Category: Consumer Protection Law

Better, Simpler Disclosure

Here is an apt response to the question: “What would an ideal food label look like?:”

Even the simplest information — a red, yellow or green “traffic light,” for example — would encourage consumers to make healthier choices. That might help counter obesity, a problem all but the most cynical agree is closely related to the consumption of junk food.

Of course, labeling changes like this would bring cries of hysteria from the food producers who argue that all foods are fine, although some should be eaten in moderation. To them, a red traffic-light symbol on chips and soda might as well be a skull and crossbones. But traffic lights could work: indeed, in one study, sales of red-lighted soda fell by 16.5 percent in three months.

Having recently spent time at a roundtable with transparency advocates (including one author of this excellent book), I can attest to the fact that only the clearest signals tend to get through the noise in an era of information overload.


PETs, Law and Surveillance

In Europe, privacy is considered a fundamental human right. Section 8 of the European Convention of Human Rights (ECHR) limits the power of the state to interfere in citizens’ privacy, ”except such as is in accordance with the law and is necessary in a democratic society”. Privacy is also granted constitutional protection in the Fourth Amendment to the United States Constitution. Both the ECHR and the US Constitution establish the right to privacy as freedom from government surveillance (I’ll call this “constitutional privacy”). Over the past 40 years, a specific framework has emerged to protect informational privacy (see here and here and here and here); yet this framework (“information privacy”) provides little protection against surveillance by either government or private sector organizations. Indeed, the information privacy framework presumes that a data controller (i.e., a government or business organization collecting, storing and using personal data) is a trusted party, essentially acting as a steward of individual rights. In doing so, it overlooks the fact that organizations often have strong incentives to subject individuals to persistent surveillance; to monetize individuals’ data; and to maximize information collection, storage and use.

Read More


More on government access to private sector data

Last week I blogged here about a comprehensive survey on systematic government access to private sector data, which will be published in the next issue of International Data Privacy Law, an Oxford University Press law journal edited by Christopher Kuner. Several readers have asked whether the results of the survey are available online. Well, now they are – even before publication of the special issue. The project, which was organized by Fred Cate and Jim Dempsey and supported by The Privacy Projects, covered government access laws in AustraliaCanadaChinaGermanyIsraelJapanUnited Kingdom and United States.

Peter Swire’s thought provoking piece on the increased importance of government access to the cloud in an age of encrypted communications appears here. Also see the special issue’s editorial, by Fred, Jim and Ira Rubinstein.



On systematic government access to private sector data

The Sixth Circuit Court of Appeals has recently decided in United States v. Skinner that police does not need a warrant to obtain GPS location data for mobile phones. The decision, based on the holding of the Supreme Court in US v. Jones, highlights the need for a comprehensive reform of rules on government access to communications non-contents information (“communications data”). Once consisting of only a list of phone numbers dialed by a customer (a “pen register”), communications data have become rife with personal information, including location, clickstream, social contacts and more.

To a non-American, the US v. Jones ruling is truly astounding in its narrow scope. Clearly, the Justices aimed to sidestep the obvious question of expectation of privacy in public spaces. The Court did hold that the attachment of a GPS tracking device to a vehicle and its use to monitor the vehicle’s movements constitutes a Fourth Amendment “search”. But it based its holding not on the persistent surveillance of the suspect’s movements but rather on a “trespass to chattels” inflicted when a government agent ever-so-slightly touched the suspect’s vehicle to attach the tracking device. In the opinion of the Court, it was the clearly insignificant “occupation of property” (touching a car!) rather than the obviously weighty location tracking that triggered constitutional protection.

Suffice it to say, that to an outside observer, the property infringement appears to have been a side issue in both Jones and Skinner. The main issue of course is government power to remotely access information about an individual’s life, which is increasingly stored by third parties in the cloud. In most cases past – and certainly present and future – there is little need to trespass on an individual’s property in order to monitor her every move. Our lives are increasingly mediated by technology. Numerous third parties possess volumes of information about our finances, health, online endeavors, geographical movements, etc. For effective surveillance, the government typically just needs to ask.

This is why an upcoming issue of International Data Privacy Law (IDPL) (an Oxford University Press law journal), which is devoted to systematic government access to private sector data, is so timely and important. The special issue covers rules on government access in multiple jurisdictions, including the US, UK, Germany, Israel, Japan, China, India, Australia and Canada.

Read More

Lochner Boo Boo: Free Self-Exploitation?

American legal history has featured many battles over “freedom of contract,” often interpreted as the “right” of workers to sell their labor at any price, under any terms. Given the recent resurgence of extreme freedom of contract views, I thought this reflection on the reality TV show “Here Comes Honey Boo Boo” might interest readers:

Americans, it turns out, can’t get enough of Honey Boo Boo, mom June, and the rest of the clan . . . some of whom come with nicknames that seem straight out of a quaint novel about those colorful southerners, like Sugar Bear. That Here Comes Honey Boo Boo trafficked in and showcased the grossest of gross stereotypes about lower middle class southern white folk was deemed inconsequential. The family, led by matriarch June, was in on the joke. How could the family be exploited if they actively wanted to be exploited?

Read More


Big Data for All

Much has been written over the past couple of years about “big data” (See, for example, here and here and here). In a new article, Big Data for All: Privacy and User Control in the Age of Analytics, which will be published in the Northwestern Journal of Technology and Intellectual Property, Jules Polonetsky and I try to reconcile the inherent tension between big data business models and individual privacy rights. We argue that going forward, organizations should provide individuals with practical, easy to use access to their information, so they can become active participants in the data economy. In addition, organizations should be required to be transparent about the decisional criteria underlying their data processing activities.

The term “big data” refers to advances in data mining and the massive increase in computing power and data storage capacity, which have expanded by orders of magnitude the scope of information available for organizations. Data are now available for analysis in raw form, escaping the confines of structured databases and enhancing researchers’ abilities to identify correlations and conceive of new, unanticipated uses for existing information. In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data.

Data creates enormous value for the world economy, driving innovation, productivity, efficiency and growth. In the article, we flesh out some compelling use cases for big data analysis. Consider, for example, a group of medical researchers who were able to parse out a harmful side effect of a combination of medications, which were used daily by millions of Americans, by analyzing massive amounts of online search queries. Or scientists who analyze mobile phone communications to better understand the needs of people who live in settlements or slums in developing countries.

Read More

FTC Agonistes: From the Nader Report to the Wired Report

In 1968, a group of law student researchers helped Ralph Nader publish a highly critical report on the Federal Trade Commission. They concluded that the FTC failed to “detect violations systematically,” to “establish efficient priorities for its enforcement energy,” to “enforce the powers it has with energy and speed,” and to “seek sufficient statutory authority to make its work effective.” As Tim Muris notes, the report “lambast[ed] the agency and characteriz[ed] its overall performance as ‘shockingly poor.'”

The FTC has taken many important initiatives to respond to concerns identified in the report. But we must now reconsider agency’s record, as the digital world changes kaleidoscopically and budget restraints hamstring even the best-intentioned FTC staff.

About the closest thing we’re likely to get to another “Nader Report” was Peter Maass’s expose in Wired on challenges facing privacy enforcement and consumer protection in the digital age. Here’s one of the many issues he identifies:

The mismatch between FTC aspirations and abilities is exemplified by its Mobile Technology Unit, created earlier this year to oversee the exploding mobile phone sector. The six-person unit consists of a paralegal, a program specialist, two attorneys, a technologist and its director, Patricia Poss. For the FTC, the unit represents an important allocation of resources to protect the privacy rights of more than 100 million smartphone owners in America. For Silicon Valley, a six-person team is barely a garage startup. Earlier this year, the unit issued a highly publicized report on mobile apps for kids; its conclusion was reflected in the subtitle, “Current Privacy Disclosures Are Disappointing.” It was a thin report, however. Rather than actually checking the personal data accessed by the report’s sampling of 400 apps, the [17 page] report just looked at whether the apps disclose, on the sites where they are sold, the types of personal data that would be accessed and what the data would be used for.

As Maass notes, “The agency can take companies to court, but its overworked lawyers don’t really have the time to go the distance against the bottomless legal staffs in Silicon Valley.” Like an SEC pushed by budget constraints to pursue mere “cost of doing business” settlements, the FTC too often has to capitulate to symbolic penalties with dubious deterrent effect.
Read More


Privacy: For the Rich or for the Poor?

Some consider the right to privacy a fundamental right for the rich, or even the rich and famous. It may be no coincidence that the landmark privacy cases in Europe feature names like Naomi Campbell, Michael Douglas, and Princess Caroline of Monaco. After all, if you lived eight-to-a-room in a shantytown in India, you would have little privacy and a lot of other problems to worry about. When viewed this way, privacy seems to be a matter of luxury; a right of spoiled teenagers living in six bedroom houses (“Mom, don’t open the door without knocking”).


To refute this view, scholars typically point out that throughout history, totalitarian regimes targeted the right to privacy even before they did free speech. Without privacy, individuals are cowed by authority, conform to societal norms, and self-censor dissenting speech – or even thoughts. As Michel Foucault observed in his interpretation of Jeremy Bentham’s panopticon, the gaze has disciplinary power.


But I’d like to discuss an entirely different counter-argument to the privacy-for-the-rich approach. This view was recently presented at the Privacy Law Scholar Conference in a great paper by Laura Moy and Amanda Conley, both 2011 NYU law graduates. In their paper, Paying the Wealthy for Being Wealthy: The Hidden Costs of Behavioral Marketing (I love a good title!), which is not yet available online, Moy and Conley argue that retailers harvest personal information to make the poor subsidize luxury goods for the rich.


This might seem audacious at first, but think of it this way: through various loyalty schemes, retailers collect data about consumers’ shopping habits. Naturally, retailers are most interested in data about “high value shoppers.” This is intuitively clear, given that that’s where the big money, low price sensitivity and broad margins are. It’s also backed by empirical evidence, which Moy and Conley reference. Retailers prefer to tend to those who buy saffron and Kobe Beef rather than to those who purchase salt and turkey. To woo the high value shoppers, they offer attractive discounts and promotions – use your loyalty card to buy Beluga caviar; get a free bottle of Champagne. Yet obviously the retailers can’t take a loss for their marketing efforts. Who then pays the price of the rich shoppers’ luxury goods? You guessed it, the rest of us – with price hikes on products like bread and butter.


Read More


Volume 59, Issue 5 (June 2012)

Volume 59, Issue 5 (June 2012)


Implicit Bias in the Courtroom Jerry Kang et al. 1124
The Supreme Court’s Regulation of Civil Procedure: Lessons From Administrative Law Lumen N. Mulligan & Glen Staszewski 1188


Techniques for Mitigating Cognitive Biases in Fingerprint Identification Elizabeth J. Reese 1252
Credit CARD Act II: Expanding Credit Card Reform by Targeting Behavioral Biases Jonathan Slowik 1292
Shocking the Conscience: What Police Tasers and Weapon Technology Reveal About Excessive Force Law Aaron Sussman 1342

Automated Arrangement of Information: Speech, Conduct, and Power

Tim Wu’s opinion piece on speech and computers has attracted a lot of attention. Wu’s position is a useful counterpoint to Eugene Volokh’s sweeping claims about 1st Amendment protection for automated arrangements of information. However, neither Wu nor Volokh can cut the Gordian knot of digital freedom of expression with maxims like “search is speech” or “computers can’t have free speech rights.” Any court that respects extant doctrine, and the normative complexity of the new speech environment, will need to take nuanced positions on a case-by-case basis.

Digital Opinions

Wu states that “The argument that machines speak was first made in the context of Internet search,” pointing to cases like Langdon v. Google, Kinderstart, and SearchKing. In each scenario, Google successfully argued to a federal district court that it could not be liable in tort for faulty or misleading results 1) because it “spoke” the offending arrangement of information and 2) the arrangement was Google’s “opinion,” and could not be proven factually wrong (a sine qua non for liability).
Read More