PRIVACY LAW SCHOLARS CONFERENCE - Privacy Law Scholars ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Conference Brochure & Information
PRIVACY LAW
2
SCHOLARS CONFERENCE
0
2
2
TABLE OF
P L S C
CONTENTS
2
4 MESSAGE FROM THE CHAIR 10 MAP OF PLSC 0
5 12
2
ABOUT THE CONFERENCE COVID-19 POLICY
6 MEET THE TEAM 13 CONTACT INFORMATION
7 14
2
THANK YOU TO OUR SPONSORS CONFERENCE PROGRAM, DAY ONE
8 PLSC AREA MAP 26 CONFERENCE PROGRAM, DAY TWO
2
0
2
2
PAGE 4 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 5
MESSAGE FROM THE CHAIR ABOUT THE CONFERENCE
Welcome to our first in-person PLSC in two years. This is my eighth PLSC, and my second as chair. Like
PLSC is the oldest and largest gathering of privacy
many of you, I’ve learned a lot, found friends and mentors, mentors who have become friends, and friends
who have become lifelines during these last two years. We can survive difficult and uncertain times scholars, researchers, and practitioners in the world. We
in solidarity with each other. I hope this in-person conference, with its strong Covid protocols, will be incubate and critique scholarship at the vanguard of the
fulfilling and memorable for all the right reasons.
field of law and technology.
Over the last year, PLSC has been busy. We’ve kept what has made PLSC extraordinary--constructive Since 2008, PLSC has assembled a wide array We follow a format in which a discussant,
feedback, supportive commentators, and opportunities for professional growth--and adapted PLSC to of privacy law scholars and practitioners from rather than the author, introduces and leads
ARI EZRA meet the moment in which we find ourselves. Many of our papers focus on the impacts of data extraction around the world to discuss current issues a discussion on a paper. There are no panels
WALDMAN on marginalized communities. Our community has grown to include many more scholars from groups in information privacy law and policy. PLSC or talking heads; attendees read papers in
traditionally underrepresented at PLSC. We were able to make PLSC free for all students, PhD candidates, is a paper workshop conference. It offers advance and offer constructive feedback as
Post Docs, and other early career scholars. And we have support structures in place to guard against no opportunity or obligation to publish. The full participants in the workshop. Having your
PROFESSOR OF harassment and discrimination of any kind. PLSC should be a welcoming place for all, and it’s been my goal is to provide support for in-progress paper accepted is NOT a requirement for
LAW & COMPUTER mission to make that a reality. scholarship related to information privacy attending and contributing to the conference,
SCIENCE law. To do so, PLSC assembles a wide array and indeed many attendees do not present a
Northeastern University I want to thank the program committee for its hard work, Woody Hartzog and Christo Wilson for rolling of privacy law scholars and practitioners who paper.
out Northeastern’s red carpet, Nasser Eledroos for going above and beyond to make the conference engage in scholarship. Scholars from non-
Professor Ari Ezra Waldman, a leading authority
function, our many student volunteers, the Northeastern event staff, and, of course, all of you. You are law disciplines—including but not limited The boundaries of privacy as a discipline are
on law, technology and society, is a professor
of law and computer science at Northeastern the lifeblood of PLSC and I’m so happy to back with you this year. to surveillance studies, technology studies, dynamic and contested. As such, we take a
University. He directs the School of Law’s Cen-
feminist and queer studies, information broad view. Although PLSC emphasizes the
ter for Law, Information and Creativity (CLIC).
Professor Waldman studies how law and tech- studies, critical race studies, social sciences, law of privacy, concepts from other fields play
nology effect marginalized populations, with
ARI EZRA WALDMAN humanities, and computer science—are critical critical roles in our understanding of privacy
particular focus on privacy, misinformation and
CHAIR, 2022 PRIVACY LAW
the LGBT community. participants in this interdisciplinary field. and in shaping the law.
SCHOLARS CONFERENCE
PAGE 6 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 7
MEET THE TEAM
Putting together a hybrid convening after so many years is a team effort.
THANK YOU
TO OUR SPONSORS
WOODY HARTZOG CHRISTO WILSON NASSER ELEDROOS
Host Host Conference Manager
PLSC would not have
been possible without
the many sponsors who
continue to believe in
the importance of this
convening.
CHELSEA SMITH DOMINIQUE OREFICE
Events Manager Events Coordinator
PAGE 8 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 9
PLSC AREA MAP
PLSC Reception
Museum of Fine Arts, Boston Ruggles MBTA Station Northeastern “ISEC” PLSC 2022
465 Huntington Ave, Boston 1150 Tremont St, Boston 805 Columbus Ave, Boston
On the evening of June 2nd, the Conveniently located on campus, Short for “Interdisciplinary Science
reception for the 2022 Privacy Ruggles MBTA station serves the and Engineering Complex,” ISEC
Law Scholars Conference will take Orange Line subway as well as bus is situated a block from Ruggles
place within the Museum of Fine and regional commuter rail. MBTA Station and is where PLSC
Arts, Boston, conveniently located will be taking place on June 2nd
on Huntington Avenue, a short and 3rd.
walk from ISEC on Northeastern’s
Campus.
PAGE 10 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 11
MAP OF
PLSC
Welcome to Northeastern
Our Interdisciplinary Science and Engi-
neering Complex is a hub for collaborative
research. Inside this 220,000-square-foot
innovation ecosystem, great minds come
PLSC is taking place within several together—finding new ways to improve
lives, to keep people and systems secure,
floors inside Northeastern’s and to preserve our fragile planet.
Interdisciplinary Science and Engineering Complex
Atrium Interdisciplinary Science and
Engineering Complex (ISEC). The
Classrooms map on the left details the ground
floor, which is where most of PLSC
PLSC takes place within the cavernous
will take place.
(ISEC) at Northeastern University.
Café Rooms 432, 532, 632, 655 and 660
are accessible via the elevators.
Main Entrance
From Columbus Avenue
PAGE 12 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 13
To minimize the COVID-19 risk, we are adopting the following
protocols for PLSC:
All in-person participants will be required to pres- Please bring with you tight-fitting, high-quality
ent proof of vaccination plus at least a single boost- masks—N95, KN95, KF94, and FFP2.
CONTACT INFORMATION
er upon arrival. (Photographs are fine).
We encourage participants to spread out during
COVID-19 PROTOCOL
All in-person participants must present proof of breaks and meals, including taking advantage of
a negative COVID test taken the morning of the outdoor seating. The classrooms in the building
event. (Photographs are fine. Commonly available hosting PLSC this year, Northeastern’s Interdisci-
rapid self-tests are fine). We encourage you to bring plinary Science and Engineering Complex (ISEC),
rapid tests from home to take in your hotel room are equipped with high quality air filtration systems
before walking to the venue. However, we will also and the atrium where participants will have break-
be providing rapid COVID tests free for all who fast and lunch is cavernous (six stories tall).
need them. If you choose to take a rapid test on In the case of an emergency, dial 9-1-1.
site, please arrive at 8:15 am EST to allow for plenty Please stay home if you are experiencing symptoms
of time to test before the first workshop. All regis- consistent with COVID! We are happy to have you Should you require any technical assistance or are
trants will be given a COVID rapid test to use Friday join us remotely. having trouble with any of the audiovisual facilities in
morning before coming to the conference. a workshop room, first speak to the volunteer in the
We will continue to monitor Boston’s COVID fig- room. If you’re having trouble beyond that, please call
All in-person participants must wear a protective ures, which are currently on the rise (as elsewhere) Conference Manager Nasser Eledroos at 508-948-
facemask while not actively eating and drinking. and adjust our protocols if necessary. 8113, or email n.eledroos@northeastern.edu
PAGE 14 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 15
for data users while increasing benefits for data subjects ROOM 432 the evolution of this common law privacy tort to illustrate
by creating compliance safe harbors through transparent, How Confidentiality Concerns Shape Cybersecurity Inves- why the appropriation tort is still relevant today and can be
CONFERENCE open and accountable processes. tigations by Daniel Schwarcz, Josephine Wolff, & Daniel
Woods. Discussion by Jayshree Sarathy.
helpful for data privacy litigations.
PROGRAM VIRTUAL ROOM 140
Digital Surveillance of BLM Protesters by Lelia Hampton. We interview lawyers, forensic investigators, insurers, and The Cost of A.I. Fairness in Criminal Justice: Not a Big Deal
Discussion by Arpitha Desai. regulators involved in cybersecurity investigations and by Ignacio Cofone & Warut Khern-Am-Nai. Discussion by
find that efforts to protect these investigations under at- Orin Kerr.
DAY ONE The paper surveys to moral, legal, and economic issues torney-client privilege and work product doctrine have sig-
June 2nd, 2022 surrounding state surveillance of BLM protests. nificantly hindered the ability of firms to conduct efficient, People claim that applying ML fairness constraints reduces
candid incident response efforts, as well as the ability of in- meaningful types of accuracy. They’re wrong. We run num-
Session One - 9:30 to 10:45am ROOM 138 surers and other third parties to collect robust data about bers on the COMPAS database.
How Information Privacy is Propertized by Stav Zeitouni. online threats and effective countermeasures. We propose
VIRTUAL
Discussion by Paul Ohm. some possible policy solutions for addressing these issues. ROOM 532
Using Information Privacy Standards to Build Governance
Imperfect and Uneven Bargaining: Privacy’s Contact Prob-
Markets by Pam Dixon & Jane Winn.
In both the past and the present, much is made of the ROOM 136 lem by Sebastian Benthall & Aniket Kesari. Discussion by
Discussion by Julie Cohen.
question of whether information privacy should be prop- Appropriation of Data-Driven Digital Persona by Zahra Jody Blanke.
ertized. This piece argues that the way information privacy Takhshid. Discussion by Felix Wu.
The voluntary consensus standards provisions of the UPD-
has been legislated, propertization is, in several important How well does law & economics theory explain the modern
PA represent an important innovation in information privacy
ways, a descriptive fact already present. This article argues for the expansion of the tort of appropri- digital economy and what gaps remain? We present an in-
law, but the idea of using voluntary consensus standards to
ation of likeness to include our personal data as part of the ternal critique showing how even in environments with low
support legislation in other fields is a very well established
modern day understanding of persona and digital identity. or no transaction costs, economic inefficiencies are still pos-
idea in U.S. and EU law. Because “standards build markets”
It is not arguing for a new tort. Instead, this article relies on sible because of network effects, and suggest theoretical
these provisions could help to lower the cost of compliance
PAGE 16 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 17
and policy solutions. digital platforms. Session Two - 11:15 to 12:30pm illuminating case study for regulating online misinformation
more generally, we argue that these measures can over-
ROOM 632 ROOM 655 VIRTUAL come any existing legal hurdles and are better than present
Privacy’s Commodification and the Limits of Antitrust by- Speaking Back to Sexual-Privacy Invasions by Brenda Covering Prying Eyes with an Invisible Hand: Antitrust Law, solutions.
Jeffrey Vagle. Discussion by Siona Listokin. Dvoskin . Discussion by Audra Jamai White. the New Brandeis Movement, and Privacy by Matthew
Sipe. Discussion by Gianclaudio Malgieri. ROOM 138
There is a growing body of scholarship exploring how com- This paper discusses how tech companies claim to protect The Limitations of Privacy Rights by Daniel Solove. Discus-
petition law and policy could be used to regulate the treat- sexual privacy as an excuse to carry out their war on sex The increasingly prominent New Brandeis movement in an- sion by Yan Fang.
ment of digital data and protect information privacy. This and how we might fight back. The paper aims at developing titrust law hopes, among other policy goals, to use authority
Article argues that that the use of antitrust as a tool for a queer/critical theory of sexual privacy. over competition to improve consumer privacy. This Article Privacy laws often rely too heavily on individual rights,
privacy regulation is flawed by its inherent assumption--and takes a skeptical view of those efforts; somewhat counterin- which are at most capable of being a supporting actor, a
acceptance--of privacy’s commodification. Break - 10:45 to 11:15am tuitively, the more aggressive and structuralist New Brandeis small component of a much larger architecture. This article
school of thought risks undermining consumer privacy, rath- discusses the common privacy rights, why each falls short,
ROOM 142 er than enhancing it. and the types of broader structural measures that can pro-
Against Engagement by Neil Richards & Woodrow Hartzog. tect privacy in a more systematic, rigorous, and less haphaz-
Discussion by Kate Weisburd. VIRTUAL ard way.
Online Public Health Misinformation, and How to Tame It
In this paper, we explore how the concept of engagement by Ira Rubinstein & Tomer Kenneth. Discussion by Daniel ROOM 136
might be treated not just as an online metric or as the ide- Schwarcz. The Civic Transformation of Data Privacy Implementation
ology behind surveillance advertising funded models, but in Europe by Inbar Mizarhi Borohovich, Abraham Newman,
as a concept to be regulated. Developing anti-engagement The Article analyzes underexplored measures for confront- & Ido Sivan-Sevilla. Discussion by Peter Winn.
principles might offer a fruitful way of tackling many of the ing the problem of online public health misinformation,
often bewildering array of human problems attributable to focusing on soft-regulation and regulation of algorithmic Recent data protection laws in the EU institutionalize NGO
amplification. Positioning public health misinformation as an
PAGE 18 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 19
engagement with regulators and enable bottom-up policy nificantly exacerbate existing problems caused by microtar- the Fourth Amendment that uses an evidence-based lens Park.
implementation. We study tactics and targets of the en- geting online political ads. The paper then argues that the to illuminate privacy values. This framework is then applied
forcement actions of twelve European NGOs and map their First Amendment Speech Clause should not pose a barrier to three emerging biometric technologies (facial recognition, This paper explores how the collection of metadata and
contribution to policy implementation based on a novel ty- to U.S. governments restricting such targeting. iris recognition, and DNA profiling) to show how the Fourth telemetry information is eviscerating the content/non-con-
pology for understanding enforcement actions across scope Amendment challenges that they raise implicate distinct val- tent distinction, revealing people’s personal information,
(local vs. transnational) and goals (direct vs. strategic). ROOM 532 ues. and leaving users without the possibility of having meaning-
Explanations and Meaningful Information: At the Interface ful privacy choices, and providing informed consent. In this
ROOM 655 Between Technical Capabilities and Legal Frameworks by ROOM 142 context, this paper also attempts to show how the FTC can
Privacy Qui Tam by Peter Ormerod. Discussion by Roger Suzanne Vergnolle & Dylan Bourgeois. Discussion by Rob The Character of Consent by Meg Jones. Discussion by act to provide users with meaningful privacy choices.
Ford. Lalka. Alexis Shore.
Lunch - 12:30 to 2:00pm
Privacy law is typically enforced by government agencies or This paper attempts to bridge the knowledge gap on Ex- Draft material from a forthcoming book that tells a new his-
through private rights of action, and these conventional en- plainable AI (XAI) and meaningful information between the tory of digital consent through the lens of one of our tough-
forcement schemes have significant shortcomings. Qui tam technical and legal communities. It also suggests ways to est and longest tech policy debates: cookies. Using STS-in-
enforcement offers a superior alternative. collaborate on achieving practical solutions that meet regu- spired legal construction, the book traces the origins of who
latory expectations. consents, arguing that the consent dilemma has never been
ROOM 432 about privacy self-management but instead a problem of in-
Paid Political Messaging in Immersive Reality Environments ROOM 140 ternational politics.
by Scott Bloomberg. Discussion by Jasmine McNealy. An Evidence-Based Lens on Privacy Values: Evolving
Fourth Amendment Standards and Biometric Technologies ROOM 632
This paper theorizes about how paid political messaging will by Christopher Yoo & Arnav Jagasia. Discussion by Albert Reversing the Risks: Proposing Privacy Protections for
be targeted to users in immersive reality environments (such Fox Cahn. Communications Metadata and Telemetry Information by
as the “Metaverse”) and explains how that practice will sig- This Article proposes a novel framework for understanding Susan Landau & Patricia Vargas-Leon. Discussion by SunooPAGE 20 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 21
Session Three - 2:00 to 3:15pm meaningful transparency: a collective perspective providing Census to theorize the ways in which statistical imaginaries
a third party with ongoing insight into the information gath- We are currently in the midst of a massive struggle to regu- around privacy and accuracy, and the relational dimensions
VIRTUAL ered and observed about individuals and how it correlates late biometric identification systems, including facial recog- of these imaginaries, uphold the legitimacy of federal data
Using Special Category Data to Prevent Discrimination: with any personalized content they receive, across a large, nition. There are many proposals under consideration, but infrastructures.
Does the GDPR Need a New Exception? by Marvin van representative population. could the century-old tort of Right of Publicity become a
Bekkum & Frederik Zuiderveen Borgesius. Discussion by surprisingly effective solution? ROOM 532
Aaron Massey. ROOM 136 Public Purpose Regulation of Digital Platform Markets: In-
Privacy for Sale by Christopher Bradley. Discussion by ROOM 138 tegrating Antitrust and Utility Regulation by Elettra Bietti.
Does the GDPR need a new exception allowing organisa- Katherine Strandburg. Privacy Standing by Ignacio Cofone. Discussion by Dennis Discussion by James Rule.
tions to collect sensitive data to test their AI system for dis- Hirsch.
crimination? This paper is about the conditions under which consumers’ I argue that current regulatory and antitrust efforts to rein
private information can be sold by companies. It presents a The paper proposes a three-step test for standing in privacy in the power of tech giants in the United States including
ROOM 432 new body law on that question, derived from reports writ- cases. The test aims to find an alternative to the circuit split speech, privacy and competition efforts must be under-
The Case for Establishing a Collective Perspective for to ten by experts that have to be appointed by courts when building standing on modern views of privacy and literature stood must as part of a new vision of public regulation, ef-
Address the Harms of Platform Personalization by Ayelet companies request to sell consumers’ private information on privacy harms. forts aimed at embedding public purpose in digital markets.
Gordon-Tapiero, Alexandra Wood & Katrina Ligett. Discus- in bankruptcy; we hand-collected 140 such reports, and we Recognizing the scope of public regulation as an umbrel-
sion by Rebecca Wexler. summarize them here. ROOM 140 la concept opens up existing digital regulation debates to
The Infrastructural Nature of Statistical Imaginaries: Un- experimentation and adaptability to new digital questions
In this paper we argue that any attempt to overcome the packing the Controversy Over Differential Privacy in the bridging beyond siloed antitrust and utility dichotomies.
harms created by platform personalization (including mis- 2020 US Census by danah boyd & Jayshree Sarathy. Dis-
information, manipulation, social polarization, subversion ROOM 655 cussion by Catherine Crump. ROOM 142
of autonomy, and discrimination), must be based on an Can the Right of Publicity Rein in Facial Recognition? by The Right to Social Expungement by Itay Ravid. Discussion
understanding of the collective nature of data. In order to Jason Schultz. Discussion by Jessica Silbey. This paper uses the controversy around the US Census Bu- by Jules Polonetsky.
overcome these harms, we advocate for the creation of reau’s move to differential privacy in its 2020 DecennialPAGE 22 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 23
The paper addresses a largely neglected component of crim- ROOM 632 Session Four - 3:45 to 5:00 pm tions to ask throughout smart city planning, procurement,
inal justice reform: the (in)ability of individuals who were The Managerialization of Search Law and Procedure for implementation, and management processes. Although we
wronged by the harsh CJS to reenter society due to online Internet Evidence by Yan Fang. Discussion by Jim Graves. VIRTUAL focus on cities, the approach applies to governance of sup-
newspapers stories about their criminal past. The paper uti- Life, Liberty, And Data Privacy: The Global Cloud And The posedly smart systems more generally.
lizes the case study of survivors of domestic sex trafficking This article examines how internet technology companies Criminally Accused by Rebecca Wexler. Discussion by Mi-
with past prostitution convictions to illustrate the problem, respond to search warrants, subpoenas, and other compul- chael Froomkin. ROOM 136
and offers a solution: to restyle the too-quick-to-be-disre- sory legal process. It theorizes companies’ responses within Between Privacy and Utility by Jeremy Seeman & Daniel
garded right to be forgotten (RTBF) and adopt an “American broader processes of managerialization in the information U.S. policymakers are creating special procedures for law Susser. Discussion by Evan Selinger.
style” RTBF – “the right to social expungement” economy. enforcement to circumvent foreign data privacy laws and
access cross-border evidence, but no one is creating simi- What happens when the neat formalisms and precise ab-
VIRTUAL Break - 3:15 to 3:45pm lar procedures for criminal defense investigators. This pro- stractions that underpin differential privacy’s mathematical
Regulatory Spillovers: The Case of GDPR by Florencia Ma- found structural unfairness in the criminal legal system gets results meet the nuance, normative complexity, and messy
rotta-Wurgler. Discussion by Alessandra Calvi. privacy backwards; privacy protections ostensibly meant to institutional dynamics of the real world?
constrain government power instead specially empower the
We measure empirically the effect of GDPR in United States government while shackling the criminal defense process ROOM 138
information practices by comparing the regulation’s effect in that is itself supposed to guard against government tyranny. Platforms, Privacy, and Power: How Sexual Privacy Mea-
local practices before and after the enactment of GDPR (as sures Impact Intimate Expression by Danielle Keats Citron,
measured by over sixty dimensions in the privacy policies of ROOM 432 Jon Penney, & Alexis Shore. Discussion by Brenda Dvoskin.
almost 200 firms), and compare the firms’ information prac- A Principled Decision-Making Approach to Smart Tech
tices in their E.U. policies to the U.S policies after GDPR. Governance in Cities by Brett Frischmann & Madelyn Rose Sexual privacy violations have a profound impact, chilling
We present some hypotheses explaining our findings and Sanfilippo. Discussion by Ella Corren. victims into silence; denying them sexual agency, intimacy,
discuss results to specific categories of terms. and equality; and eroding trust critical to intimate expres-
We propose an approach to smart city governance ground- sion. This paper makes a theoretical and empirical case for a
ed in local, contextual norms and scaffolded by key ques-PAGE 24 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 25
positive expressive impact of both legal and platform-based right to rectification handle personal data created by auto- en masse from individuals outside the mainstream, which ROOM 142
sexual privacy measures on intimate expression, providing mated systems to forecast people’s future. I make a case I call procedural attention. Less visible than a price mech- Data Privacy, Human Rights, and Algorithmic Opacity by
new insights while also addressing law’s neglected expres- that the right to rectify cannot be exercised effectively if it is anism but equally salient to the public interest, I suggest Sylvia Lu. Discussion by Andrew Selbst.
sive role empowering victims of online abuse. about a probable, or possible, but uncertain future. that these administrative burdens provide new avenues for
analyzing the cost and benefits of automated systems. -- An This paper discusses how machine-learning algorithms
ROOM 660 - Reading Room ROOM 532 excerpt from my upcoming book. threaten privacy protection through algorithmic opacity,
The Death of the Legal Subject: How Predictive Algorithms Reining in Tenant Screening: A Legal Roadmap by Tin- assesses the effectiveness of the EU’s response to priva-
Are (Re)constructing Legal Subjectivity by Katrina Geddes. uola Dada & Natasha Duarte. Discussion by Scott Skin- ROOM 140 cy issues raised by opaque AI systems, and proposes new
Discussion by Itay Ravid. ner-Thompson. Administering Social Data: Lessons for Social Media from algorithmic transparency strategies to promote privacy and
Medical Data by Christopher Morten, Gabriel Nicholas, & human rights protection.
As judges rely on algorithms to inform their decision-making, This paper analyzes the First Amendment legal challenges Salome Viljoen. Discussion by Ari Ezra Waldman.
how is the legal subject differently constructed? How does that housing advocates and policymakers may need to nav- Reception - 6:00 to 7:30 pm
expressive power shift from the embodied individual (shar- igate when trying to rein in tenant screening, and especially Our Article aims to transpose lessons from the set of legal, Museum of Fine Arts, Boston
ing their narrative in their own words) to the data capitalist, eviction records, as barriers to housing. It also provides rec- technical and institutional mechanisms governing the shar-
Reception Sponsored by the International Association of Privacy
identifying what weights to assign to different algorithmic ommendations on drafting eviction record sealing legisla- ing of medical data (which together we term the “medical
Professionals (IAPP).
factors? And what does the shifting epistemology of legal tion. data settlement”) to the problem of sharing social media
subjectivity mean for the legitimacy of legal institutions? data. We believe the robust set of institutions around med-
ROOM 632 ical data hold valuable lessons for navigating the Scylla and
ROOM 655 How Efficiency Fails: Procedural Attention to Automated Charybdis of ensuring independent methods of researcher
The Failure of Rectification Rights by Hideyuki Matsumi. Decision Feedback by Anne Washington. Discussion by access while protecting user privacy and preserving (or not
Discussion by Jocelyn Aqua. Laura Moy. running afoul of) trade secrecy.
This Article analyzes how data protection laws that offer a Organizational efficiency exacts a penalty of time and effortPAGE 26 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 27
sights from governance literature, and critical data protec- ROOM 140
This paper devises a framework to understand the legal tion scholarship, we argue that the logic of EU data protec- Doughnut Privacy by Julie Cohen. Discussion by Alicia
and policy issues arising during the development of large tion law reflects trends in regulation and political economic Solow-Neiderman.
DAY TWO AI datasets. organisation which undermine the law’s own oversight
June 3rd, 2022 processes. The effect, we argue, is that data protection law This paper explores the implications of the “doughnut” mod-
ROOM 432 plays a key role in drawing people into data-driven process- el of sustainable economic development for efforts to strike
Session One - 9:30 to 10:45am the appropriate balance between surveillance and privacy.
Data Protection Impact Assessment in the European Union: es of power, production, discipline, and control which they
A Feminist Reflection by Alessandra Calvi. Discussion by are often unable to resist. I will argue, first, that a similarly doughnut-shaped model
VIRTUAL can advance conceptualization of the appropriate balance(s)
Margot Kaminski.
Big Mistake(s) by Tal Zarsky & Samuel Becher. Discussion VIRTUAL between surveillance and privacy, and second, that taking
by Karen Levy. In this article, I address the following research question: Can Community, Coordination, and Privacy in Public by Rich- the doughnut model seriously suggests important questions
the DPIA under the GDPR be considered a feminist tool? ard Warner & Robert Sloan. Discussion by Jordan Wal- about the uses, forms, and modalities of legitimate surveil-
This article turns to the well-known yet rarely applied doc- Spoiler alert: not really. However, it could still serve feminist lace-Wolf. lance.
trine of mistake in contract law. It examines whether mistake goals. For that, my suggestions are to incorporate feminist
may play a role in recalibrating the inherent imbalance of legal methods and intersectionality into the DPIA process Informational norms are the foundation on which privacy ROOM 532
knowledge, power, and sophistication between giant online and grant data subjects a “right to DPIA”. in public rests, but we not build public policy on that foun- Beyond War Games: Deduction, Interference, and Ac-
platforms and individual users. The article demonstrates dation because the foundation is incomplete. The missing cess-Based Computing Attacks by Kendra Albert, Ram
that with some tinkering, this doctrine might be applied to ROOM 138 element is common knowledge, the recursive belief state of Shankar, & Sunoo Park. Discussion by Aileen Nielsen.
allow users to revoke their agreements and apply for mean- Data Protection Doesn’t Work: Oversight Failure in Data parties knowing, knowing they know, knowing they know
ingful remedies. Processing Figurations by Jennifer Cobbe & Jatinder Singh. they know, and so on potentially ad infinitum. Common Since the passage of the Computer Fraud and Abuse Act and
Discussion by Peter Swire. knowledge is an essential factor in facilitating coordination, many similar computer crime laws, many new and impact-
ROOM 136 ful kinds of attacks on computing systems have emerged:
and it unites coordinating parties in privacy-in-public-creat-
Dataset Accountability by Mehtab Khan & Alex Hanna. Drawing on the sociological concept of the ‘figuration’, in- ing communities bound by trust. today, researchers and practitioners are just as concerned
Discussion by Luiza Jarovsky.PAGE 28 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 29
about deanonymization, side-channel attacks, adversarial ing by Sarah Cen & Manish Raghavan. Discussion by Ed- exposure. Session Two - 11:15 to 12:30pm
attacks on machine-learning systems, and other methods ward McNicholas.
that do not rely on unauthorized access to a computing Break - 10:45 to 11:15am VIRTUAL
system, or otherwise fall within the CFAA’s scope. In this Data-driven assessments estimate a target by pattern Data Benefit-Sharing: The International Governance of
work, we examine attacks that do not involve unauthorized matching against historical data, but even algorithms that Cross-Border Data Flows from a Social Justice Perspective
access, contextualizing them as one of three main catego- boasts near-perfect performance on average can produce by Svetlana Yakovleva. Discussion by Tal Zarsky.
ries of modern attacks, joined by interference and deduction assessments that perform poorly on specific individuals.
attacks in a novel taxonomy. These failures can lead to decisions that inflict irreparable This paper focuses on global data governance with a view
harm on individuals through no fault of their own, which to creating a system of benefit sharing, the ultimate aim
ROOM 655 motivates the need for a new legal right---that we call the of which is to reduce global inequality that can be caused
Define Dark Patterns Through FTC Common Law by Daniel right to be an exception---that evaluates the risk of harm, in- by the extraction and mining of [personal] data. The article
Jellins. Discussion by Andy Sellars. dividualization, and uncertainty of data-driven assessments. looks at data use from the perspective of value and then
whether and how that value should be distributed between
In order to better define and subsequently regulate dark ROOM 142 communities and societies from which the data was cre-
patterns, a tricky online design or user interface, we should Privacy Nicks: How the Law Normalizes Surveillance by ated to achieve greater social justice for populations on a
use the FTC’s body of consent decrees, statements, and Woodrow Hartzog, Evan Selinger, & Johanna Gunawan. cross-country rather than intra-country level.
rules to understand what is already a violation of current Discussion by Scott Mulligan.
law or not. From that analysis, we see that for the most part ROOM 532
these new manipulative designs can be distinguished as ei- Privacy law’s most significant failure is its neglect of smaller, Bridging Notions of Bias from Tech, Law, & Ethics by Eliz-
ther violation of current law or not. more frequent, and more mundane privacy encroachments, abeth Edenberg & Alexandra Wood. Discussion by Aloni
which we call “privacy nicks.” Without a firm backstop to Cohen.
ROOM 632 prevent privacy nicks from normalizing surveillance creep,
The Right to be an Exception in Data-Driven Decision-Mak- there is nothing to prevent a gradual tolerance of maximum While there may be an emerging consensus that sociotech-PAGE 30 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 31
nical algorithms should be designed to be fair, computer ROOM 136 ulative design — which we call algorithmic dark patterns —
scientists, legal scholars, and ethicists are likely not speak- Police Secrecy Exceptionalism by Christina Koningisor. Dis- ROOM 138 that merits further elaboration, as well as explicit incorpora-
ing the same language when introducing and evaluating cussion by Christopher Slobogin. Holes in the Umbrella: A Critique of Privacy as Taxonomy tion into a broader conceptual framework for dark patterns.
proposals for addressing algorithmic bias. In this paper, we by Maria Angel & Ryan Calo. Discussion by Rebecca Green. To this end, we propose a deductive approach to identifying
analyze differences between technical, legal, and ethical ap- This Article maps out the extraordinary secrecy protections dark patterns that’s based on a set of shared characteristics
proaches to understanding bias, discrimination, and fairness extended to law enforcement agencies. It then examines the The taxonomical approach to privacy was initially offered common to both static dark patterns and dynamic, algorith-
in order to lay the groundwork for a broader understand- doctrinal and policy-oriented underpinnings of this excep- as a pragmatic response to definition fatigue—and justi- mic dark patterns.
ing of the underlying harms and the values that individuals, tional treatment, finding that these arguments generally fall fied anew as a means to concretize harms for courts and
groups, and society at large seek to protect in designing and into one of three buckets: protection against circumvention lawmakers—and has seen much praise and relatively little ROOM 140
enforcing fair algorithms. of the law, protection of citizen or police officer privacy, and challenge. This essay argues that a taxonomical approach Legacy Switches: A Proposal to Protect Privacy, Security,
preservation of the effectiveness or efficiency of policing. grounded in social recognition has nevertheless come at sig- Competition, and the Environment from the Internet of
ROOM 432 It concludes that none of these proffered defenses justify nificant costs. There are limits to social recognition as the Things by Paul Ohm & Nathaniel Kim. Discussion by Su-
Fourth Amendment Notice in the Cloud by Jesse Lieber- the powerful informational protections currently extended sole criterion for what counts as a privacy problem. zanne Wetzel.
feld. Discussion by Brett Frischmann. to law enforcement agencies.
ROOM 632 IoT devices give rise to privacy harms in their basic opera-
This paper examines the problem of unannounced search- ROOM 655 Architectures of choice, or architectures of control? Dark tion; security harms as they age; and environmental harms
es in the cloud and the legal and technological frameworks Interoperable Obscurity by Thomas Kadri. Discussion by Patterns and Algorithmic Manipulation by Jennifer King, when they are replaced due to planned obsolescence. We
in which those searches operate. Examining the problem Anne Klinefelter. Caitlin Cary Burke, & Eli MacKinnon. Discussion by Steve propose, elaborate, and defend a novel, simple, and con-
through the frames of communications privacy, constitu- Bellovin. crete solution to address all of these problems: every IoT
tional history, and Fourth Amendment doctrine, it concludes Data brokers enable interpersonal abuse by making people device manufacturer should build a switch into their device
that the current practice of unannounced searches under easier to trace. This Essay proposes a regulatory regime of While most research and discussion to date on dark pat- called a “legacy switch,” that can be flipped by the consumer
ECPA fails to meet the basic notice requirement at the core “interoperable obscurity” to more effectively and empathet- terns has focused on static user interface design patterns, to disable any smart feature that contributes to these harms.
of the Fourth Amendment. ically help people avoid abusive surveillance. we argue that there’s a distinct, fast-evolving class of manip-PAGE 32 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 33
VIRTUAL data security enforcement actions, and argue that Section Session Three - 2:00 to 3:15pm attempted to integrate these two frameworks.
GDPRxiv: Tracking GDPR Enforcement in the Wild by Su- 5 enforcement would be at least as preferable as Magnu-
preeth Shastri & Chen Sun. Discussion by Bill McGeveran. son-Moss rule making. VIRTUAL ROOM 432
Variations in Re-identification Risks of Mobility Trace Data Assessment Integrity: Distance Learning, Consumer Priva-
Though European Union’s General Data Protection Regula- Lunch - 12:30 to 2:00pm in Different Urban Areas and Population Segments by Fei- cy and Student Privacy in Ed-Tech by Madiha Choksi, Yan
tion (GDPR) is hailed as a model privacy regulation, details yang Sun & Jan Whittington. Discussion by Susan Landau. Shvartzshanider, & Madelyn Rose Sanfilippo. Discussion by
about its enforcement are not well understood. To address Jill Bronfman.
this gap, we propose establishing the state of the art (SOTA) How does privacy risk of location data vary among different
in GDPR enforcement, and present the design and imple- urban areas and population segments? This study looks into We explore how educational technologies exacerbate ten-
mentation of GDPRxiv: an information archival system that this question and discusses its implication for the policy and sions between students, educators, and institutions by
collects and curates GDPR rulings, judgements, reports, and governance of spatial data privacy. framing educational consumers as distinct from data sub-
official guidances. jects and ignoring relevant values underlying assessment
VIRTUAL integrity in favor of economic extraction and policing of stu-
ROOM 142 The Carpenter Test as a Transformation of Fourth Amend- dents.
Unfair Artificial Intelligence: How FTC Intervention Can ment Law by Matthew Tokson. Discussion by Andrew Fer-
Overcome the Limitations of Discrimination Law by An- guson. ROOM 136
drew Selbst & Solon Barocas. Discussion by Maria Brincker. Usable EU-Compliant Cookie Consent Banners: Is it possi-
This new Fourth Amendment paper contends that 1) a “Car- ble? by Cristiana Santos & Colin Gray. Discussion by Joris
We argue that the FTC should use its Section 5 authority penter test” has emerged in the lower courts and 2) this test van Hoboken.
to regulate algorithmic discrimination because it can over- should largely replace the Katz test -- indeed the replace-
come many of the limitations of discrimination law. We also ment has already started. More broadly, it examines the un- We evaluate consent banner design through the lens of ex-
analyze the legality of such a plan, propose that the Com- easy state of current Fourth Amendment law, in which the isting legal frameworks and design evaluation techniques.
mission pursue a common law approach that parallels its Katz and Carpenter paradigms overlap and compete in the Through this bi-directional approach, we seek to identify
lower courts, and describes the many ways that courts havePAGE 34 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 35
synergies and tensions among design and law that may also privacy enables relationships, makes social life possible, and Arpitha Desai. How should we think about humans in the loop of algorith-
have applicability to future regulatory action in the EU and nurtures democratic society more broadly, the paper applies mic systems? More deliberately! Slapping a human in it isn’t
United States. these findings to a series of contemporary privacy policy The paper address the concept of privacy in historical per- a general-purpose regulatory fix; rather, it creates a range of
problems in which individualistic understandings of privacy spective from Islamic point of view. Then, the paper tries to new challenges.
ROOM 655 produce unsatisfying outcomes. build a connection into modern time by analyzing the laws
Unjust Enrichment: “Standing” Up for Data Privacy Rights of select Arab countries. Break - 3:15 to 3:45pm
by Bernard Chao. Discussion by Jay Stanley. ROOM 140
Federalism in the Automated State by Alicia Solow-Nieder- ROOM 632
The equitable doctrine of restitution and unjust enrichment man & David Freeman Engstrom. Discussion by Ryan Calo. Integrating Differential Privacy and Contextual Integrity by
has been recognized by the courts for centuries. Because Rachel Cummings & Sebastian Benthall. Discussion by Da-
it focuses on the defendant’s wrongful gains instead of AI has a federalism problem: Many of the most concerning vid Rudolph.
the plaintiff’s injury, it can avoid the Supreme Court’s inju- AI uses are concentrated in state and local governments,
ry based standing test. Legislatures should take advantage where budgetary and political imperatives, dependence Differential Privacy (DP) is a property of an algorithm that
of this feature and expressly include the unjust enrichment on private sector procurement, and low technical capacity injects statistical noise to obscure information about indi-
remedy in future privacy statutes. make the emergence of meaningful accountability unlikely. viduals represented within a database; Contextual Integrity
We map these institutional and structural challenges across (CI) defines privacy as information flow that is appropriate
ROOM 138 numerous policy areas and grapple with what might be done to social context. In this paper, we explore the integration of
Privacy’s Social Dimensions by Neil Richards. Discussion by given the sharp doctrinal and practical limits imposed by CI and DP paradigms to enable contextually situated contin-
Zahra Takhshid. American federalism. uous information design for preserving privacy.
This paper explores privacy’s social dimensions: the ways ROOM 532 ROOM 142
in which privacy matters as a social value rather than a nar- The Right to Privacy in Islamic Context and the Digital Age: Humans in the Loop by Margot Kaminski, Rebecca Crootof,
rowly individualistic interest. Exploring the ways in which The Case of Gulf States by Bashar Malkawi Discussion by & Nicholson Price. Discussion by Claudia Haupt.PAGE 36 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 37
Session Four - 3:45 to 5:00pm toward a sustainable environment for AI systems, they are ROOM 138 sites.
still too lenient: what we propose is that AI developers, be- Governing Mentalities in Technology Policy: Permissionless
VIRTUAL fore launching their systems into the market, must perform Innovation vs. The Precautionary Principle by Gilad Rosner ROOM 632
Taking Emergence Seriously in Law and Technology Regu- a preliminary risk assessment of their technology followed & Vian Bakir. Discussion by Pauline Kim. ε-Differential Privacy, and a Two Step by Nathan Reitinger,
lation by Samson Esayas. Discussion by David Sella-Villa. by a self-certification “justification”. Amol Deshpande, & Michelle Mazurek. Discussion by Ra-
This paper explores two different philosophies of how to chel Cummings.
Consider the following legal quandaries: a victim of a wrong- VIRTUAL govern emerging technology: ‘permissionless innovation’
doing without a perpetrator, a work of art without an author, Van Gogh Interrupted: AR/VR Technology, Privacy, and and the precautionary principle. We critique the former, Differential privacy does exactly what it says it will do, math-
or the possibility that the sum of legally compliant behaviors Accessibility Rights by Brittan Heller. Discussion by David and argue that the latter is essential to prevent long term, ematically speaking, but what does that mean to a statute
might give rise to non-compliance. Welcome to the world of Spatt. difficult-to-detect technology harms to autonomy, freedom mandating data confidentiality—what is required before le-
emergence in law. of thought, private spaces, and a liberal democratic order. gally protected data may be shared? This paper introduces a
ROOM 432 novel, two-step test which answers that question, providing
ROOM 136 “Public” Wrongdoing and the Limits of the Right to Privacy ROOM 532 a translation between the language statutes speak and the
From Transparency to Justification: Toward Ex Ante Ac- by Jelena Gligorijevic. Discussion by Olumide Babalola. When Privacy Becomes Perpetual: How Temporality Influ- language differential privacy speaks, in turn motivating com-
countability for AI by Frank Pasquale & Gianclaudio Mal- ences Users’ Initial and Adjusted Self-Disclosure on Social pliance-inspired, private data sharing.
gieri. Discussion by Kendra Albert. When does wrongdoing disentitle an individual to her right Networking Sites by Zhuoran Jiang. Discussion by Madiha
to privacy? ‘Public’ wrongdoing, the essence of which is the Choksi. ROOM 655
This paper proposes a system of “unlawfulness by default” betrayal of another or of the community itself, is inconsis- What is Privacy—to Antitrust Law? by Erika Douglas. Dis-
for AI systems, an ex-ante model where some AI developers tent with why we value privacy and the reasons why we This paper problematizes how users heterogeneously expe- cussion by Kirsten Martin.
have the burden of proof to demonstrate that their technol- protect it: that type of wrongdoing cannot be covered by a rience time (i.e., temporality) and theorizes the effects of
ogy is not discriminatory, not manipulative, not unfair, not right to privacy. temporality on self-disclosure. The proposed perpetual pri- ROOM 140
inaccurate, and not illegitimate in its legal bases and pur- vacy model integrates both retrospective and prospective Recording Race in Public Education by Fanna Gamal. Dis-
poses. Although the EU’s GDPR and proposed AI Act tend privacy management of personal data on social networking cussion by Anne Washington.PAGE 38 PRIVACY LAW SCHOLARS CONFERENCE 2022 PAGE 39 This paper examines the construction of identity through school recordkeeping. ROOM 142 The Consent Burden: Between Privacy and Consumer Pro- tection by Ella Corren. Discussion by Woodrow Hartzog. Empty consent continues to be the vehicle that legitimizes digital surveillance and other exploitations in consumer mar- kets and the information economy. This article introduces a new concept for analyzing these markets — The Consent Burden — which is analogous to the regulatory burden, and can be used as a metric for rights/power allocation in mar- kets; accounting for the Consent Burden can change regula- tory logic going forward.
info@privacyscholars.org www.privacyscholars.org
You can also read
