I have posted to SSRN a copy of my latest draft article, The Myth of the Privacy Paradox. It’s available for download for free.
Here’s the abstract:
It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments.
NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective. What is notable privacy law depends upon where one is situated. For example, if one is from a small country, that country’s developments are quite notable even if not well-known on a worldwide stage.
Over at Lawfare, I have an essay co-authored by Chris Hoofnagle and Woodrow Hartzog called The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress. This piece is also posted at the Brooking Institution’s TechTank. The essay begins:
Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the agency is up to the task of protecting privacy. Many people, including some skeptics of the FTC’s ability to rein in Silicon Valley, lauded the settlement, or at least parts of it.
Others, however, saw the five-billion-dollar fine, oversight reforms, and compliance certification measures as a drop in the bucket compared to Facebook’s profits. Two dissenting FTC commissioners and other critics pointed out that the FTC did not change Facebook’s fundamental business model nor hold Mark Zuckerberg personally liable, despite hints that the company fell out of compliance with its original 2010 FTC consent order soon after that agreement was inked. Some privacy advocates and lawmakers even argued that the limits of the settlement are evidence that the FTC, the leading privacy regulator in the U.S. since the late 1990s, is no longer the right agency to protect our personal information from Big Tech. They support creating a new, consumer privacy-focused federal agency.
We think the FTC is still the right agency to lead the US privacy regulatory effort. In this essay, we explain the FTC’s structural and cultural strengths for this task, and then turn to reforms that could help the FTC rise to modern information privacy challenges. Fundamentally, the FTC has the structure and the legal powers necessary to enforce reasonable privacy rules. But it does need to evolve to meet the challenge of regulating modern information platforms.
You can read the rest of the essay over at Lawfare.
It is sad to say goodbye to ConcurringOpinions.com, a law professor blog I co-founded in 2005. The blog began when a group of us (Dave Hoffman, Kaimi Wenger, Nate Oman, and me) who were blogging at PrawfsBlawg decided we wanted more autonomy in blog governance, so we founded Concurring Opinions. Over the years, we added many great permabloggers: Danielle Citron, Deven Desai, Frank Pasquale, Gerard Magliocca, Ronald K.L. Collins, Larry Cunningham, Naomi Cahn, Sarah Waldeck, Solangel Maldonado, Corey Yung, Jaya Ramji-Nogales, and others.
Cybersecurity litigation is currently at a crossroads. Courts have struggled in these cases, coming out in wildly inconsistent ways about whether a data breach causes harm. Although the litigation landscape is uncertain, there are some near certainties about cybersecurity generally: There will be many data breaches, and they will be terrible and costly. We thus have seen the rise of cybersecurity insurance to address this emergent and troublesome risk vector.
I am delighted to be interviewing Kimberly Horn, who is the Global Focus Group Leader for Cyber Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to data breaches and network intrusions. She also has extensive experience managing class action litigation, regulatory investigations, and PCI negotiations arising out of privacy breaches.