PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Restoring the CDA Section 230 to What It Actually Says

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 4, 2021

CDA 230 02

When Donald Trump targeted the Communications Decency Act (CDA) Section 230, a debate about the law flared up.  Numerous reforms were proposed, some even seeking to abolish the law.  Unfortunately, the debate has been clouded with confusion and misinformation.

Although I disagree with many of the proposals to reform it or abolish Section 230, I have long believed that it has problems. A decade ago, I critiqued Section 230 extensively in my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (2007) (free download here).

The CDA Section230, at 47 U.S.C. § 230(c)(1), provides:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

The actual text of the law is fine, and I wouldn’t change it. My proposal for reform would be for Congress to reissue Section 230 with the same text and instruct courts to follow the actual text of the law.  The problem with Section 230 is that in a bout of free speech zeal, courts have interpreted the law to be far more extensive than it is written or should be.

Continue Reading

The Myth of the Privacy Paradox: Final Published Version

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 30, 2021

Article Privacy Paradox Solove 06

I’m happy to announce that my article is now out in print!

The Myth of the Privacy Paradox
89 Geo. Wash. L. Rev. 1 (2021)

You can download a copy for free at SSRN.

Abstract:

In this Article, Professor Daniel Solove deconstructs and critiques the privacy paradox and the arguments made about it. The “privacy paradox” is the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy.

Commentators typically make one of two types of arguments about the privacy paradox. On one side, the “behavior valuation argument” contends behavior is the best metric to evaluate how people actually value privacy. Behavior reveals that people ascribe a low value to privacy or readily trade it away for goods or services. The argument often goes on to contend that privacy regulation should be reduced.

On the other side, the “behavior distortion argument” suggests that people’s behavior is not an accurate metric of preferences because behavior is distorted by biases and heuristics, manipulation and skewing, and other factors.

Professor Solove argues instead that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies involves people making decisions about risk in very specific contexts. In contrast, people’s attitudes about their privacy concerns or how much they value privacy are much more general in nature. It is a leap in logic to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value privacy.

The behavior in the privacy paradox studies does not lead to a conclusion for less regulation. On the other hand, minimizing behavioral distortion will not cure people’s failure to protect their own privacy. Managing one’s privacy is a vast, complex, and never-ending project that does not scale. Privacy regulation often seeks to give people more privacy self-management, but doing so will not protect privacy effectively. Professor Solove argues instead that privacy law should focus on regulating the architecture that structures the way information is used, maintained, and transferred.

Click here to read the piece.

Continue Reading

Video: A View to Next Year and Beyond with Travis LeBlanc, Simon McDougall, Daniel Solove, Justin Antonipillai

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 29, 2021

Please check out the conversation I had with Travis LeBlanc (Cooley), Simon McDougall (UK ICO) and Justin Antonipillai (Wirewheel) on Data Privacy Day.  We discussed privacy developments for this year and beyond.

Continue Reading

Cartoon: The Relationship Between Privacy and Data Security

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 27, 2021

Cartoon Privacy and Security 01

I created this cartoon to highlight the relationship between privacy and data security. Privacy and data security are deeply interrelated.  Unfortunately, privacy is often overlooked as a key dimension of keeping data secure.  Minimizing data collection and ensuring that data isn’t retained for longer than needed both improve security immensely.  When there’s a data breach, much less data is exposed if these good data practices are maintained.

Imagine security as a safe.  The safe can be made of strong steel and have a great lock. But if the data in the safe is widely shared, how secure is it?  Sometimes, organizations are so focused on guarding the back door that they leave the front door wide open.

Continue Reading

Cartoon: Robots, CAPTCHA, and Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 17, 2021

Cartoon Robot CAPTCHA Privacy 01

This cartoon is about CAPTCHAs that people click to indicate that they are not robots. CAPTCHA is an acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Online, there is a scrum to gather and use data, a race to automate nearly everything, an invasion of good bots and bad bots that play an enormous role in the shape of the Internet.

In the old days, when questions would become too prying, people would say “None of your damn business!” These days, people often aren’t even asked; data is gathered at every turn, often surreptitiously.

If you want to license this cartoon or others for use, click here.

Continue Reading

ALI Data Privacy Principles

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 17, 2020

I’m pleased to announce that the ALI Data Privacy Principles are now in print.  From the ALI press release:

Principles of the Law, Data Privacy is now available in print. This is ALI’s first venture into the field of information privacy law. This project identifies core principles useful for bringing greater coherence to this area. Like all Principles projects, it seeks to provide best practices for institutions other than the courts—in this case entities that collect personal information and the legislatures and administrative agencies, state and federal, that regulate them.

Reporters Paul M. Schwartz of the University of California, Berkeley School of Law, and Daniel J. Solove of George Washington University Law School completed this project at a time when guidance on data privacy is more necessary than ever.

Professor Paul Schwartz and I were the co-reporters on the project. With a great team of advisers plus the helpful comments of ALI members, we drafted this document, which is similar to a model code. We have a forthcoming essay coming out in 2021 in the UCLA Law Review about the project and its black letter principles: ALI Data Privacy: Overview and Black Letter Text.

Continue Reading

Notable Privacy and Security Books 2020

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 10, 2020

Here are some notable books on privacy and security from 2020. To see a more comprehensive list of nonfiction works about privacy and security for all years, Professor Paul Schwartz and I maintain a resource page on Nonfiction Privacy + Security Books.

Continue Reading

Updated Line of Paperback Privacy Law Casebooks

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 6, 2020

Information Privacy Law Casebook - paperbacks

I’m happy to announce that Paul Schwartz and I have just published updated versions of our line of paperback privacy law casebooks. These paperbacks are excerpted parts of our Information Privacy Law casebook, which we recently published in a new 7th edition.  This new edition of the casebook has been revised to include the California Consumer Privacy Act, the GDPR, Carpenter, state biometric data laws, and many other new developments.

The paperback spinoff casebooks include:

Over at our Information Privacy Law casebooks website, you can see the table of contents for each book and find out information about obtaining review copies.

Also of possible interest is our short guidebook, PRIVACY LAW FUNDAMENTALS, published by IAPP.

Continue Reading

THE EYEMONGER – My New Children’s Book About Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 3, 2020

The Eyemonger - children's book about privacy

I’m happy to announce that I just published a new children’s book called The Eyemonger. I believe that this is the first work of children’s fiction about the topic of privacy.

About the book:

In a faraway land, a stranger arrives with promises of greater security in exchange for sacrificing privacy. His name is The Eyemonger, and he has 103 eyes. With the help of flying eye creatures, he spies on everybody. But his plan soon starts to go wrong. His constant watching makes people feel uncomfortable and stifles their creativity. When people complain, The Eyemonger asks: “Do you have something to hide?” The Eyemonger eventually encounters an artist who resists his surveillance and teaches him an important lesson about the value of privacy.

The topic of privacy is rarely covered in children’s books. Written by the international privacy expert Daniel J. Solove, the Eyemonger discusses privacy in a way that children can understand. Ryan Beckwith’s rich and detailed illustrations create a fascinating gothic world of curiosity and wonder.

From Publisher’s Weekly:

Solove debuts in children’s literature with an age-appropriate, delightfully illustrated story concerned with issues of privacy. . . . Solove’s underlying theme and catchy rhymes sit perfectly on the cusp of children’s and middle-grade reading levels, and Beckwith’s eye-catching and brilliantly detailed illustrations will inspire young imaginations to soar. Solove’s background in privacy law is on clear display through the clever manipulation of the Eyemonger—who preaches “If you have nothing to hide you have nothing to fear”—until he at last understands that inspiration and creativity come to a standstill under his vigilance. . . . Beckwith’s evocative illustrations create a gaslit, vaguely steampunk mood that will remind readers of classic adventure tales even as the story takes on complex themes of consent and creativity. Despite the divergence from more traditional storybook lessons, the concept of government overreach presented in this uniquely cautionary fantasy will educate children and their caregivers as well.

Here are some pages from The Eyemonger:

The Eyemonger - Daniel J. Solove

Continue Reading