Reporters' Memorandum: Restatement Third of Information Privacy Principles

Similar documents
Analysis of Privacy and Data Protection Laws and Directives Around the World

Whatever Happened to the. Fair Information Practices?

FIPPs Fair Information Practice Principles

2

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Toward Objective Global Privacy Standards. Ari Schwartz Senior Internet Policy Advisor

Privacy Policy SOP-031

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Environmental Assessment in Canada and Aboriginal Law: Some Practical Considerations for Navigating through a Changing Landscape

Environmental Law, Big Data, and the Torrent of Singularities

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Testimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the

GDPR Implications for ediscovery from a legal and technical point of view

December 8, Ms. Susan Cosper Technical Director Financial Accounting Standards Board 401 Merritt 7 PO Box 5116 Norwalk, CT

Privacy Policy Framework

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

Privacy, Ethics, & Accountability. Lenore D Zuck (UIC)

24 May Committee Secretariat Justice Committee Parliament Buildings Wellington. Dear Justice Select Committee member,

Effective Utilization of Patent Searches in the Wake of the AIA Patent Reform Law. April 30, 2012

I hope you will find these comments constructive and helpful.

Privacy Procedure SOP-031. Version: 04.01

Details of the Proposal

Government of Alberta News Release

University of Southern California Guidelines for Assigning Authorship and for Attributing Contributions to Research Products and Creative Works

ICC POSITION ON LEGITIMATE INTERESTS

Social Networks, Privacy, and Freedom of Association

Updating Data Protection: Part I -- Identifying the Objectives

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Intellectual Property

What does the revision of the OECD Privacy Guidelines mean for businesses?

Before the United States Patent and Trademark Office Alexandria, VA COMMENTS OF COMPUTER & COMMUNICATIONS INDUSTRY ASSOCIATION

ARTICLE 29 Data Protection Working Party

January 1 st, 2018 Sample Current Affairs

Privacy by Design: Integrating Technology into Global Privacy Practices

DISPOSITION POLICY. This Policy was approved by the Board of Trustees on March 14, 2017.

MINISTRY OF HEALTH STAGE PROBITY REPORT. 26 July 2016

BUREAU OF LAND MANAGEMENT INFORMATION QUALITY GUIDELINES

Privacy Law in Canada: Obligations and Risks in the Cyber Age Dina L. Maxwell Associate Lawyer

About the Office of the Australian Information Commissioner

The WeScreenplay Feature Screenwriting Competition Rules and Information

ARAMINTA FREEDOM INITIATIVE

THE BEST PRACTICES ACT OF 2010 AND OTHER FEDERAL PRIVACY LEGISLATION

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

Transparency in Negotiations Involving Norms for Knowledge Goods. What Should USTR Do? 21 Specific Recommendations

APPEAL TO BOARD OF VETERANS APPEALS

THE ROYAL AIR FORCE MUSEUM S POLICY FOR ACQUISITION AND DISPOSAL OF ARTEFACTS TO AND FROM THE COLLECTION INTRODUCTION 2

Guidelines on Standardization and Patent Pool Arrangements

Re: Examination Guideline: Patentability of Inventions involving Computer Programs

Subject: Comments on planned amendment of Gambling Activities Act in Poland.

F98-3 Intellectual/Creative Property

PARTICIPATION AGREEMENT between THE REGENTS OF THE UNIVERSITY OF CALIFORNIA and INSERT PARTNER'S CORPORATE NAME

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA. United States District Court

This research is supported by the TechPlan program funded by the ITS Institute at the University of Minnesota

General Education Rubrics

The America Invents Act: Policy Rationales. Arti K. Rai Duke Patent Law Institute May 13, 2013

WHEREAS, UCMERI requires additional financial support to sustain its operations; and

Question Q 159. The need and possible means of implementing the Convention on Biodiversity into Patent Laws

Technology Transfer and Intellectual Property Principles in the Conduct of Biomedical Research

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

Network Working Group. Category: Informational April 2002

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0) Fax: +44 (0)

NASW Code of Ethics Revisions Effective January 1, 2018

The Mismatch Between Probable Cause and Partial Matching

Mr Hans Hoogervorst Chairman International Accounting Standards Board 30 Cannon Street London EC4M 6XH United Kingdom

Internet 2020: The Next Billion Users

neworleanscitypark.com/2018-photo-contest

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Discussion Points Information Communication Technology: a Legal Practitioners. Perspective. Presented at Law Society of Zimbabwe Winter School 2016

Public Hearings Concerning the Evolving Intellectual Property Marketplace

January 10, Council on Governmental Relations Contact: Robert Hardy, (202)

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

Castan Centre for Human Rights Law Faculty of Law, Monash University. Submission to Senate Standing Committee on Economics

A PRACTICING PRIVACY LAWYER S PERSPECTIVE ON USE ANALYSIS AS A WAY TO MEASURE AND MITIGATE HARM

The WeScreenplay Feature Screenwriting Competition Rules and Information

Fowler Vincent Harper

Session 1, Part 2: Emerging issues in e-commerce Australian experiences of privacy and consumer protection regulation

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0) Fax: +44 (0)

Report to Congress regarding the Terrorism Information Awareness Program

Robert Bond Partner, Commercial/IP/IT

SBA Expands and Clarifies Ability of SBICs to Finance in Passive Businesses

Privacy by Design: Research and Action. Deirdre K. Mulligan

The Ethics of Artificial Intelligence

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

Swedish Proposal for Research Data Act

Presentation to NAS Committee on IP Management in Standards-Setting Processes. Dan Bart President and CEO Valley View Corporation November 4, 2011

Workshop II. OSHA s New Electronic Reporting Rule How to Prepare and Comply. Wednesday, March 22, :15 a.m. to 12:30 p.m.

VSWEEPS, INC (VSWEEPS) SWEEPSTAKES PROGRAM

ALI-ABA Topical Courses The Rising Tide of Shareholder Activism December 3, 2009 Topical Audio Webcast TABLE OF CONTENTS

An Overview of FDA s Regulatory Compliance Agenda

TOWNSQUARE MEDIA SING THE OCEACHFIRST BANK JINGLE OFFICIAL CONTEST RULES

SR (FPC)(RC)

2016 Farmer Cooperatives Conference. Drones Take Flight: Privacy and Intellectual Property Issues

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

The ALA and ARL Position on Access and Digital Preservation: A Response to the Section 108 Study Group

Intellectual Property Law Alert

Ethical Governance Framework

FEE Comments on EFRAG Draft Comment Letter on ESMA Consultation Paper Considerations of materiality in financial reporting

The Implications of Cyber Technology for Social Work Education

Programs for Academic and. Research Institutions

Transcription:

Berkeley Law Berkeley Law Scholarship Repository Faculty Scholarship 8-13-2013 Reporters' Memorandum: Restatement Third of Information Privacy Principles Paul M. Schwartz Berkeley Law Daniel J. Solove George Washington University Law School Follow this and additional works at: http://scholarship.law.berkeley.edu/facpubs Part of the Law Commons Recommended Citation Paul M. Schwartz, Reporters' Memorandum: Restatement Third of Information Privacy Principles, 2013 Preliminary Draft No. 1 ix (2013) This Article is brought to you for free and open access by Berkeley Law Scholarship Repository. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of Berkeley Law Scholarship Repository. For more information, please contact jcera@law.berkeley.edu.

REPORTERS' MEMORANDUM Restatement Third of Information Privacy Principles Paul M. Schwartz Professor of Law, UC Berkeley School of Law Daniel J. Solove John Marshall Harlan Research Professor of Law, George Washington University Law School August 13, 2013 Introduction Information privacy law in the United States is currently a bewildering assortment of many types of law that differ from state to state and in federal statutes and regulations. Information privacy law concerns the collection, use, and disclosure of personal information. At present, it is unwieldy and conflicting. There is another result of American information privacy law's current status as a cacophony of so many different laws and regulations. The state of this area of U.S. law has led many foreign nations to discount the protections that do exist here. The EU, for example, has little respect for U.S. information privacy law, and its view of U.S. law is creating significant tensions and problems for smooth transborder data flows and efficient commerce between EU members and the United States. Information privacy law is, therefore, an area of law that requires the type of guidance that the ALI can bring. This draft is organized around key Fair Information Practice Principles (FIPPs). FIPPs are a set of principles about the responsibilities that entities should have when collecting and using personal data. They also provide the rights that people should have regarding their data. The initial set of FIPPs were originally articulated in 1973, and have subsequently been restated and expanded a number of times. Despite this revisiting, FIPPs have remained essentially the same during the past 40 years. They have also been extremely influential. FIPPs form the backbone of privacy law in the United States and around the world. FIPPs are already the foundation of much privacy law, and, as a consequence, they represent the best place to focus the ALI project. FIPPs need to be restated; they need more flesh on the bone; they need to provide sufficient guidance to bring uniformity and clarity to the law. FIPPs have been articulated many times, but each articulation has been incomplete and has not contained sufficient detail and guidance to make FIPPs more useful. Moreover, FIPPs have not been adequately harmonized with the common law. New legal principles that have developed are not sufficiently included in these principles. This draft is designed to develop and advance FIPPs into a set of principles that will provide the kind of guidance that information privacy law needs.

Questions and Comments for the Advisers and the Members Consultative Group 1. We have chosen to use the approach to personally identifiable information (PI1) that we have proposed in one of our articles-to have full protections for identified data and only some, but not all, protections for identifiable data. Are there are alternative approaches that are practical and viable? 2. What is adequate notice? How specific should privacy notices be? As former FTC Chairman Jon Leibowitz stated, "Initially, privacy policies seemed like a good idea. But in practice, they often leave a lot to be desired. In many cases, consumers don't notice, read, or understand the privacy policies."' How are these problems to be addressed? 3. In 5 (Consent), we include a provision about using "only the minimum necessary information to achieve the purpose for the use, collection, or disclosure." Should additional guidance and more concrete language be used here? 4. Throughout 5, the concept of "reasonableness" is used quite substantially. We wanted this provision to have sufficient flexibility and not be too rigid or constraining. Is there a better way to achieve flexibility yet also provide meaningful guidance about this challenging issue? 5. We include 6 (Confidentiality), which oddly is not codified explicitly in many versions of the FIPPs. It is clearly implied, but often not spelled out. The common law is much more developed when it comes to confidentiality and its exceptions, so we looked to the common law to craft this provision. 6. We include 8 (Purpose Limitation), one of the more contested of the FIPPs. The principle of purpose limitation was drafted purposefully to be quite vague. Could it use some additional fleshing out? One concern is that the provision as drafted does not specify what "relevance" is, how this is to be determined, or the consequences for using data in ways that are not relevant. How would we develop this without making the principle too restrictive or contested? 7. In 9 (Use and Disclosure Limitation), we directly prohibit uses that intentionally or negligently cause harm to individuals. We fuse common law with FIPPs for the concepts in this provision. Should we flesh out more how to define "harm"? And what additional guidance can be provided about what constitutes negligence in the context of the use of personal data? 8. In 12 (Destruction of Data), we include a milder form of the "right to be forgotten," an idea which is now discussed in the EU. The "right to be forgotten" itself is poorly named because rarely is all of a person's data 100 percent forgotten. Instead, the debate concerns reasonable restrictions on data retention. There are countless U.S. laws that regulate data retention. We have sought to generalize from these laws. Are there exceptions beyond those we list? We also have a data disgorgement provision for data obtained in violation of the Information Privacy Principles. ' So Private, So Public: Individuals, the Internet & the Dilemma of Behavioral Marketing, FTC (Jon Leibowitz, Town Hall Meeting on Behavioral Advertising: Tracking, Targeting, & Technology), 2007 WL 3352514 (Nov. 1, 2007).

Are there any legitimate reasons why data obtained in violation of the Information Privacy Principles should ever be retained? 9. Regarding 13 (Portability of Data), we would like input on the validity of this concept. Should we include this principle on data portability? 10. The principle 16 (Redress for Harm) is one of the more complex and controversial issues we need to address. How should harm be defined? The law has struggled significantly with the issue of what constitutes harm when data is misused. In many cases, privacy harms can be small. For example, consider a notice that could have been clearer and that resulted in the use of data for a marketing campaign to people. Imagine that some people were annoyed by the unexpected marketing, but that they are unable to point to a significant harm. How should we provide appropriate redress for such violations that creates the optimal deterrence without overly penalizing the wrongdoer? A small amount of harm (such as $1 per individual) can add up in the data privacy context when data is gathered about millions (sometimes billions) of people. We included subsection 4 to allow courts to craft other forms of redress. Are there other approaches or solutions? 11. Are there any principles we should also be including?

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback