Rebooting Cybertort Law

Cyberspace provides an ideal legal environment for tortfeasors and online criminals because Internet Service Providers (ISPs) have no duty to mitigate harms caused by ongoing torts, crimes, and infringing acts. Courts have stretched Congress\u27s express language in § 230 of the Communications Decency Act from the narrow purpose of immunizing ISPs as publishers to the expanded purpose of shielding them from all tort liability. This Article proposes imposing a limited duty of care on ISPs to remove or block ongoing tortious activities on their services when they have been given actual notice. This reform will harmonize American ISP liability law with the European Union\u27s Electronic Commerce Directive, which imposes an affirmative duty on ISPs to take down objectionable materials. It also will unify U.S. law by creating procedures consistent with the takedown policy mandated by the Digital Millennium Copyright Act

Towards a Global Data Privacy Standard

This Article questions the widespread contention that recent updates to European Union (EU) data protection law will drive a disruptive wedge between EU and United States (U.S.) data privacy regimes. Europe’s General Data Protection Regulation (GDPR), which took effect in May 2018, gives all EU citizens easier access to their data, a right to portability, a right to be forgotten, and a right to learn when their data has been hacked. These mandatory privacy protections apply to non-EU companies that offer goods or services to EU consumers, whether through a subsidiary or a website. The “Brussels Effect” hypothesis projects a “race to the top” as multinational entities find it easier to adopt the most stringent data protection standards worldwide, rather than satisfying divergent data privacy rules. The GDPR is said to be a prime example of the Brussels Effect because of its aggressive extraterritorial scope that unilaterally imposes EU law on U.S. entities. This Article acknowledges a Brussels Effect, but there is also an overlooked “D.C. Effect” reflected in the GDPR’s adoption of many U.S. data privacy innovations. The GDPR imports long-established U.S. tort concepts for the first time into European privacy law, including deterrence-based fines, collective redress, wealth-based punishment, and arming data subjects with the right to initiate public enforcement. Under the GDPR, the EU Commission adopted “Privacy by Design” and security breach notification obligations, innovations pioneered in the U.S. The net effect of the GDPR is a bilateral transatlantic privacy convergence, which is rapidly evolving into a global data privacy standard. Nations around the world, some U.S. states, and the major U.S.-based data processors are instituting policies harmonized with the GDPR. This Article argues that the GDPR has the potential to not only bring an end to the transatlantic data privacy wars, but to become the basis of a worldwide “gold standard” for global data privacy

Restorative Justice to Supplement Deterrence-Based Punishment: An Empirical Study and Theoretical Reconceptualization of the EPA\u27s Power Plant Enforcement Initiative, 2000-2011

From the late 1970s to the end of the 1990s, electricity producers modified and operated coal-fired power plants in violation of the Environment Protection Agency’s (EPA) permitting requirements, creating widespread air quality degradation. The EPA’s policy of lax oversight ended in 1999 when it launched a large, coordinated enforcement effort. The 2012 Republican presidential candidates all denounced this more vigilant EPA as engaging in economic terrorism through “sue and settle” tactics that amount to backdoor regulation. This article evaluates federal environmental enforcement, drawing upon objective data from our empirical study of EPA permitting violation settlements for coal-fired power plants entered into between January 1, 2000, and December 31, 2011. The data reveals that the EPA’s enforcement policy reflects a unique jurisprudence that creatively combines both deterrence-based punishment through appropriately levied civil penalties and restorative justice principles in the form of mitigation projects and mandatory injunctions. Other regulatory agencies should consider adopting restorative justice insights in designing remedies for diffuse civil wrongs such as securities fraud, consumer product safety, and unfair or deceptive trade practices