmail?

A recent article from the Associated Press describes a troubling new website that posts people’s mug shots and then charges people to have them taken down:

After more than seven years and a move 2,800 miles across the country, Christopher Jones thought he’d left behind reminders of the arrest that capped a bitter break-up. That was, until he searched the Internet last month and came face-to-face with his 2006 police mug shot.

The information below the photo, one of millions posted on commercial website mugshots.com, did not mention that the apartment Jones was arrested for burglarizing was the one he’d recently moved out of, or that Florida prosecutors decided shortly afterward to drop the case. But, otherwise, the digital media artist’s run-in with the law was there for anyone, anywhere, to see. And if he wanted to erase the evidence, says Jones, now a resident of Livermore, Calif., the site’s operator told him it would cost $399.

The practice seems outrageous, but is there any way the law can address it? The First Amendment protects people in publishing any information they glean from public records. See Cox Broadcasting Corp. v. Cohn, 420 US 469 (1975).

But this practice might run afoul of the blackmails statutes in many states. For example, here’s Kansas’s blackmail statute:

Blackmail is gaining or attempting to gain anything of value or compelling another to act against such person’s will, by threatening to communicate accusations or statements about any person that would subject such person or any other person to public ridicule, contempt or degradation.

There are several interesting issues here.

First, does the practice of this site and others like it violate some blackmail statutes? The statute I quoted above appears to focus on the threat to divulge information, but it is unclear as to whether the information must previously be unknown. The site has already revealed the information; the money is demanded to stop doing so. Blackmail is a relatively rare legal issue these days, and I don’t know offhand how this practice would fit into many blackmail laws. But there definitely seems to be a decent argument that the site’s practices might be quite close to blackmail.

Read More

3

Employers and Schools that Demand Account Passwords and the Future of Cloud Privacy

Passwords 01In 2012, the media erupted with news about employers demanding employees provide them with their social media passwords so the employers could access their accounts. This news took many people by surprise, and it set off a firestorm of public outrage. It even sparked a significant legislative response in the states.

I thought that the practice of demanding passwords was so outrageous that it couldn’t be very common. What kind of company or organization would actually do this? I thought it was a fringe practice done by a few small companies without much awareness of privacy law.

But Bradley Shear, an attorney who has focused extensively on the issue, opened my eyes to the fact that the practice is much more prevalent than I had imagined, and it is an issue that has very important implications as we move more of our personal data to the Cloud.

The Widespread Hunger for Access

Employers are not the only ones demanding social media passwords – schools are doing so too, especially athletic departments in higher education, many of which engage in extensive monitoring of the online activities of student athletes. Some require students to turn over passwords, install special software and apps, or friend coaches on Facebook and other sites. According to an article in USA Today: “As a condition of participating in sports, the schools require athletes to agree to monitoring software being placed on their social media accounts. This software emails alerts to coaches whenever athletes use a word that could embarrass the student, the university or tarnish their images on services such as Twitter, Facebook, YouTube and MySpace.”

Not only are colleges and universities engaging in the practice, but K-12 schools are doing so as well. A MSNBC article discusses the case of a parent’s outrage over school officials demanding access to a 13-year old girl’s Facebook account. According to the mother, “The whole family is exposed in this. . . . Some families communicate through Facebook. What if her aunt was going through a divorce or had an illness? And now there’s these anonymous people reading through this information.”

In addition to private sector employers and schools, public sector employers such as state government agencies are demanding access to online accounts. According to another MSNBC article: “In Maryland, job seekers applying to the state’s Department of Corrections have been asked during interviews to log into their accounts and let an interviewer watch while the potential employee clicks through posts, friends, photos and anything else that might be found behind the privacy wall.”

Read More

0

Harvard Law Review Privacy Symposium Issue

The privacy symposium issue of the Harvard Law Review is hot off the presses.  Here are the articles:

SYMPOSIUM
PRIVACY AND TECHNOLOGY
Introduction: Privacy Self-Management and the Consent Dilemmas
Daniel J. Solove

What Privacy is For
Julie E. Cohen

The Dangers of Surveillance
Neil M. Richards

The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures
Paul M. Schwartz

Toward a Positive Theory of Privacy Law
Lior Jacob Strahilevitz

1

Privacy Self-Management and the Consent Dilemma

I’m pleased to share with you my new article in Harvard Law Review entitled Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013). You can download it for free on SSRN. This is a short piece (24 pages) so you can read it in one sitting.

Here are some key points in the Article:

1. The current regulatory approach for protecting privacy involves what I refer to as “privacy self-management” – the law provides people with a set of rights to enable them to decide how to weigh the costs and benefits of the collection, use, or disclosure of their information. People’s consent legitimizes nearly any form of collection, use, and disclosure of personal data. Unfortunately, privacy self-management is being asked to do work beyond its capabilities. Privacy self-management does not provide meaningful control over personal data.

2. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data, assumptions that underpin and legitimize the privacy self-management model.

3. People cannot appropriately self-manage their privacy due to a series of structural problems. There are too many entities collecting and using personal data to make it feasible for people to manage their privacy separately with each entity. Moreover, many privacy harms are the result of an aggregation of pieces of data over a period of time by different entities. It is virtually impossible for people to weigh the costs and benefits of revealing information or permitting its use or transfer without an understanding of the potential downstream uses.

4. Privacy self-management addresses privacy in a series of isolated transactions guided by particular individuals. Privacy costs and benefits, however, are more appropriately assessed cumulatively and holistically — not merely at the individual level.

5. In order to advance, privacy law and policy must confront a complex and confounding dilemma with consent. Consent to collection, use, and disclosure of personal data is often not meaningful, and the most apparent solution – paternalistic measures – even more directly denies people the freedom to make consensual choices about their data.

6. The way forward involves (1) developing a coherent approach to consent, one that accounts for the social science discoveries about how people make decisions about personal data; (2) recognizing that people can engage in privacy self-management only selectively; (3) adjusting privacy law’s timing to focus on downstream uses; and (4) developing more substantive privacy rules.

The full article is here.

Cross-posted on LinkedIn.

7

Copyright’s Constitutional Chameleon

by John Duffy, Peter Strauss and Michael Herz

Earlier this year, more than 100,000 citizens petitioned the White House to overturn a copyright rule issued by the Librarian of Congress that made unlocking a cell phone a crime.  The White House responded by promising to seek legislation to overturn the Librarian’s rule.  That was the most the President would or could do because “[t]he law gives the Librarian the authority,” and the Administration would “respect that process,” even though the Librarian acted contrary to the Administration’s views.  See here. As the New York Times reported, “because the Library of Congress, and therefore the copyright office, are part of the legislative branch, the White House cannot simply overturn the current ruling.” See here.

There’s only one problem with all of this:  The Department of Justice has been vigorously arguing precisely the contrary constitutional position in the federal courts. Read More

0

Last Call for Contracts Survey

 

 

 

 

 

Contracts teachers are asked to complete a brief online survey to help the planning and execution of a symposium Washington Law Review is preparing to host on the exciting new book, Contracts in the Real World: Stories of Popular Contracts and Why They Matter, by Lawrence A. Cunningham of George Washington University (published by Cambridge University Press in 2012).

This innovative text embraces a modern, narrative approach to contract law, exploring how cases ripped from the headlines of recent years often hinge on fundamental principles extracted from the classic cases that appear in contracts casebooks. Such an approach suggests new ways to imagine modern casebooks.  In addition to an article by Prof. Cunningham, the WLR will publish in its December 2013 issue  a half dozen pieces by many luminaries and notables, including:

Charles Knapp (NYU/Hastings)

Brian Bix (Minnesota)

Erik Gerding (Colorado)

Jake Linford (Florida State)

Jennifer Taub (Vermont)

To help these scholars and WLR editors with this effort, please fill out the online survey today!

 

2

New Titles from NYU Press

Here are some recent titles from NYU Press:

Priests of Our Democracy: The Supreme Court, Academic Freedom, and the Anti-Communist Purge

Marjorie Heins

 

Why Jury Duty Matters: A Citizen’s Guide to Constitutional Action

Andrew Guthrie Ferguson

 

Up Against a Wall: Rape Reform and the Failure of Success

Rose Corrigan

 

What Is Parenthood? Contemporary Debates about the Family

Edited by Linda C. McClain and Daniel Cere

 

The New Kinship: Constructing Donor-Conceived Families

Naomi R. Cahn

 

Lawless Capitalism: The Subprime Crisis and the Case for an Economic Rule of Law

Steven A. Ramirez


Neoconservative Politics and the Supreme Court: Law, Power, and Democracy

Stephen M. Feldman

 

Punishing Immigrants: Policy, Politics, and Injustice

Edited by Charis E. Kubrin, Marjorie S. Zatz and Ramiro Martínez, Jr.

Please check out the above books. You can propose a review of one of these books or another recent title not on the list. We’re aiming for reviews between 500 – 1500 words, ideally about 1000 words. Please email your proposals to me.

1

New Titles from Oxford University Press

OUPHere are some new titles from Oxford University Press. If you’re interested in reviewing a book, please let me know and tell me a bit about your background. If I select you as a reviewer for the book, Oxford University Press will send you a free review copy.

 

Louis Michael Seidman, On Constitutional Disobedience

 

Michael J. Klarman, From the Closet to the Altar: Courts, Backlash, and the Struggle for Same-Sex Marriage

 

Ganesh Sitaramanm The Counterinsurgent’s Constitution: Law in the Age of Small Wars

 

J. Harvie Wilkinson, III, Cosmic Constitutional Theory: Why Americans Are Losing Their Inalienable Right to Self-Governance  

 

Sanford Levinson, Framed: America’s 51 Constitutions and the Crisis of Governance   

 

Stephen J. Schulhofer, More Essential than Ever: The Fourth Amendment in the Twenty First Century

 

Daniel Kanstroom, Aftermath: Deportation Law and the New American Diaspora

 

G. Edward White, Law in American History: Volume 1: From the Colonial Years Through the Civil War

 

Gary Rosen, Unfair to Genius: The Strange and Litigious Career of Ira B. Arnstein

 

George Fletcher’s Essays on Criminal Law (Edited by Russell Christopher)

 

Albert W. Dzur, Punishment, Participatory Democracy, and the Jury