A lot has happened in privacy law in 2022 . . . which is actually nothing new because so much happens every year. I have thought about which 5 developments are the most notable, and here’s my list.
Continue Reading
If you couldn’t make it to my recent webinar on privacy law careers, you can watch the replay here. I had a great discussion with Karen Berkley, Jeewon Serrato and Eulonda Sykes about lateral moves and breaking into the privacy law field.
I also maintain pages with advice and information about privacy law careers that may be of interest.
We often hear of the dark side of artificial intelligence (AI), how it will plunge us into a dystopian world of lost privacy and bad automated decisions, culminating in the robots killing us all. Professor Orly Lobel’s The Equality Machine: Harnessing Digital Technology for a Brighter, More Inclusive Future (Public Affairs, October 2022) offers a very different view – one of optimism.
Orly’s book is an exuberant and insightful account of the bright side of AI and related digital technologies. Her book is filled with fascinating facts and engaging stories. It’s a refreshing perspective and a wonderful read.
Orly Lobel is the Warren Distinguished Professor of Law; University Professor; and Director, Center for Employment and Labor Policy at the U.C. San Diego School of Law. She has written several other terrific books, which are described on her website.
Here’s a cartoon about HIPAA confidentiality and our modern medical system. In the old days, medical confidentiality meant that people’s health information was seen by just a handful of people – doctors and their staff. These days, health information is widely shared. Countless people see a patient’s medical records and numerous organizations are provided with access.
If you couldn’t make it to my recent webinar on privacy and consumer choice, you can watch the replay here. I discussed the challenges of consumer choice in privacy with Christine Lyon (Freshfields), and Troy Sauro (Google).
I also have a paper on these issues that might be of interest, The Limitations of Privacy Rights, forthcoming in Notre Dame Law Review. You can download it here for free.
I’ve read many things about ADPPA, and I’ve written a few things about it as well. I remain highly ambivalent about the law; I truly am torn. Below are a few of the pieces that are especially insightful on different sides of the issue.
On Thursday, September 8, 2022 I will be speaking with Peking University Law School about my paper, The Limitations of Privacy Rights, 98 Notre Dame Law Review __ (forthcoming 2023). Here’s a very brief synopsis of the paper:
Privacy laws often rely too heavily on individual rights, which are at most capable of being a supporting actor, a small component of a much larger architecture. This article discusses the common privacy rights, why each falls short, and the types of broader structural measures that can protect privacy in a more systematic, rigorous, and less haphazard way.
If you couldn’t make it to my webinar to discuss a federal comprehensive privacy law you can watch the replay here. I spoke with an all-star set of speakers to discuss the American Data Privacy and Protection Act (ADPPA), a bill that Congress might enact as the first federal comprehensive privacy law in the U.S. Speakers include:
– Daniel Solove, GW Law and TeachPrivacy
– Omer Tene, Goodwin Proctor
– Susan Hintze, Hintze Law
– Jody Westby, Global Cyber Risk
– Alan Butler, EPIC
– Alastair Mactaggart, caprivacy.org
Professor Woodrow Hartzog and I have posted on SSRN another free chapter from our recent book. The chapter is entitled Unifying Privacy and Data Security.
The chapter is about the relationship between privacy and data security, and it can be read as a stand-alone essay. With our publisher’s gracious permission, we’re making this chapter available to download for free. Here’s the abstract:
Unifying Privacy and Data Security
This book chapter discusses the relationship between privacy and data security. Privacy is a key and underappreciated aspect of data security. Right now, there is a schism between privacy and security in companies. Privacy functions are commonly addressed by the compliance and legal departments, while security is handled by the information technology department. The two areas are commonly split apart and rarely speak to each other.
The chapter argues that we should bridge data security and privacy and make them go hand-in-hand in both law and policy. Strong privacy rules help create accountability for the collection, use, and dissemination of personal information and can reduce vulnerabilities and risk by minimizing the use and retention of personal information. Good privacy strengthens security. The chapter specifically focuses on the importance of data minimization and data mapping as privacy practices that have tremendous benefits for data security.
This piece is Chapter 7 of my book with Woodrow Hartzog, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). In the book, we explore the shortcomings of data security law. We argue that the law fails because, ironically, it focuses too much on the breach itself.
