PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

AI, Algorithms, and Awful Humans – Final Published Version

Article - Solove Matsumi AI Algorithms Awful Humans 09

I am pleased to share the final published version of my short essay with Yuki Matsumi. It was written for a symposium in Fordham Law Review.

AI, Algorithms, and Awful Humans
92 Fordham L. Rev. 1923 (2024)

Mini Abstract:

This Essay critiques arguments that algorithmic decision-making is better than human decision-making. Two arguments are often advanced to justify the increasing use of algorithms in decisions. The “Awful Human Argument” asserts that human decision-making is often awful and that machines can decide better than humans. Another argument, the “Better Together Argument,” posits that machines can augment and improve human decision-making. We argue that such contentions are far too optimistic and fail to appreciate the shortcomings of machine decisions and the difficulties in combining human and machine decision-making. Automated decisions often rely too much on quantifiable data to the exclusion of qualitative data, resulting in a change to the nature of the decision itself. Whereas certain matters might be readily reducible to quantifiable data, such as the weather, human lives are far more complex. Human and machine decision-making often do not mix well. Humans often perform badly when reviewing algorithmic output.

Download the piece for free here:

Article - Solove Matsumi AI Algorithms Awful Humans 10

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter

Prof. Solove’s Privacy Training: 150+ Courses

Privacy Awareness Training 03

New Edition of PRIVACY LAW FUNDAMENTALS

Cover - Privacy Law Fundamentals 06

HOT OFF THE PRESS!  Privacy Law Fundamentals, Seventh Edition (2024).  This is my short guide to privacy law with Professor Paul Schwartz (Berkeley Law).

Believe it or not, there have been some new developments in privacy law . . .

“This book is an indispensable guide for privacy and data protection practitioners, students, and scholars. You will find yourself consulting it regularly, as I do. It is a must for your bookshelf” – Danielle Citron, University of Virginia Law School

“Two giants of privacy scholarship succeed in distilling their legal expertise into an essential guide for a broad range of the legal community. Whether used to learn the basics or for quick reference, Privacy Law Fundamentals proves to be concise and authoritative.” – Jules Polonetsky, Future of Privacy Forum

Button Learn More 01

If you’re interested in the digital edition, click here.

Cover - Privacy Law Fundamentals Digital

Button Learn More 01

Continue Reading

Webinar – The FTC, Privacy, and AI Blog

In case you missed my recent webinar with Maneesha Mithal, you can watch the replay here.  We discussed recent FTC enforcement actions, algorithmic deletion, the FTC’s current rulemaking, enforcement of the health breach notification rule, the FTC’s role in regulating AI, and other issues. Button Watch Webinar 02

Continue Reading

The Failure of Data Security Law

Failure of Data Security Law - Solove and Hartzog 02

Professor Woodrow Hartzog and I are posting The Failure of Data Security Law as a free download on SSRN. This is a chapter is from our book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT

In this book chapter, we survey the law and policy of data security and analyze its strengths and weaknesses. Broadly speaking, there are three types of data security laws: (1) breach notification laws; (2) security safeguards laws that require substantive measures to protect security; and (3) private litigation under various causes of action. We argue that despite some small successes, the law is generally failing to combat the data security threats we face.

Breach notification laws merely require organizations to provide transparency about data breaches, but the laws don’t provide prevention or a cure. Security safeguards laws are often enforced too late, if at all. Enforcement authorities wait until a data breach occurs, but penalizing organizations after a breach increases the pain of a breach marginally, but not enough to be a game changer. Private litigation has increased the costs of data breaches but has accomplished little else. Courts have often struggled to understand the harm from data breaches, so data breach cases have frequently been dismissed.

Overall, we contend that data security law is too reactionary. The law fails to do enough to prevent data breaches, focuses too much on organizations that suffer data breaches and ignores other contributing actors, and doesn’t take sufficient steps to mitigate the harm from data breaches.

Failure of Data Security Law - Solove and Hartzog 03

This chapter can stand alone, but of course, we encourage you to read our whole book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT

Cover - Breached 3D 03

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter

Prof. Solove’s Privacy Training: 150+ Courses

Privacy Awareness Training 03

European Data Protection Supervisor Interview

In this video, the European Data Protection Supervisor (EDPS) interviewed me as part of its 20 Talks Series to celebrate its 20th anniversary. From the EDPS description of this talk: “20 Talks is a series of insightful discussions with experts and influential personalities across diverse domains, looking into the profound implications of privacy and data protection within their specific spheres. In this episode, our guest is Daniel J. Solove, Professor of Intellectual Property and Technology Law, George Washington University Law School and President & CEO of TeachPrivacy.”

You can also watch the video on the EDPS 20 Talks site.

Continue Reading

Webinar – Trust: What CEOs and Boards Must Know About Privacy and AI Blog

Dominique Shelton-Leipzig - Trust

In case you missed my recent webinar with Dominique Shelton-Leipzig (Mayer Brown), you can watch the replay here.  We had a great discussion about why privacy is an issue that the C-Suite and Board must address. Dominique is the author of a new book on this topic, Trust.: Responsible AI, Innovation, Privacy and Data Leadership.

Button Watch Webinar 02

Continue Reading

Cartoon: AI Bias

Cartoon AI Water - TeachPrivacy Training 02 small

Here’s a new cartoon on AI bias and the magical thinking that AI is unbiased because technology is neutral.  Bias comes from the data that algorithms use, so the bias often pollutes the output. I discuss the issue in some of my recent work, including:

There are many other terrific works that delve deeply into this issue. A few scholars whose works I have learned greatly from include Ifeoma Ajunwa, Jessica Eaglin, Sandra Mayson, Dan Burk, Safiya Noble, Solon Barocas, Andrew Selbst, Anupam Chander, Sonja Starr, Ngozi Okidegbe, Andrew Gunthrie Ferguson, Talia Gillis, Elizabeth Joh, Pauline Kim, Margot Kaminski, Kate Crawford, Aziz Huq, Oscar Gandy, and Mega Leta Jones. There are many others. So much excellent work is being written. I hope policymakers look at this scholarship because it is really good and also quite practical.

Continue Reading

Artificial Intelligence and Privacy

AI and Privacy 01

I’m delighted to post my new article draft, Artificial Intelligence and Privacy. The article aims to provide the conceptual and practical ground work for how to understand the relationship between AI and privacy as well as provide a roadmap for how privacy law should regulate AI.

Here’s the abstract:

This Article aims to establish a foundational understanding of the intersection between artificial intelligence (AI) and privacy, outlining the current problems AI poses to privacy and suggesting potential directions for the law’s evolution in this area. Thus far, few commentators have explored the overall landscape of how AI and privacy interrelate. This Article seeks to map this territory.

Some commentators question whether privacy law is appropriate for addressing AI. In this Article, I contend that although existing privacy law falls far short of addressing the privacy problems with AI, privacy law properly conceptualized and constituted would go a long way toward addressing them.

Privacy problems emerge with AI’s inputs and outputs. These privacy problems are often not new; they are variations of longstanding privacy problems. But AI remixes existing privacy problems in complex and unique ways. Some problems are blended together in ways that challenge existing regulatory frameworks. In many instances, AI exacerbates existing problems, often threatening to take them to unprecedented levels.

Overall, AI is not an unexpected upheaval for privacy; it is, in many ways, the future that has long been predicted. But AI glaringly exposes the longstanding shortcomings, infirmities, and wrong approaches of existing privacy laws.

Ultimately, whether through patches to old laws or as part of new laws, many issues must be addressed to address the privacy problems that AI is affecting. In this Article, I provide a roadmap to the key issues that the law must tackle and guidance about the approaches that can work and those that will fail.

You can download my article for free on SSRN here:

Continue Reading