Author: Daniel Solove

Surveillance and Our Addiction to Exposure

Bernard Harcourt’s Exposed: Desire and Disobedience in the Digital Age (Harvard University Press 2015) is an indictment of  our contemporary age of surveillance and exposure — what Harcourt calls “the expository society.” Harcourt passionately deconstructs modern technology-infused society and explains its dark implications with an almost poetic eloquence. Harcourt begins by critiquing the metaphor of George Orwell’s 1984 to describe the ills of our world today.  In my own previous work, I critiqued this metaphor, arguing that Kafka’s The Trial was a more apt metaphor to capture the powerlessness and vulnerability that people experience as government and businesses construct and use “digital dossiers” about their lives.  Harcourt critiques Orwell in a different manner, arguing that Orwell’s dystopian vision is inapt because it is too drab and gray: No, we do not live in a drab Orwellian world.  We live in a beautiful, colorful, stimulating, digital world that is online, plugged in, wired, and Wi-Fi enabled.  A rich, bright, vibrant world full of passion and jouissance–and by means of which we reveal ourselves and make ourselves virtually transparent to surveillance.  In the end, Orwell’s novel is indeed prescient in many ways, but jarringly off on this one key point.  (pp. 52-53) Orwell’s Vision Life Today Harcourt notes that the “technologies that end up facilitating surveillance are the very technologies we crave.”  We desire them, but “we have become, slowly but surely, enslaved to them.” (p. 52). Harcourt’s book reminds me of Neil Postman’s Amusing Ourselves to Death, originally published about 30 years ago — back in 1985.  Postman also critiqued Orwell’s metaphor and argued that Aldous Huxley’s Brave New World was a more apt metaphor to capture the problematic effects new media technologies were having on society.

The 5 Things Every Privacy Lawyer Needs to Know about the FTC: An Interview with Chris Hoofnagle

The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of even the largest of companies, as the FTC requires a 20-year period of assessments to settle the score. To many, the FTC remains opaque and somewhat enigmatic. The reason, ironically, might not be because there is too little information about the FTC but because there is so much. The FTC has been around for 100 years! In a landmark new book, Professor Chris Hoofnagle of Berkeley Law School synthesizes an enormous volume of information about the FTC and sheds tremendous light on the FTC’s privacy activities. His book is called Federal Trade Commission Privacy Law and Policy (Cambridge University Press, Feb. 2016). This is a book that all privacy and cybersecurity lawyers should have on their shelves. The book is the most comprehensive scholarly discussion of the FTC’s activities in these areas, and it also delves deep in the FTC’s history and activities in other areas to provide much-needed context to understand how it functions and reasons in privacy and security cases.

The Ultimate Unifying Approach to Complying with All Laws and Regulations

Professor Woodrow Hartzog and I have just published our new article, The Ultimate Unifying Approach to Complying with All Laws and Regulations, 19 Green Bag 2d 223 (2016)  Our article took years of research and analysis, intensive writing, countless drafts, and endless laboring over every word. But we hope we achieved a monumental breakthrough in the law.  Here’s the abstract: There are countless laws and regulations that must be complied with, and the task of figuring out what to do to satisfy all of them seems nearly impossible. In this article, Professors Daniel Solove and Woodrow Hartzog develop a unified approach to doing so. This approach (patent pending) was developed over the course of several decades of extensive analysis of every relevant law and regulation.  

5 Great Novels About Privacy and Security

I am a lover of literature (I teach a class in law and literature), and I also love privacy and security, so I thought I’d list some of my favorite novels about privacy and security. I’m also trying to compile a more comprehensive list of literary works about privacy and security, and I welcome your suggestions. Without further ado, my list: Franz Kafka, The Trial Kafka’s The Trial begins with a man being arrested but not told why. In typical Kafka fashion, the novel begins badly for the protagonist . . . and then it gets worse! A clandestine court system has compiled a dossier about him and officials are making decisions about him, but he is left in the dark. This is akin to how Big Data can operate today. The Trial captures the sense of helplessness, frustration, and powerlessness when large institutions with inscrutable purposes use personal data and deny people the right to participate. I wrote more extensively about how Kafka is an apt metaphor for privacy in our times in a book called The Digital Person about 10 years ago.  

Does Scholarship Really Have an Impact? The Article that Revolutionized Privacy Law

Does scholarship really have an impact? For a long time, naysayers have attacked scholarship, especially scholarship about law. U.S. Supreme Court Chief Justice Roberts once remarked: “Pick up a copy of any law review that you see, and the first article is likely to be, you know, the influence of Immanuel Kant on evidentiary approaches in 18th Century Bulgaria, or something.” He noted that when the academy addresses legal issues at “a particularly abstract, philosophical level . . . they shouldn’t expect that it would be of any particular help or even interest to the members of the practice of the bar or judges.” Judge Harry Edwards also has attacked legal scholarship as largely irrelevant. Critics are quick to point out that much legal scholarship is not cited much — and many articles are never even cited by anyone other than the authors themselves in subsequent works. But I think that a lot can be learned from the story of one of the most influential law articles of all. That article was Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harvard Law Review 193 (1890). Warren and Brandeis discussed how journalism was becoming more sensationalistic: “Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery.” And they expressed concern about a new technology they called “instantaneous photograph[y.]” — the new smaller and cheaper cameras being marketed by the Eastman Kodak Company that made it possible for candid photos to be taken.

AALS Happy Hour — PrawfsBlawg, ConcurringOpinions, and American Society of Comparative Law

AALS Happy Hour — PrawfsBlawg, ConcurringOpinions, and American Society of Comparative Law

For those of you who will be at AALS this year, we plan to continue the tradition of having a joint Prawfs Concurring Opinions happy hour.  This year we will be joined by the Younger Comparativists Committee of the American Society of Comparative Law. The happy hour will be Saturday, January 3rd at 8 PM.  We will meet in the Stone’s Throw bar in the lobby of the Marriot Wardman Park Hotel. This tradition was started and spearheaded by Dan Markel, one of the many ways he helped bring people together.  We want this, like so many of his contributions, to continue on. Here is Paul Horwitz’s announcement at Prawfs, with some nice words about Dan. So please drop by and join us!  

Welcome to Naomi Cahn

Welcome to Naomi Cahn

I am delighted to announce that Professor Naomi Cahn is joining Concurring Opinions to post here on a regular basis.  Naomi teaches at George Washington University Law School, where she holds the Harold H. Greene Chair.  She is involved in book, article, and law reform projects concerning families’ interactions and intersections with the law and gendered institutions, nationally and globally.  Her scholarship and teaching cover the entire lifespan, from pregnancy (and attempts to become pregnant) through death and inheritance.   Her co-authored book with June Carbone, Marriage Markets (OUP 2014),  about the relationship between family structure and marriage, was on the list of best books for 2014 issued by both The Economist and Newsweek.  Other ongoing projects include work on assisted reproductive technology and, with Rev. Amy Ziettlow, a book on elder care.   She has testified before Congress on adoption-related issues and  worked with the Uniform Law Commission to draft model legislation on post-death access to digital assets, and her work has been covered in media outlets ranging from The New York Times to the Wall Street Journal to The Christian Century. Before joining the GW faculty, Naomi worked at the SEC, legal services, a large law firm, a small law firm, and Georgetown’s  domestic violence clinic. Her areas of interest include Gender, Feminism, Family Law, International Women’s Rights, and  Trusts and Estates.

Legal Academia LinkedIn Group

I created a new LinkedIn group called Legal Academia for legal academics to share useful links, posts, scholarship, events, etc. Shameless-self promotion is welcomed — as long as what you promote is good. Who Can Join? Anyone can join — non-academics can join too if you want to follow along. How Do You Join? Go to the group’s page: Legal Academia . Just click the join button at the top of the page. Who Can Post? The forum will be moderated so that all posts will be by legal academics about their work, blog posts, conferences, and scholarship.  Administrators can post about law school events or notable happenings or issues. What Topics Can You Post On? Posts are not restricted to those about legal academia.   This forum might hopefully grow into a hub of information about notable activity in the blogosphere, scholarship, and elsewhere.  Please don’t promote every single blog post you write, but if you have written something noteworthy, please share it.   Please feel free to share the work of others too. Why Join? Academics have not embraced LinkedIn as much as they have Twitter, but there are some really great things about LinkedIn’s platform.  It is a way to get work noticed and read by practitioners.  Posts, although short, are not subject to Twitter’s Draconian character limit.  There’s a lot less noise on LinkedIn, so the forum can be a more focused place for promoting and discussing scholarship and information relevant to the academy. In your settings, you can have a daily digest or weekly digest of the postings to the group emailed to you — or nothing at all. So please join the Legal Academia LinkedIn group.  And please post, as the group won’t succeed if I’m the lone one posting.   Please don’t be bashful about pointing out new things that you’ve written.  That’s what this forum is for — to help everyone publicize and get more people reading and engaging with scholarship and academic discussion.  Thanks!

Should the FTC Be Regulating Privacy and Data Security?

This post was co-authored with Professor Woodrow Hartzog. This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is the FTC supposed to be involved here? This is a question that has recently been posed in the privacy and data security arenas, where the FTC has been involved since the late 1990s. Today, the FTC is the most active federal agency enforcing privacy and data security, and it has the broadest reach. Its fingers seem to be everywhere, in all industries, even those regulated by other agencies, such as in the AT&T case. Is the FTC going too far? Is it even the FTC’s role to police privacy and data security? The Fount of FTC Authority The FTC’s source of authority for privacy and data security comes from some specific statutes that give the FTC regulatory power. Examples include the Children’s Online Privacy Protection Act (COPPA) where the FTC regulates online websites collecting data about children under 13 and the Gramm-Leach-Bliley Act (GLBA) which governs financial institutions. But the biggest source of the FTC’s authority comes from Section 5 of the FTC Act, where the FTC can regulate “unfair or deceptive acts or practices in or affecting commerce.” This is how the FTC has achieved its dominant position. Enter the Drama Until recently, the FTC built its privacy and security platform with little pushback. All of the complaints brought by the FTC for unfair data security practices quickly settled. However, recently, two companies have put on their armor, drawn their swords, and raised the battle cry. Wyndham Hotels and LabMD have challenged the FTC’s authority to regulate data security. These are more than just case-specific challenges that the FTC got the facts wrong or that the FTC is wrong about certain data security practices. Instead, these challenges go to whether the FTC should be regulating data security under Section 5 in the first place. And the logic of these challenges could also potentially extend to privacy as well. The first dispute involving Wyndham Hotels has already resulted in a district court opinion affirming the FTC’s data protection jurisprudence. The second dispute over FTC regulatory authority involving LabMD is awaiting trial. In the LabMD case, LabMD is contending that the U.S. Department of Health and Human Services (HHS) — not the FTC — has the authority to regulate data security practices affecting patient data regulated by HIPAA. With Wyndham, and especially LabMD, the drama surrounding the FTC’s activities in data protection has gone from 2 to 11. The LabMD case has involved the probable shuttering of business, a controversial commissioner recusal, a defamation lawsuit, a House Oversight committee investigation into the FTC’s actions, and an entire book written by the LabMD’s CEO chronicling his view of the conflict. And the case...

Advice on How to Enter the Privacy Profession

Over at LinkedIn, I have a long post with advice for how law students can enter into the privacy profession.   I hope that this post can serve as a useful guide to students who want to pursue careers in privacy. The privacy law field is growing dramatically, and demand for privacy lawyers is high.  I think that many in the academy who don’t follow privacy law, cyberlaw, or law and technology might not realize what’s going on in the field.  The field is booming. The International Association of Privacy Professionals (IAPP), the field’s primary association, has been growing by about 30% each year.  It now has more than 17,000 members.  And this is only a subset of privacy professionals, as many privacy officials in healthcare aren’t members of IAPP and instead are members of the American Health Information Management Association (AHIMA) or the Health Care Compliance Association (HCCA). There remains a bottleneck at the entry point to the field, but that can be overcome.  Once in the club, the opportunities are plentiful and there’s the ability to rise quickly.   I’ve been trying to push for solutions to make entry into the field easier, and this is an ongoing project of mine. If you have students who are interested in entering the privacy law profession, please share my post with them.  I hope it will help.