I strongly recommend teaching information privacy law in law schools. I have authored several textbooks in the field, and I know that this might seem like a self-plug. But I really am a big believer that all law schools should have not just one course on information privacy law, but several — no matter what textbooks are used!
So if you’re an academic interested in exploring issues involving information technology, criminal procedure, or free speech, you should consider adding information privacy law to your course package. If you’re a practitioner, consider teaching an information privacy law course as an adjunct.
The article addresses the scope of FTC authority in the areas of privacy and data security (which together we refer to as “data protection”). We argue that the FTC not only has the authority to regulate data protection to the extent it has been doing, but that its granted jurisdiction can expand its reach much more. Normatively, we argue that the FTC’s current scope of data protection authority is essential to the United States data protection regime and should be fully embraced to respond to the privacy harms unaddressed by existing remedies available in tort or contract, or by various statutes. In contrast to the legal theories underlying these other claims of action, the FTC can regulate with a much different and more flexible understanding of harm than one focused on monetary or physical injury.
We contend that the FTC can and should push the development of norms a little more (though not in an extreme or aggressive way). We discuss why the FTC should act with greater transparency and more nuanced sanctioning and auditing.
The article was part of a great symposium organized by the George Washington University Law Review: The FTC at 100.
Here is a table of contents of the issue, along with links to where you can access each essay and article.
“The US is developing a law of cybersecurity that is incoherent and unduly complex,” says Ed McNicholas, one of the foremost experts on cybersecurity law.
McNicholas is a partner at Sidley Austin LLP and co-editor of the newly-published treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk (with co-editor Vivek K. Mohan). The treatise is a superb guide to this rapidly-growing body of law, and it is nicely succinct as treatises go. It is an extremely useful volume that I’m delighted I have on my desk. If you practice in this field, get this book.
I recently received my copy of Social Dimensions of Privacy, edited by Beate Roessler & Dorota Mokrosinska. The book was published by Cambridge University Press this summer.
I’m delighted as I look over this book. The book has a wonderful selection of short philosophical essays on privacy, and I’m honored to be included among the terrific group of chapter authors, who include Anita Allen, Paul Schwartz, Helen Nissenbaum, Judith Wagner DeCew, Kirsty Hughes, Colin Bennett, Adam Moore, and Priscilla Regan, among many others. Each chapter is succinct and well-chosen.
From the book blurb: “Written by a select international group of leading privacy scholars, Social Dimensions of Privacy endorses and develops an innovative approach to privacy. By debating topical privacy cases in their specific research areas, the contributors explore the new privacy-sensitive areas: legal scholars and political theorists discuss the European and American approaches to privacy regulation; sociologists explore new forms of surveillance and privacy on social network sites; and philosophers revisit feminist critiques of privacy, discuss markets in personal data, issues of privacy in health care and democratic politics. The broad interdisciplinary character of the volume will be of interest to readers from a variety of scientific disciplines who are concerned with privacy and data protection issues.”
My chapter is entitled “The Meaning and Value of Privacy.”
What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it. Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated. Privacy laws are also based on a conception of privacy, which informs what things the laws protect. Decisions involving privacy by design also involve a conception of privacy. When privacy is “baked into” products and services, there must be some understanding of what is being baked in.
Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data. Privacy is much more than these things. Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception. Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems. Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.
It is thus imperative to think through what privacy is. If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.
In my work, I have attempted to develop a practical and useable conception of privacy. In what follows, I will briefly describe what I have developed.