This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms. I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking process. It’s easy to say in the abstract that ethics is important. But to truly matter, ethics must be a part of the primary design process, not a secondary consideration. The amount of innovation going into new technology is staggering. Although time and effort are being spent on ethics, far less innovation is going into developing the ethical part of technological design.
All posts in Privacy
A recent case involving the Illinois Biometric Information Privacy Act (BIPA), Rivera v Google (N.D. Ill. No. 16 C 02714, Dec. 28, 2018), puts the ills of Spokeo Inc. v. Robins on full display. In Rivera, plaintiffs sued Google under BIPA, which prohibits companies from collecting and storing specific types of biometric data without people’s consent. The plaintiffs alleged that Google collected and used their face-geometry scans through Google Photos without their consent. Google’s face recognition feature is defaulted to being on unless users opt out. Instead of addressing the merits of the plaintiffs’ lawsuit under BIPA, the court dismissed the case for lack of standing based on Spokeo, a fairly recent U.S. Supreme Court case on standing.
Spokeo is a terrible decision by the U.S. Supreme Court. It purports to be an attempt to clarify the test for standing to sue in federal court, but it flunks on clarity and coherence. I previously wrote an extensive critique of Spokeo when the decision came out in 2016.
Beyond Spokeo‘s incoherent mess, there is another part of the opinion that is far worse — Spokeo authorizes courts to override legislatures in determining whether there’s a cognizable privacy harm under a legislature’s own statute. This part of Spokeo is a major usurpation of legislative power — it undermines a legislature’s determination about the proper remedies for violations of its own laws.
I’m pleased to announce that there is a newly-created archive of all of my notable privacy+security books posts – for years 2008-present. Together, there are probably about 100 books featured. The past decade has seen a tremendous abundance of scholarship on privacy and security topics, and there are some truly essential books discussed in these posts.
If you’re interested in a more comprehensive listing of privacy+security books (including books written before the past 10 years), Paul Schwartz and I maintain a page over at our Privacy+Security Academy website that lists privacy+security non-fiction books.
It is sad to say goodbye to Concurring Opinions, a law professor blog I co-founded in 2005. The blog began when a group of us (Dave Hoffman, Kaimi Wenger, Nate Oman, and me) who were blogging at PrawfsBlawg decided we wanted more autonomy in blog governance, so we founded Concurring Opinions. Over the years, we added many great permabloggers: Danielle Citron, Deven Desai, Frank Pasquale, Gerard Magliocca, Ronald K.L. Collins, Larry Cunningham, Naomi Cahn, Sarah Waldeck, Solangel Maldonado, Corey Yung, Jaya Ramji-Nogales, and others.
Move over robocop, there’s a new constable in town — the robocall cop. In the past decade, robocalls have surged. There has also been a dramatic rise in litigation about these calls under the Telephone Consumer Protection Act (TCPA). The TCPA litigation is led by a small group of serial litigators, people who have assumed the role of private enforcers of the TCPA. This is a fascinating story about how privacy law combats the growing scourge of robocalls. We are seeing the effective use of private litigation as an enforcement tool, but there are differing interpretations about the virtues of the robocall cops. Also wrapped up on the story is the issue of harm.
Robocalls are rising at an alarming rate. In the month of September 2017 alone, there were 2.4 billion robocalls. The number keeps rising per month, and September 2018 gave birth to 4.1 billion robocalls. At this rate, there may be billions and billions more robocalls than stars in the universe! Robocalls are definitely a problem. I’ve never heard of anyone who likes robocalls; the mosquito probably ranks higher in popularity. But robocalls persist and proliferate. Annually, in the United States, the number of robocalls exceeds 100 per person. There are 4.5 million robocall complaints per year to the FTC.
Along with the rise of robocalls, litigation has also been increasing. Lawsuits are perhaps a bit more popular than robocalls or mosquitos, but not by much. The TCPA, 47 U.S.C. § 227, passed in 1991, requires various forms of prior consent for robocalls, which are calls made with what the TCPA refers to as an “automatic telephone dialing system” (ATDS). Violations of the TCPA can be enforced through a private right of action, and there are statutory damages of $500 per violation ($1,500 for willful violations). The number of TCPA lawsuits has skyrocketed, from 14 federal cases in 2007 to 4,392 federal cases in 2017.
On December 4, 2018, New York Attorney General Barbara D. Underwood announced a $4.95 million settlement with Oath, Inc. (formerly known as AOL), for violating the Children’s Online Privacy Protection Act (COPPA). This is the largest penalty in a COPPA enforcement case in U.S. history.
12/13/18 Update: Here is the video from the session described below.
On Wednesday, December 12, 2018, I’ll be speaking at the Data Security hearing, part of the FTC Hearings on Competition and Consumer Protection in the 21st Century. My panel begins at 1:00 PM:
The U.S. Approach to Consumer Data Security
Wednesday, December 12, 2018 from 1:00 PM to 2:30 PM
Center for Democracy & Technology
Daniel J. Solove
George Washington University Law School
University of Pittsburgh
Perkins Coie LLP
Lisa J. Sotto
Hunton Andrews Kurth LLP
Moderator: James Cooper
Federal Trade Commission, Bureau of Consumer Protection
I previously spoke at an earlier hearing in this series back in September on a panel about consumer privacy protection (video / transcript). The upcoming hearing focuses on data security.
Happy Halloween! I hope you enjoy this privacy cartoon about Halloween and Big Data.
Cybersecurity litigation is currently at a crossroads. Courts have struggled in these cases, coming out in wildly inconsistent ways about whether a data breach causes harm. Although the litigation landscape is uncertain, there are some near certainties about cybersecurity generally: There will be many data breaches, and they will be terrible and costly. We thus have seen the rise of cybersecurity insurance to address this emergent and troublesome risk vector.
I am delighted to be interviewing Kimberly Horn, who is the Global Focus Group Leader for Cyber Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to data breaches and network intrusions. She also has extensive experience managing class action litigation, regulatory investigations, and PCI negotiations arising out of privacy breaches.