Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage

The European Union Data Privacy Directive and International Relations

http://deepblue.lib.umich.edu/bitstream/2027.42/39802/3/wp418.pd

Where Will Consumers Find Privacy Protection From RFIDs?: A Case for Federal Legislation

With the birth of RFID technology, businesses gained the ability to tag products with practically invisible computer chips that relay information about consumer behavior to remote databases. Such tagging permits retailers and manufacturers to track the purchases, identities, and movements of their customers. In the absence of enforceable regulations, society risks being subjected to an unprecedented level of Orwellian surveillance. This iBrief addresses consumer privacy concerns stemming from the proliferation of RFID technology. It discusses why tort law, state legislation, FTC guidelines, and proposed regulations are insufficient methods to alleviate consumer privacy concerns and suggests amending various federal privacy laws, thereby prohibiting the underlying RFID tracking behavior

Tell the Smart House to Mind its Own Business!: Maintaining Privacy and Security in the Era of Smart Devices

Consumers want convenience. That convenience often comes in the form of everyday smart devices that connect to the internet and assist with daily tasks. With the advancement of technology and the “Internet of Things” in recent years, convenience is at our fingertips more than ever before. Not only do consumers want convenience, they want to trust that their product is performing the task that they purchased it for and not exposing them to danger or risk. However, due to the increasing capabilities and capacities of smart devices, consumers are less likely to realize the implications of what they are agreeing to when they purchase and begin using these products. This Note will focus on the risks associated with smart devices, using smart home devices as an illustration. These devices have the ability to collect intimate details about the layout of the home and about those who live within it. The mere collection of this personal data opens consumers up to the risk of having their private information shared with unintended recipients whether the information is being sold to a third party or accessible to a hacker. Thus, to adequately protect consumers, it is imperative that they can fully consent to their data being collected, retained, and potentially distributed. This Note examines the law that is currently in place to protect consumers who use smart devices and argues that a void ultimately leaves consumers vulnerable. Current data privacy protection in the United States centers on the self-regulatory regime of “notice and choice.” This Note highlights how the self-regulatory notice-and-choice model fails to ensure sufficient protection for consumers who use smart devices and discusses the need for greater privacy protection in the era of the emerging Internet of Things. Ultimately, this Note proposes a state-level resolution and calls upon an exemplar state to experiment with privacy protection laws to determine the best way to regulate the Internet of Things

Privacy and Democracy in Cyberspace

In this Article, Professor Schwartz depicts the widespread, silent collection of personal information in cyberspace. At present, it is impossible to know the fate of the personal data that one generates online. Professor Schwartz argues that this state of affairs degrades the health of a deliberative democracy; it cloaks in dark uncertainty the transmutation of Internet activity into personal information that will follow one into other areas and discourage civic participation. This situation also will have a negative impact on individual self- determination by deterring individuals from engaging in the necessary thinking out loud and deliberation with others upon which choice- making depends. In place of the existing privacy horror show on the Internet, Professor Schwartz seeks to develop multidimensional rules that set out fair information practices for personal data in cyberspace. The necessary rules must establish four requirements: (1) defined obliga- tions that limit the use of personal data; (2) transparent processing systems; (3) limited procedural and substantive rights; and (4) external oversight. Neither the market nor industry self-regulation are likely, however, to put these four practices in place. Under current conditions, a failure exists in the \u27privacy market. Moreover, despite the Clinton Administration\u27s endorsement of industry self-regulation, this method is an unlikely candidate for success. Industry self-regulation of privacy is a negotiation about the rules of play for the use of personal data. In deciding on these rules, industry is likely to be most interested in protecting its stream of revenues. Therefore, it will benefit if it develops norms that preserve the current status quo of maximum information disclosure. This Article advocates a legislative enactment of the four fair information practices. This legal expression of privacy norms is the best first step in promoting democratic deliberation and individual self-determination in cyberspace. It will further the attainment of cyberspace\u27s potential as a new realm for collaboration in political and personal activities. Enactment of such a federal law would be a deci- sive move to shape technology so it will further-and not harm-demo- cratic self-governance

The Pond Betwixt: Differences in the U.S.-EU Data Protection/Safe Harbor Negotiation

This article analyzes the differing perspectives that animate US and EU conceptions of privacy in the context of data protection. It begins by briefly reviewing the two continental approaches to data protection and then explains how the two approaches arise in a context of disparate cultural traditions with respect to the role of law in society. In light of those disparities, Underpinning contemporary data protection regulation is the normative value that both US and EU societies place on personal privacy. Both cultures attribute modern privacy to the famous Warren-Brandeis article in 1890, outlining a right to be let alone. But decades passed before the impact of the article was felt. Both privacy and data protection are today part of the fundamental rights system of Europe, a component of the amalgamated constitution of the European Union. Both are part of the legislative and regulatory state at the national and federal level

Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards

Contemporary critiques of globalization processes often focus on the potential leveling of regulatory standards and the export by the United States of neoliberal norms of deregulation and market facilitation. This Article, in contrast, examines the extrajurisdictional impact of EU data protection policy on the behavior of private parties in the United States, leading to a ratcheting up of U.S. privacy standards. The Article takes a socio-legal approach, exploring the many ways in which the EU Directive on the Processing of Personal Data affects U.S. practice through changing the stakes of US. players-including regulators, businesses, privacy advocates, lawyers, and privacy service providers-and thereby changing the playing field in the United States on which competing interest groups clash. In examining the interaction of EU law, US. practice, and international trade rules, the Article finds that WTO law, rather than constraining the Directive\u27s extra-jurisdictional impacts, provides the EU with a shield against U.S. retaliatory threats, thereby further facilitating a trading up of data privacy standards. The Article concludes by examining the conditions under which cross-border exchange can lead to a leveraging up of social protections such as data privacy standards. These include: the desire for firms to expand their markets, subjecting themselves to foreign regulatory policy; European states\u27 ability to enhance their bargaining power by acting collectively, using the large EU market as leverage to change foreign standards; the nature of data privacy protection as a luxury good demanded by residents of relatively wealthy, more powerful jurisdictions; the externalities of U.S. under-regulation of privacy protection, legitimizing EU intervention; and the constraints of WVTO supranational trade rules on U.S. unilateral retaliatory threats. While the Article focuses on the issue of data privacy, its analysis applies to broad areas of law affected by economic globalization