INFORMATION PRIVACY LAW
Georgetown Law
Spring 2019
Prof. Marc Rotenberg
Prof. Alan Butler
DESCRIPTION
This course examines the law of information privacy, an individual's right to control his or her personal information held by others. The aim of the course is to understand how courts and Congress seek to protect information privacy as new technologies and institutional practices emerge. The course traces the origins of the right to information privacy in American law through constitutional law, tort law, and modern statutory law. Case studies of landmark privacy legislation illustrate how expectations of privacy are translated into legal frameworks. The course looks at recent controversies involving cell phone tracking, drones, social media monitoring, and internet connected devices. The course also considers the impact of the European privacy directive, the growth of the Internet, and the availability of cryptography and other Privacy Enhancing Technologies on the future of privacy law in the United States.
A NOTE ABOUT THE 2019 CLASS
We recently published a new casebook, ALLEN & ROTENBERG, PRIVACY, LAW AND SOCIETY (West 2016), and we have also published a comprehensive PRIVACY LAW SOURCEBOOK (EPIC 2018). Most of the assignments will be found in the Casebook and the Sourcebook. The current syllabus and additional course materials (including past exams) can be found at www.privacylawandsociety.org.
We will also discuss articles from PRIVACY IN THE MODERN AGE: THE SEARCH FOR SOLUTIONS (THE NEW PRESS 2015). You may also find interesting, though it is not required, ARTEMI RALLO, THE RIGHT TO BE FORGOTTEN ON THE INTERNET: GOOGLE V. SPAIN (EPIC 2018).
The Supreme Court has provided several interesting cases for us to study this semester: Frank v. Gaos, No. 17-961 and Department of Commerce, et al. v. U.S. District Court for the Southern District of New York, et al., No. 18-557. Oral argument in Department of Commerce case will be held on Tuesday, February 19, 2019. A final decision in Gaos is expected some time in the spring.
And if you are at Georgetown University Law Center taking a class on Information Privacy Law, you should learn more about the Georgetown Law Center on Privacy and Technology. Finally, real privacy experts say "Fair Information Practices" not "Fair Information Practice Principles." These things matter.
LOGISTICS
Information Privacy Law meets Wednesday evenings, 5:45 p.m. to 7:45 p.m. in Hotung 1000. There is no class Wednesday, February 20th (faculty retreat) and no class on Wednesday, March 13th (spring break). The last class is Wednesday, April 24th. Information Privacy Law is a two-credit seminar. The final will be a take-home exam. There is no paper option. To contact Professor Rotenberg, send email to rotenberg@epic.org or call 202-483-1140 x106. To contact Professor Butler, send email to butler@epic.org or call 202-483-1140 x103.
Grading is based on the final exam, class attendance, and class participation. If you are unable to attend a class, please let us know in advance. There is no writing assignment this year. Students may not withdraw from this class after the add/drop period ends without the permission of the professor.
WHAT'S IMPORTANT
Here are ten concepts you should understand after taking this class:
- Privacy law - the major decisions, statutes, and international frameworks
- The role of Fair Information Practices in shaping modern privacy law
- The "reasonable expectation of privacy" test and its various applications
- How privacy concerns are translated into legal claims
- The significance of the Brandeis dissent in Olmstead
- The various institutional actors in the development of privacy law - judges, regulators, lawyers, legislators, advocates, technologists
- The basic elements of a privacy statute
- How to assess the privacy implications of new business practices and new government practices
- Technology as both a threat and an aid to modern privacy protection
- The many dimensions of privacy (physical privacy versus informational privacy) and the paradoxes of privacy (privacy and transparency, privacy and the First Amendment)
Week 1: Privacy and the Fourth Amendment (January 16th)
Topics
- Administration -
- Class objectives
- Meeting time and place
- Final exam
- Privacylawandsociety.org website
- The text of the Fourth Amendment
- The significance of the Brandeis dissent in Olmstead
- The Reasonable Expectation of Privacy ("REOP") Test
- The application of REOP to new investigative techniques
- The Grand Synthesis: Reconciling property-based and REOP-based views of the Fourth Amendment
Assignment
PRIVACY LAW AND SOCIETY
- The Fourth Amendment, 396
- Olmstead v. United States (U.S. 1928), 396-403
- Katz v. United States (U.S. 1967), 406-9
- Note: Berger v. New York (U.S. 1967), 409-10
- Smith v. Maryland, 442 U.S. 735 (1979)
- Kyllo v. United States (U.S. 2001), 427-29
- United States v. Jones (U.S. 2012), 435-43
- Note concurring opinions by Justices Sotomayor and Alito
Florida v. Jardines (U.S. 2013), 429-35
- Note concurring opinion by Justice Kagan
Week 2: Introduction to Privacy Law (January 23rd)
Topics
- Defining privacy
- The structure and significance of the Brandeis Warren article
- The response in the states
- The role of the courts and the legislature in defining the scope of the right to privacy
Assignment
PRIVACY LAW AND SOCIETY
- An Introduction to Privacy Law, 1-15
- Before the Four "Right to Privacy" Torts, 15-17
- Manola v. Stevens - Modesty and Autonomy, 23-24
- Godkin, The Right of the Citizen to His Reputation, 24-25
- Brandeis and Warren, "The Right to Privacy" (1890), 25-32
- Why Then? Privacy and History, 35-37
- Cameras, Telegrams and Post Cards, 37-38
- Roberson v. Rochester Folding Box, 41-42
- A Legislative Reply to Roberson: N.Y. Civil Rights Law Sections 50 and 51, 42
- Pavesich v. New England Life, 42-45
- The Rhetoric of Freedom and Slavery, 45-46
- Four Privacy Torts, 48
- Allen, Privacy Torts, 48-49
- Prosser, ALI, 49-50
PRIVACY IN THE MODERN AGE: THE SEARCH FOR SOLUTIONS
- Pasquale, "Privacy, Autonomy, and Internet Platforms," 165-67
- Citron, "Protecting Sexual Privacy in the Information Age," 46-54
Week 3: Common Law: The Privacy Torts (January 30th)
Topics
- The impact of the Prosser Restatement
- The Intrusion Tort
- The Publication of Private Facts Tort
- The False Light Tort
- The Appropriations / Right to Publicity Tort
- The significance of "black letter" privacy law
Assignment
PRIVACY LAW AND SOCIETY
- Mastering the Doctrine, 51-52
- Intrusion Upon Seclusion, § 652B, 52
- Hamberger v. Eastman, 52-54
- Boring v. Google, 54-56
- Boring v. Google on Appeal, 56-57
- Publicity Given to Private Life, § 652D, 125
- Melvin v. Reid, 125-27
- Sidis v. F.R. 127-28
- False Light Tort, §652E, 160
- Lake v. Walmart, 169-70
- The Appropriation Tort, §652C, 179
- Castro v. NYT TV, 180-81
- NY Privacy Statute, 190-91
- Time v. Hill, 191-92
- California Right to Publicity, 220-21
- Midler v. Ford Motor Co., 221-22
(optional additions: two posts on Bollea v. Gawker...and a third)
Week 4: Towards a Digital Fourth Amendment (February 6th)
Topics
- Cell phone searches and location tracking
- Status of the "third party" doctrine
- Role of amicus and public interest groups in Supreme Court litigation
- Surveillance-limiting statutes
- Communications Act of 1934, Section 605
- The Wiretap Act (Title III of the 1968 Omnibus Crime Act)
- Prohibitions on interception, disclosure, and use
- Rules for government access
- Electronic Communications Privacy Act of 1986 ("ECPA")
- Prohibitions on access and disclosure
- Rules for government access ("(d) orders", subscriber info, PR/TT, NSLs)
Assignment
- Riley v. California (U.S. 2014), 443-51
- Carpenter v. United States (U.S. 2018)
- Visit Supreme Court website - No. 16-402 - What is the "Question Presented"?
- Read opinions below (all)
- Read Carpenter briefs (A-M)
- Read United States brief (N-Z)
- Visit EPIC Web Site - "Carpenter v. United States" - What is EPIC's interest?
- Consider - If you were clerking for the Chief Justice, what rule would you propose the Court adopt in this case?
- Wiretap Reports, 1171-72, 1240-41
- In re U.S. (W.D. Tex 2010), 1108-12
- Surveillance Liming Statutes, 1101-4
PRIVACY IN THE MODERN AGE
- Rotenberg, "EPIC: The First Twenty Years," 9-10
THE PRIVACY LAW SOURCEBOOK 2018
- Wiretap Act (Title III)
- Congressional findings - 300
- 18 U.S.C. § 2511 - 303
- ECPA
- Unlawful access 18 U.S.C. § 2701 - 334
- Voluntary disclosure 18 U.S.C. § 2702 - 335
- Required disclosure 18 U.S.C. § 2703 - 337
- Pen register definition 18 U.S.C. § 3127 - 357
Week 5: Privacy, the First Amendment, Anonymity, and Sensitive Data (February 13th)
Topics
- Anonymous speech
- Freedom of express and privacy revisited
- Compelled disclosure of identity as a privacy claim
- Publication of SSNs as Political speech
- Donor privacy
Assignment
PRIVACY LAW AND SOCIETY
- NAACP v. Alabama, 314-16
- Legacy of NAACP, 316-17
- IMS v. Sorrell, 335-36
- Doe v. Reed, 337-41
- McIntyre v. Ohio, 342-48
- Watchtower Bible, 348-54
- Hiibel v. Sixth Judicial District, 530-35, 573-74
- Ostergren v. Cuccinelli, 333-34
- Richards, Intellectual Property, 361-63
- Stanley v. Georgia, 363-66
- "Intellectual Privacy," 366-67
- Packingham v. North Carolina, 137 S. Ct. 1730 (2017)
PRIVACY IN THE MODERN AGE: THE SEARCH FOR SOLUTIONS
- Lewis, "Anonymity and Reason," 104-11
No classes (Feb 20th) Faculty retreat
Week 6: Privacy by Statute I: Government Databases (February 27th)
Topics
- Fair Information Practices
- The Privacy Act of 1974
- The Drivers Privacy Protection Act
- Statutory damages
Assignment
PRIVACY LAW AND SOCIETY
- Regulation by Statute, 753-59
- Fair Information Practices, 759-64
- Privacy Act, 766-69
- SSN, 779-80
- FAA v. Cooper (U.S. 2012) (Privacy Act damages), 781-85
- NASA v. Nelson, 787-89
- Note: Epilogue: Data Security in Government Agencies, 789-90
- Maracich v. Spears (U.S. 2013), 840-46
Week 7: Int'l Privacy Law I: Classic Frameworks (March 6th)
Topics
- Development of privacy as a fundamental human right
- Privacy frameworks
- Convergence and divergence among national laws
- Guidelines and law
- (Note that the complete texts of many of many of the legal instruments assigned for this week and next will be found in The Privacy Law Sourcebook.)
Assignment
PRIVACY LAW AND SOCIETY
- Introduction, 1297-1300
- UDHR, Article 12, 1300-02
- ICCPR, Article 17, 1302
- ECHR, Article 8, 1312
- International Privacy Frameworks 1387-88
- OECD Privacy Guidelines, 1388-91
- Council of Europe Convention, 1391-95
- UN Guidelines (1990), 1395-97
- EU Data Directive, 1397-1400
- Note: Rotenberg, "On International Privacy: A Path Forward for the US and Europe," 1560-61
PRIVACY IN THE MODERN AGE
- Anderson, "What Goes Around Comes Around," 27-31
- Davies, "Privacy Opportunities and Challenges with Europe's New Data Protection Regime," 55-60
No class (Mar 13th) Spring break
Week 8: Int'l Privacy Law II: Emerging Law and Institutions / Technology and Privacy (March 20th)
Topics
- Impact on global practices
- Data Protection Agencies
- Recent caselaw of the CJEU
- GDPR
Assignment
PRIVACY LAW AND SOCIETY
- European Charter on Fundamental Rights, Article 7 and 8, 1386-87
- Google v. Spain (CJEU 2014), 1520-50
- Application of Google v. Spain, 1550-54
- Schrems v. Data Protection Commissioner (CJEU 2015), 1449-85
- General Data Protection Regulation, 1561-62
- Rotenberg & Jacobs, "Updating the Law of Information Privacy: The New Framework of the European Union," Harvard Journal of Law and Public Policy (Spring 2013), 1557-60
- Visit website of Article 29 Working Party
- Madrid Declaration, 1575-77
THE PRIVACY LAW SOURCEBOOK 2018
PRIVACY IN THE MODERN AGE
- Irion, "Accountability Unchained: Bulk Data Retention, Preemptive Surveillance, and Transatlantic Data Protection," 78-92
Week 9: Privacy by Statute II: Private Sector Databases (March 27th)
Topics
- Application of Fair Information Practices to private businesses
- Statutory law as solution to privacy invasions
- Privacy law as dialogue between the courts and the legislature
- Cable subscriber privacy provisions
- Video Privacy Protection Act
- Emerging issues (Illinois biometric law, California law, GDPR)
Assignment
PRIVACY LAW AND SOCIETY
- Bartnicki v. Vopper (2001), 1142-49
- Joffe v. Google (9th Cir. 2013), 1163-71
- Video Privacy Protection Act (18 USC § 2710), 972-73
- Camfield v. City of Oklahoma (10th Cir. 2001), 976-78
- Dirkes v. Borough of Runnemede (N.J. 1996), 978-84
- Daniel v. Cantrell (6th Cir. 2004), 984-85
- Rodriguez v. Sony (9th Cir. 2015), 985-91
- Cable Privacy Subscriber provisions (47 U.S.C. § 551), 1082-83
- In re Netflix, 996-1004
Week 10: The Role of the Federal Trade Commission (April 3rd)
Topics
- Establishment of FTC
- FTC Statutory Authority
- FTC Section 5 UDTP Authority
- FTC investigation process
- FTC v. Wyndham, LabMD
- The FCC and other relevant agencies
Assignment
PRIVACY LAW AND SOCIETY
- Overview of FTC's Investigative and Law Enforcement Authority, 892-95
- "Facebook Settles FTC Charges That it Deceived Consumers by Failing to Keep Privacy Promises" (Nov. 29, 2011), 895-97
- "FTC Charges Deceptive Privacy Practices in Google's Rollout of Its Buzz Social Network" (Mar. 30, 2011), 897-99
- FTC v. Wyndham (3rd Cir. 2015), 903-14
- Note: The FTC'S Authority to Enforce Fair Information Practices, 914-16
- Telecommunications Act of 1996 (CPNI), 1084
- U.S. West v. FCC (10th Cir. 1999), 1084-89
- NCTA v. FCC (D.C. Cir. 2011), 1089-95
Week 11: Towards a Comprehensive Federal Privacy Law in the US (April 10th)
Topics
- Review existing privacy frameworks
- Public and private sector data protection laws
- Fundamental Rights issues
- Agency oversight
- Apply the Fair Information Practices to emerging privacy issues
Week 12: Aerial Surveillance, Drones, and the Future of Privacy (April 17th)
Topics
- Describing challenges
- Defining privacy
- Examining role of institutions
- Translating concerns into legal outcomes
Assignment
PRIVACY LAW AND SOCIETY
- California v. Ciraolo (1986), 418-21
- State v. Davis (N.M. 2015), 421-26
- Obama Executive Order on Drones (Feb. 15, 2015), 1285-90
- Privacy Petition to FAA (Feb. 12, 2012), 1290-91
- Note: EPIC v. FAA, Drones and Privacy Rules, 1291
- EPIC v. FAA (D.C. Cir. 2016)
PRIVACY IN THE MODERN AGE
- Ryan Calo, "Robot-Sized Gaps in Surveillance Law," 41-5
Week 13: Emerging Issues: IoT and Always On Devices (April 24th)
Topics
- Internet of Things
- Regulation of surreptitious recording (bugging)
- The problem of "always on" devices
- Cybersecurity risks associated with connected devices
Assignment
THE PRIVACY LAW SOURCEBOOK 2016
- Communications Act 47 U.S.C. § 605 - pp 36-40
- Wiretap Act (Title III)
- 18 U.S.C. § 2511 - pp 262-268
- ECPA
- Unlawful access 18 U.S.C. § 2701 - pp 285-86
- Voluntary disclosure 18 U.S.C. § 2702 - pp 286-88
- CalECPA (Cal. Sen. Bill No. 178)
PRIVACY LAW AND SOCIETY
- Internet of Things, 1291-95
- In re Genesis Toys
- EPIC, Samsung "SmartTV" Complaint
- Alan Butler, "Strict Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable to for Harm Caused by Connected Devices?" Mich. J. L. & Reform (2017)
- Bruce Schneier, "Your WiFi-connected thermostat can take down the whole Internet. We need new regulations," Wash. Post. (Nov. 3, 2016)
(Version: December 7, 2018)