Archives

Christopher Wolf, Delusions of Adequacy? Examining the case for finding the US adequate for cross-border EU-US data transfers

By privacylaw | Posted on

Christopher Wolf, Delusions of Adequacy?  Examining the case for finding the US adequate for cross-border EU-US data transfers

Comment by: Joel Reidenberg

PLSC 2013

Workshop draft abstract:

The Council and the European Parliament have given the European Commission the power to determine, on the basis of Article 25(6) of directive 95/46/EC whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. The effect of such a decision is that personal data can flow from the 27 EU countries and three EEA member countries (Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary.  The Commission so far has recognized Andorra, Argentina, Australia, Canada, Switzerland, Faeroe Islands, Guernsey, State of Israel, Isle of Man, Jersey as providing adequate protection.  The Commission has not recognized the privacy framework of the United States as adequate, although it has accepted the US Department of Commerce’s Safe harbor Privacy Principles, and the transfer of Air Passenger Name Record to the United States’ Bureau of Customs and Border Protection.  Despite the elaborate process in the European Union for considering the adequacy of a national privacy framework, the Commission has overlooked essential elements of the US framework that from an objective standard of adequacy should result in a positive finding, and the elimination of burdensome and expensive additional requirements for cross-border transfers of data.  With the possible advent of a new EU General Data Protection Regulation, and the potential for even greater restrictions on cross-border transfers to “non-adequate” nations, this paper reviews the elements of the US framework that entitle the US to a finding of adequacy and shows, with respect to certain data and as to security breaches — one of the most significant threats to privacy — that the US framework is in fact more protective than that in the EU.  The paper acknowledges shortcomings in the frameworks on both sides of the Atlantic, and compares the approaches to improving the frameworks, but concludes that the shortcomings in the US system, real or perceived, are insufficient justification for a refusal by the European Commission to find the US framework adequate.  The paper concludes that the goals of international cooperation, of improving privacy and data protection, of interoperability and of coordinated enforcement will be furthered by the recognition of the US framework as adequate.

Margot E. Kaminski and Shane Witnov, The VPPA is Dead, Long Live the VPPA: On Legislative Proposals for Protecting Reader and Viewer Privacy

By privacylaw | Posted on

Margot E. Kaminski and Shane Witnov, The VPPA is Dead, Long Live the VPPA: On Legislative Proposals for Protecting Reader and Viewer Privacy

Comment by: Christopher Wolf

PLSC 2013

Workshop draft abstract:

This paper will add to the existing literature on “intellectual privacy.”  It will examine the current state of legislated privacy for readers or viewers of intellectual goods, in the wake of the recent amendments to the federal Video Privacy Protection Act (VPPA).  This renewed analysis is necessary in light of recent political, judicial, technological, and social developments. This paper additionally aims to introduce more history and social science research into the legal literature on intellectual privacy.

Part I: Contribution to discussion of why Intellectual Privacy Matters

The first part of this paper will contribute to the ongoing scholarship on why intellectual privacy is important. It will do so from three perspectives: legal, historical, and sociological and psychological.

Several scholars have examined First Amendment jurisprudence for evidence of protection for readers and their freedom to inquire and develop ideas.  This paper will revisit this jurisprudence with a narrower focus, looking for when courts have supported intellectual privacy in ways more directly relevant to a right to read unobserved.  This section will also discuss at greater length the divide in the First Amendment between protection for speakers and protection for readers and listeners, comparing it to the clear protection for readers that exists in international law.

This paper will additionally add to the intellectual privacy literature with analysis of related recent and forthcoming jurisprudence. In particular,  the Supreme Court recently decided U.S. v. Jones, on GPS location tracking. Several Justices expressed concerns about dragnet surveillance and its implications for associational privacy. The case of Clapper v. Amnesty International USA will likely come down later in 2013, and will have consequences for the Court’s understanding of privacy harms and standing, in both the First and Fourth Amendment contexts.

This paper also aims to introduce more in-depth historical and social science examples into the legal literature. It will discuss historical examples of the effects of totalitarian regimes on creative freedom and speech. And it will examine social science literature on surveillance and chilling effects, and additionally examine social science literature on conditions necessary for creative process.

Part II: Recent technological and social developments

In recent years, a number of significant technological and social developments have taken place related to intellectual privacy. As both Richards and Kaminski noted, in 2011-2012 “frictionless reading” arose on Facebook.  However, by the end of 2012, the Guardian closed its social reader app, and use of the Washington Post’s Social Reader declined by 95 percent.  Additionally in 2012, the novel Fifty Shades of Grey became a best-seller.  The book’s success was credited to the rise of e-book readers and the feeling of privacy readers had because others couldn’t see the book’s cover in public, and the tame covers ultimately chosen by the publishers for the hard copy of the book.  The visible failure of frictionless reading and the success of Fifty Shades of Grey suggest that current social norms support legislation protecting the privacy of reading materials. However, increasingly librarians have been moving away from privacy protection as they move into supplying e-books, suggesting that private ordering by social institutions may no longer be a dependable solution.

A recent technological development has serious implications for intellectual privacy, and has not been adequately discussed. Digital technology now supports surveillance of readers (including students) on an increasingly granular level.  The Kindle can track highlighted passages, and the pace at which one reads. E-textbooks can report back on how much students are reading or paying attention.  Eye trackers can pinpoint exactly where viewers pay attention.  This phenomenon of increased granularity and its significance for the theorizing of intellectual privacy has not been remarked on at any length in existing literature.  This paper will discuss whether and when there is a distinction between purchasing information goods and using such goods to form ideas, and whether additional protection should be afforded to the details of reading behavior.  This paper will thereby attempt to incorporate into intellectual privacy the growing literature on mind reading and self-incrimination.  It will also address the tension between monetization through monitoring, and respect for readers’ privacy.

Part III: Legislation

As Neil M. Richards noted in his recent article on social reading, there were two significant political developments concerning reader/viewer privacy in 2012.  The California Reader Privacy Law was passed in 2012,  but industry also pushed heavily for amendments to the VPPA. Since Richards’ article, the VPPA Amendments Act of 2012 was passed by Congress on December 20, 2012 and currently awaits Presidential signature.

This paper will review and categorize state legislation on library records, bookstores, and video rentals. It will review this legislation with attention to the following: notice requirements, data retention or deletion requirements, consent requirements, protection from consequences such as profiling, limitations on law enforcement behavior, and the creation of private rights of action. The authors of this paper believe that a thorough categorization of these axes will provide a more thorough depiction for legislators than a focus on just notice and consent.

The paper will close with a proposal for state and/or federal legislation supporting intellectual privacy.

Colette Vogele & Erica Johnstone, Without My Consent

By privacylaw | Posted on

Colette Vogele & Erica Johnstone, Without My Consent

Comment by: Christopher Wolf

PLSC 2011

Workshop draft abstract:

Without My Consent is a web-based project to combat online invasions of privacy: http://www.withoutmyconsent.org/

It’s no secret that the use of private information to harm a person’s reputation through public humiliation and harassment of the most intimate sort is an increasingly popular tactic employed by harassers.  Some examples include: the nightmare ex who posts sexually explicit photos and videos online or threatens to do so; the abusive ex who procured those images using threats or coercion; the high school boyfriend who videotapes a sexual encounter and shares the video with everyone in school, and the Peeping Tom who surreptitiously records and uploads images to pornographic websites.  Because of the online (“cyber”) nature of the activity, victims are often left with no clear path to justice to restore their reputation, and overcome the serious harms caused by the harassment.  This is because the defendants are anonymous, and the websites may elect not to remove the content when requested. In instances when the content is removed, it more than likely will reappear on the same or a different site, and then, within a short period of time is indexed by search engines under the individual’s name or other indicia of her identity (e.g., unique avatars, handles, and usernames).

The Without My Consent website, which we are workshopping at the PLSC, is intended to empower individuals harmed by online privacy violations to stand up for their rights. The beta launch of the site (set for Summer 2011) will focus on the specific problem of the publication of private images online. It will provide legal and non-legal tools for combating the problem, and encourage the development of case law on anonymous-plaintiff lawsuits.  Our hope is that the site will also inspire meaningful debate about the internet, accountability, free speech, and the serious problem of online invasions of privacy.

Raphael Cohen-Almagor, Net Responsibility in Democracies

By privacylaw | Posted on

Raphael Cohen-Almagor, Net Responsibility in Democracies

Comment by: Christopher Wolf

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1650702

Workshop draft abstract

The Internet’s design and raison d’être are complete freedom, but soon enough people began to exploit the Net’s massive potential to enhance partisan interests, some of which are harmful and anti-social. As can be expected, given that the Internet has been a part of our lives for a relatively short time, the discussions concentrate on the social production, technological, architectural, geographical aspects of the Net. The discussions about the costs and harms of the Internet, and how to address them, are – on the other hand – in their infancy. The transnational nature of the World-Wide-Web and its vast content make regulation very difficult, some say virtually impossible.

In this paper I wish to address the ethical, social and legal problems rooted in technology in response to potential risks on the Internet. The Internet is not the problem. The problem arises where it is utilized to undermine our well-being as autonomous beings living in free societies. This study focuses on articulating possible solutions to specific problems and on providing a framework within which these problems can be addressed and resolved. It strives to suggest an approach informed by the experiences of democratic societies with different norms and legal cultures; one that harnesses the capacities of the public and private sectors in reaching viable, practical solutions.

In the focus of my discussion are the neglected concepts of moral responsibility and of social responsibility, adopting them to the Internet realm. I will discuss and explain the concepts and their implications on people and society. I then address the issue of moral and social responsibilities of Net users (agents), focusing, inter alia, on the tragic story of Megan Meier. Next I move on to discuss the responsibilities of ISPs and web-host companies. Should they take effort to monitor their sites for such information or are they relieved of any responsibility? This is arguably the most intriguing and complex issue of Net responsibility. I argue that ISPs and web-hosting companies should aspire to take responsibility for content, and that they should respect and abide by the laws of the countries in which they operate. The dream of a medium that transcends geographical borders and facilitates unlimited and inexpensive access to consumers without any regulatory restrictions is over.  A case in point is LICRA v. Yahoo! Inc. and Yahoo! France (Tribunal de Grande Instance de Paris, 22 May 2000). Next I turn to the issue of readers’ moral and social responsibilities: Responsibility of people who encounter malicious postings on the Internet, some of which might be damaging and harmful. Should they simply read the postings and move on or do something about it? Then I discuss state responsibility and finally reflect on the responsibility of the international community. I argue for international cooperation to address international concerns.: