I’m delighted to announce that the final published version of my article, Privacy Harms, is now out in print! Privacy Harms, 101 B.U. L. Rev. 793 (2022) (with Danielle Keats Citron)
Tag: Spokeo v. Robins
Privacy Harms: A New Version
Professor Danielle Citron and I have thoroughly revised our article, Privacy Harms, forthcoming 102 B.U. Law Review __ (2022). You can download the latest draft for free on SSRN. Some of the things we updated: We reordered the piece to discuss earlier on our theory of when harm should be required. We added a discussion of […]
Standing and Privacy Harms: A Critique of TransUnion v. Ramirez
I recently published a short essay with Professor Danielle Citron critiquing the recent Supreme Court decision, TransUnion v. Ramirez (U.S. June 25, 2021) where the Court held that plaintiffs lacked standing to use FCRA’s private right of action to sue for being falsely labeled as terrorists in their credit reports. The essay is here: Daniel J. […]
Standing in Data Breach Cases: Why Harm Is Not “Manufactured”
In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud? I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]
The Trouble with Spokeo: Standing, Privacy Harms, and Biometric Information
A recent case involving the Illinois Biometric Information Privacy Act (BIPA), Rivera v Google (N.D. Ill. No. 16 C 02714, Dec. 28, 2018), puts the ills of Spokeo Inc. v. Robins on full display. In Rivera, plaintiffs sued Google under BIPA, which prohibits companies from collecting and storing specific types of biometric data without people’s consent. The plaintiffs alleged that Google […]
Risk and Anxiety: A Theory of Data Breach Harms
My new article was just published: Risk and Anxiety: A Theory of Data Breach Harms, 96 Texas Law Review 737 (2018). I co-authored the piece with Professor Danielle Keats Citron. We argue that the issue of harm needs a serious rethinking. Courts are too quick to conclude that data breaches don’t create harm. There are two […]
When Is a Person Harmed by a Privacy Violation? Thoughts on Spokeo v. Robins
When is a person harmed by a privacy violation? The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins. Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile. Spokeo’s profiles are used by potential employers […]