PRIVACY’S NEXT ACT

This Article identifies and describes three data privacy policy developments from recent legislative sessions that may seem unrelated, but which I contend together offer clues about privacy law’s future over the short-to-medium term. The first is the proliferation, worldwide and in U.S. states, of legislative proposals and statutes referred to as “age-appropriate design codes.” Originating in the United Kingdom, age-appropriate design codes typically apply to online services “directed to children” and subject such services to transparency, default settings, and other requirements. Chief among them is an implied obligation to conduct ongoing assessments of whether a service could be deemed “directed to children” such that it triggers application of the codes. The second development is a well-documented push for responsible artificial intelligence (“AI”) practices in the form of new transparency and accountability frameworks. The most comprehensive such framework is the European Union’s AI Act, although similar reforms in Canada, as well as nascent reforms here in the United States, address analogous topics. Among these are requirements for AI developers to assess, document, and, in some instances, report to regulators the existence of potential harms and plans to mitigate them prior to launching a new AI-driven product or service. The third development, certain reforms to competition policies, is least likely to be traditionally counted among “privacy” laws. However, I argue that two recent reforms in Europe—the Digital Services Act and the Digital Markets Act—implicate data privacy concerns and should be viewed as imposing privacy-related compliance obligations. For instance, these frameworks address the use of personal data, including sensitive personal information, for online advertising purposes. My argument is that common threads across these developments underscore the dynamism of privacy law at a critical moment in its development and highlight the increased public awareness of the benefits––and risks––of a data-driven economy and society. To that end, I identify three specific trends among these developments that I anticipate recurring in data privacy policy proposals over privacy’s “next act.” First, legislators and regulators alike appear increasingly focused on age verification technologies as a mechanism for distinguishing between internet users and determining to whom they must provide certain protections. Second, there is a growing appetite for shifting assessment obligations onto regulated entities, albeit with guidance, and requiring that the results of such assessments are affirmatively disclosed to regulators. Third, privacy obligations are no longer limited to data privacy laws. They are increasingly found in other types of policy proposals––and detecting them will require a broader view of what constitutes a “privacy” law than typical among privacy professionals

Management and Service-aware Networking Architectures (MANA) for Future Internet Position Paper: System Functions, Capabilities and Requirements

Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI, Asia Future Internet, Future Internet Forum Korea, European Union Future Internet Assembly (FIA). This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s)

Raising the visibility of protected data: A pilot data catalog project

Sharing research data that is protected for legal, regulatory, or contractual reasons can be challenging and current mechanisms for doing so may act as barriers to researchers and discourage data sharing. Additionally, the infrastructure commonly used for open data repositories does not easily support responsible sharing of protected data. This chapter presents a case study of an academic university library’s work to configure the existing institutional data repository to function as a data catalog. By engaging in this project, university librarians strive to enhance visibility and access to protected datasets produced at the institution and cultivate a data sharing culture

Blockchain as an Instrument for Human Rights Business Practice

Over the last decade, a promising technology has raised global attention: blockchain. Predictions and testimonies to its potential are promising. However, despite this proliferation of material, there continues to be limited empirical analysis of its positioned values and a demonstrated need to understand and overcome the limitations of the technology. This thesis analyses two current applications of blockchain for human rights business practice and argues that in order for its true value to be realized, traditional legal and regulatory functions and systems of accountability must not be substituted with technology. With a literature review supplemented with primary research, I gather qualitative analysis to reveal avenues to be taken into consideration for future applications of the technology in supply chain initiatives as well as current evolutions of blockchain’s current applications

Transforming Health Systems Initiative: Midterm Evaluation

The Rockefeller Foundation is currently in the midst of a five year, $100Million initiative called "Transforming Health Systems" – which aims to helpdeveloping world countries improve health services and financial protection(from the cost of health services) for their overall populations.At the halfway point, the foundation embarked on an independent evaluation,led by consultant Arnon Mishkin, to record the progress that has been made,examine the strategy and impact to date to identify opportunities for midcoursecorrections, as needed

Factors driving enterprise adoption of blockchain technology

Amidst the rapidly evolving advancement of blockchain technology (BT), enterprises face notable challenges in leveraging its transformative potential, starting with a need to understand the technology and how it can be used for particular applications. Two challenges are that many BT trials have not been successful and large-scale implementations that have led to continued use are scarce. This research provides a comprehensive examination of factors that drive the successful adoption of BT for enterprise use cases. A dual-phased approach was employed. First, I introduce a taxonomy matrix correlating BT design characteristics with use case characteristics, offering a framework for BT design and benefits across different enterprise contexts. Second, I conducted case studies of five successful BT cases in large enterprises that led to the adoption in terms of continued use and contrasted them with one failure case. The data collection and analysis of the case studies encompassed technological, organizational, environmental, and inter-organizational variables that led to BT\u27s continued use. The cross-case analysis revealed that compatibility, relative advantage, and observability are primary technological factors contributing to continued use. Within the organizational dimension, organizational knowledge and internal characteristics emerged as crucial elements, while regulatory compliance came out to be a significant factor. Based on the cross-case analysis, I develop theoretical propositions about the factors that lead to the continued use of BT, which can be further validated and tested in future research

The saga of the Covid-19 contact tracing apps: lessons for data governance

This note selectively unpacks the rapid evolution of the (Western) debate around the opportunity to deploy contact tracing apps, alongside other digital tools such as apps for symptoms sharing and immunity certificates to mitigate the Covid-19 pandemics. I do so from the perspective of a social scientist interested in the implications of the development of digital tools at times of emergency in terms of data governance. I argue that a more articulated reflection is needed towards the development of a healthy institutional structure that regulates the role of large tech platforms, such as Google and Apple (G&A), and public institutions, in governing data, particularly when health data and public value are involved. I unravel the saga of contact tracing apps in the UK and EU, looking at the technical, legal and ethical aspects and I attempt to draw more general lessons for data governance