In case you missed my discussion with Max Schrems, you can watch the replay here. We discussed cross-border data transfer, litigation challenges and strategies, and potential reforms of the GDPR enforcement process.
First Amendment Expansionism and California’s Age-Appropriate Design Code
The recent district court decision in NetChoice v. Bonta (N.D. Cal., Sept. 18, 2023) holding that the California Age-Appropriate Design Code (CAADC) likely violates the First Amendment is a ridiculously expansive interpretation of the First Amendment, one that would annihilate most regulation if applied elsewhere. This decision is one of a new breed of opinions that I will call “First Amendment expansionism,” which turn nearly everything in the universe into a free speech issue. The Fifth Circuit recently held that the government’s encouraging platforms to take down misinformation and harmful content was a First Amendment violation because somehow it was unduly coercive . . . as if these platforms, which are some of the most powerful organizations the world has ever seen, will lack the courage to stand their ground whenever the government says “boo.” But I digress . . .
For example, according to the court, a DPIA implicates free speech because it “requires a business to express its ideas and analysis about likely harm.” The court argues:
It therefore appears to the Court that NetChoice is likely to succeed in its argument that the DPIA provisions, which require covered businesses to identify and disclose to the government potential risks to minors and to develop a timed plan to mitigate or eliminate the identified risks, regulate the distribution of speech and therefore trigger First Amendment scrutiny.
This reasoning could apply to any requirement that a business to document its policies and procedures or conduct risk analysis or have contracts with vendors. According to Judge Freeman, requirements to provide information about privacy practices is “requiring speech.” Requirements to estimate age “impede the ‘availability and use’ of information and accordingly to regulate speech.” According to Judge Freeman, nearly everything law might require can be recast in terms of requiring speech or affecting speech. For example, under Judge Freeman’s reasoning, data security requirements such as having policies or documenting processes would involve requiring speech. Doing a risk assessment would involve required speech. Under this reasoning, it’s hard to imagine what wouldn’t be involve speech. Beyond privacy, much other regulation would implicate speech, such as required nutrition labels, product warnings, and mandatory disclosures. One could argue that requirements to cooperate with regulators for inspections and investigations would involve speech — after all, these require that someone at a company communicate with regulators.
Yale Law School Discussion of Murky Consent article
I’ll be speaking at Yale University on Tuesday, Oct 3 about my upcoming article, Murky Consent: An Approach to the Fictions of Consent in Privacy Law. You can read the event description and add it to your calendar here.
Webinar – Facial Recognition and the Dubious Side of AI Blog
In case you missed my interview with New York Times reporter Kashmir Hill, you can watch the replay here. We discussed her new book, Your Face Belongs to US: A Secretive Startup’s Quest to End Privacy as We Know It (Sept. 19, 2023).
Webinar U.S. State Privacy Law Developments Blog
If you couldn’t make it to my recent webinar where I discussed new state privacy laws with Libbie Canter, you can watch the replay here.
Privacy Tech Insights US State Privacy Law
Although a U.S. federal privacy law remains elusive, U.S. states have been busily passing new laws. The laws have many similarities, but there are some notable differences. California and Colorado have issued new regulations, some provisions of which strengthen components of the laws. I expect other states to join in the party soon.
I will be holding a Webinar on U.S. State Privacy Law Developments tomorrow (Tues, Aug. 29, 2023 at 2 PM ET) with Libbie Canter (Covington) to discuss these laws. Click here to register now for this free webinar!
I have created some related resources and training materials that might be useful:
BCLT Privacy Lecture on Murky Consent in Privacy Law
I’ll be speaking at Berkeley Law’s 16th Annual BCLT Privacy Lecture on 9/22 about Murky Consent: An Approach to the Fictions of Consent in Privacy Law with commenters, Ari Ezra Waldman (Professor, UC Irvine School of Law), Rebecca Wexler (Professor, UC Berkeley School of Law), and Ella Corren (JSD, UC Berkeley School of Law).
A New Open Letter to Law School Deans about Privacy Law Scholars and Curriculum
Before the pandemic, which seems like eons ago, I spearheaded a group of legal academics and practitioners in the field of privacy law who sent a letter to the deans of all U.S. law schools about privacy law education. The pandemic occurred not too long after our letter, and deans had many other things to worry about during that time.
The time is right to send a follow up letter about why law schools should increase and improve their privacy law faculty and curriculum. So, I am emailing the letter below to all U.S. law school deans.
You can see a PDF of the letter here.
* * * *
A New Open Letter to Law School Deans
about Privacy Law Scholars and Curriculum
August 1, 2023
Dear Dean,
We are writing to you and other law school deans to urge you to prioritize offering more courses and hiring more faculty in the information privacy law field.
We previously wrote an open letter to you before the pandemic, and we wish to send you another letter now because recent developments have strengthened our contentions below.
We call on you to consider taking one or more of the following actions:
- Hire more faculty members who focus their work and teaching on privacy law and technology issues.
- Add courses to the curriculum to cover privacy law issues.
Webinar The New Breed of State Health Privacy Laws Blog
If you couldn’t make it to my recent webinar on Washington’s My Health My Data Act (MHMDA) and the new state health privacy laws, you can watch the replay here. I had a great discussion with Mike Hintze (Hintze Law).