PRIVACY + SECURITY BLOG

News, Developments, and Insights

The Limits of the CDA Section 230: Accountability for Algorithmic Decisions

The U.S. Court of Appeals for the Third Circuit just handed down a very important decision on the Communications Decency Act (CDA) Section 230 and accountability for algorithmic decisions. In Anderson v. TikTok (3rd Cir. Aug, 27, 2024), the Third Circuit held that there are limits to the broad immunity under the CDA Section 230. As […]

U.S. State Privacy Laws – A Lack of Imagination

The U.S. lacks a federal comprehensive privacy law, but the states have sprung into action by passing broadly-applicable consumer privacy laws.  Nearly 20 states have passed such laws – so about 40% of the states now have privacy laws. Are these laws any good? Short answer: No But I am glad they exist.  Well, sort […]

AI’s Fishy Branding

One can learn a lot about AI from fish. The 1990s were a terrible time for the toothfish. An ugly fish inhabiting the deep seas, the toothfish (pictured above) was long considered a “trash fish,” undesirable to eat, a worthless catch. The toothfish’s fate was fine until overfishing decimated the stocks of the long-popular fish, […]

The Great Scrape: The Clash Between Scraping and Privacy

I’m posting a new article draft with Professor Woodrow Hartzog (BU Law), The Great Scrape: The Clash Between Scraping and Privacy. We argue that “scraping” – the automated extraction of large amounts of data from the internet – is in fundamental tension with privacy. Scraping is generally anathema to the core principles of privacy that […]

Kafka in the Age of AI and the Futility of Privacy as Control

I’m posting the final published version of my essay with Professor Woodrow Hartzog (BU Law), Kafka in the Age of AI and the Futility of Privacy as Control, 104 B.U. L. Rev. 1021 (2024). It’s a short engaging read – just 20 pages!  We argue that although Kafka shows us the plight of the disempowered […]

Against Privacy Essentialism – My Response to Angel and Calo’s Critique of My Theory of Privacy

What is “privacy”? The concept of privacy has been elusive to define, but I developed a theory for understanding privacy about 20 years ago. Maria Angel and Ryan Calo recently published a formidable critique of my theory of privacy: Maria P. Angel and Ryan Calo, Distinguishing Privacy Law: A Critique of Privacy as Social Taxonomy, […]

Murky Consent: An Approach to the Fictions of Consent in Privacy Law – FINAL VERSION

I’m delighted to share the newly-published final version of my article: Murky Consent: An Approach to the Fictions of Consent in Privacy Law 104 B.U. L. Rev. 593 (2024) I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.  I welcome feedback and hope […]

Webinar – Another Privacy Bill on Capitol Hill: The American Privacy Rights Act Blog

In case you missed my recent webinar with Laura Riposo VanDruff and Jules Polonetsky, you can watch the replay here.   We discussed the strengths and weaknesses of the American Privacy Rights Act (APRA) and its likelihood of passing.