by Daniel J. Solove
“It’s just a flesh wound.”
– Monty Python and the Holy Grail
Suppose your personal data is lost, stolen, improperly disclosed, or improperly used. Are you harmed?
Suppose a company violates its privacy policy and improperly shares your data with another company. Does this cause a harm?
In most cases, courts say no. This is the case even when a company is acting negligently or recklessly. No harm, no foul.
by Daniel J. Solove
Today, the U.S. Supreme Court handed down a decision on two cases involving the police searching cell phones incident to arrest. The Court held 9-0 in an opinion written by Chief Justice Roberts that the Fourth Amendment requires a warrant to search a cell phone even after a person is placed under arrest.
The two cases are Riley v. California and United States v. Wurie, and they are decided in the same opinion with the title Riley v. California. The Court must have chosen toname the case after Riley to make things hard for criminal procedure experts, as there is a famous Fourth Amendment case called Florida v. Riley, 488 U,S, 445 (1989), which will now create confusion whenever someone refers to the “Riley case.”
by Daniel J. Solove
For trial attorneys, a key component to winning is carefully selecting people for the jury and tailoring arguments to best influence, nudge, or perhaps even manipulate jurors into reaching a particular verdict. As a result, there is a hunger to learn about the private lives of jurors, and serving on a jury can entail a huge loss of privacy.
by Daniel J. Solove
Identity theft is terrible crime, and it can wreak havoc on victims’ lives. In an identity theft, the thief uses a victim’s personal information to improperly access accounts, obtain credit in the victim’s name, or impersonate the victim for other purposes.
But there is an effective way to stop a lot of identity theft, and the legal framework is already in place to do it. In a relatively short time, the Federal Trade Commission (FTC) could prevent a significant amount of identity theft – perhaps even a majority of it – and no new laws need to be passed.
I know that it might be hard to believe – as hard to believe as a suitcase filled with a million dollars just sitting abandoned on the sidewalk – but it is quite true.
Before I explain how, I need to provide some background.
by Daniel J. Solove
Is the right to be forgotten good or bad?
This is the question many are asking these days in light of the recent EU Court of Justice (ECJ) decision that requires search engines such as Google to remove personal data from search results when people request it. (For more background, I wrote about the ECJ decision last week.)
After the decision was released, critics attacked the right to be forgotten as impractical, undesirable, and antithetical to free speech.
by Daniel J. Solove
In a momentous decision, the EU Court of Justice has ruled in favor of a Spanish man who sought to have links to his personal data removed from Google search results. Under what has become known as the “right to be forgotten,” EU citizens have a right to the deletion of certain personal data under the EU Data Protection Directive.
The EU Court of Justice has concluded that “the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.”
by Daniel J. Solove
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here are some lessons from this latest case:
by Daniel J. Solove
Co-authored by Woodrow Hartzog
The Federal Trade Commission (FTC) recently entered into a consent order with the media service Snapchat for not living up to its promises about how it maintains the privacy and security of user’s data. The FTC order prohibits Snapchat from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information” and requires the company “to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.”
by Daniel J. Solove
Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.
by Daniel J. Solove
For any organization who doesn’t take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?