Symposium Articles

The War on Terror is far more than a domestic project aimed to deter terrorism and shore up national security. The War’s policy, strategy, and accompanying epistemology, since its very inception, created opportunities for other nation states to initiate—or expand existing—domestic programs that conflated Muslim identity with terror suspicion. In turn, adopting the fundamental presumption of the War on Terror that drove American Islamophobia, feeds state-sponsored Islamophobia in states where the War on Terror was formally adopted.

This Article theorizes how Islamophobia is exported by way of the American-spearheaded War on Terror, and how it fed and still facilitates the structural Islamophobic policies in China and India—where the host governments are unleashing two of the most ominous systems of Islamophobia in the world. While led by the United States, the War on Terror gradually became a global crusade, whereby states across the world found an opportune moment to persecute and punish their own Muslim populations to achieve their ends.

 

Public schools in America remain deeply segregated by race, with devastating effects for Black and Latinx students. While residential segregation is a critical driver of school segregation, the prevalence of screened admissions practices can also play a devastating role in driving racial segregation in public schools. New York City, one of the most segregated school systems in America, is unique in its extensive reliance on screened admissions practices, including the use of standardized tests, to assign students to sought-after public schools. These screens persist despite their segregative impact in part because they appeal to America’s embrace of the idea of meritocracy. This Article argues that Americans embrace three conceptions of merit which shield these screens from proper scrutiny. The first is individual merit—the idea that students with greater ability or achievement deserve access to better schools. The second is systems merit—the idea that poor student performance on an assessment is a failure of the system that prepared the student for the assessment. The third is group merit—the idea that members of some groups simply possess less ability. Each of these ideas has a pernicious impact on perpetuating racial inequality in public education.

 

There is emerging consensus that various components of the criminal legal system have gone too far in capturing and punishing masses of Black men, women, and children. This evolving recognition has helped propel important and pathbreaking criminal legal reforms in recent years, with significant bipartisan support. These reforms have targeted the criminal legal system itself. They strive to address the pain inflicted by the system. However, by concerning themselves solely with the criminal legal system, these reforms do not confront the reality that Black men, women, and children will continue to be devastatingly overrepresented in each stitch of the system. As a result, these reforms do not reach deeply enough. They do not address or confront the reality that simply being Black has been and will continue to be criminalized.

This Article asserts that measures beyond these reforms—measures that reach the root of racial criminalization—are necessary for true criminal legal system transformation.

 

In this Article we argue that data sharing is an activity that sits at the crossroads of privacy concerns and the broader challenges of data governance surrounding access and use. Using the Sidewalk Toronto “smart city” proposal as a starting point for discussion, we outline these concerns to include resistance to data monopolies, public control over data collected through the use of public infrastructure, public benefit from the generation of intellectual property, the desire to broadly share data for innovation in the public interest, social—rather than individual— surveillance and harms, and that data use be held to standards of fairness, justice, and accountability. Data sharing is sometimes the practice that generates these concerns and sometimes the practice that is involved in the solution to these concerns.

Our safe sharing site approach to data sharing focuses on resolving key risks associated with data sharing, including protecting the privacy and security of data subjects, but aims to do so in a manner that is independent of the various legal contexts of regulation and governance. Instead, we propose that safe sharing sites connect with these different contexts through a legal interface consisting of a registry that provides transparency in relation to key information that supports different forms of regulation. Safe sharing sites could also offer assurances and auditability regarding the data sharing, further supporting a range of regulatory interventions. It is therefore not an alternative to these interventions but an important tool that can enable effective regulation.

A central feature of a safe sharing site is that it offers an alternative to the strategy of de-identifying data and then releasing it, whether within an “open data” context or in a more controlled environment. In a safe sharing site, computations may be performed on the data in a secure and privacy-protective manner without releasing the raw data, and all data sharing is transparent and auditable. Transparency does not mean that all data sharing becomes a matter of “public” view, but rather that there is the ability to make these activities visible to organizations and regulators in appropriate circumstances while recognizing the potential confidentiality interests in data uses.

In this way, safe sharing sites facilitate data sharing in a manner that manages the complexities of sharing while reducing the risks and enabling a variety of forms of governance and regulation. As such, the safe sharing site offers a flexible and modular piece of legal-technical infrastructure for the new economy.

In recent years there have been increasing calls by patient advocates, health law scholars, and would-be data intermediaries to recognize personal property interests in individual health information (IHI). While the propertization of IHI appeals to notions of individual autonomy, privacy, and distributive justice, the implementation of a workable property system for IHI presents significant challenges. This Article addresses the issues surrounding the propertization of IHI from a property law perspective. It first observes that IHI does not fit recognized judicial criteria for recognition as personal property, as IHI defies convenient definition, is difficult to possess exclusively, and lacks justifications for exclusive control. Second, it argues that if IHI property were structured along the lines of traditional common law property, as suggested by some propertization advocates, prohibitive costs could be imposed on socially valuable research and public health activity and IHI itself could become mired in unanticipated administrative complexities. Third, it discusses potential limitations and exceptions on the scope, duration, and enforceability of IHI property, both borrowed from intellectual property law and created de novo for IHI.

Yet even with these limitations, inherent risks arise when a new form of property is created. When owners are given broad rights of control, subject only to enumerated exceptions that seek to mitigate the worst effects of that control, constitutional constraints on governmental takings make the subsequent refinement of those rights difficult if not impossible, especially when rights are distributed broadly across the entire population. Moreover, embedding a host of limitations and exceptions into a new property system simply to avoid the worst effects of propertization begs the question whether a property system is needed at all, particularly when existing contract, privacy, and anti-discrimination rules already exist to protect individual privacy and autonomy in this area. It may be that one of the principal results of propertizing IHI is enriching would-be data intermediaries with little net benefit to individuals or public health. This Article concludes by recommending that the propertization of IHI be rejected in favor of sensible governmental regulation of IHI research coupled with existing liability rules to compensate individuals for violations of their privacy and abusive conduct by data handlers.

Is contracting for the collection, use, and transfer of data like contracting for the sale of a horse or a car or licensing a piece of software? Many are concerned that conventional principles of contract law are inadequate when some consumers may not know or misperceive the full consequences of their transactions. Such concerns have led to proposals for reform that deviate significantly from general rules of contract law. However, the merits of these proposals rest in part on testable empirical claims. We explore some of these claims using a hand-collected data set of privacy policies that dictate the terms of the collection, use, transfer, and security of personal data. We explore the extent to which those terms differ across markets before and after the adoption of the General Data Protection Regulation (GDPR). We find that compliance with the GDPR varies across markets in intuitive ways, indicating that firms take advantage of the flexibility offered by a contractual approach even when they must also comply with mandatory rules. We also compare terms offered to more and less sophisticated subjects to see whether firms may exploit information barriers by offering less favorable terms to more vulnerable subjects.

In previous work, I wrote about how trade secrecy drives the plot of Roald Dahl’s novel Charlie and the Chocolate Factory, explaining how the Oompa-Loompas are the ideal solution to Willy Wonka’s competitive problems. Since publishing that piece I have been struck by the proliferating Oompa-Loompas in contemporary life: computing machines filled with software and fed on data. These computers, software, and data might not look like Oompa-Loompas, but they function as Wonka’s tribe does: holding their secrets tightly and internally for the businesses for which these machines are deployed.

Computing machines were not always such effective secret-keeping Oompa Loompas. As this Article describes, at least three recent shifts in the computing industry—cloud computing, the increasing primacy of data and machine learning, and automation—have turned these machines into the new Oompa-Loompas. While new technologies enabled this shift, trade secret law has played an important role here as well. Like other intellectual property rights, trade secret law has a body of built-in limitations to ensure that the incentives offered by the law’s protection do not become so great that they harm follow-on innovation—new innovation that builds on existing innovation—and competition. This Article argues that, in light of the technological shifts in computing, the incentives that trade secret law currently provides to develop these contemporary Oompa-Loompas are excessive in relation to their worrisome effects on follow-on innovation and competition by others. These technological shifts allow businesses to circumvent trade secret law’s central limitations, thereby overfortifying trade secrecy protection. The Article then addresses how trade secret law might be changed—by removing or diminishing its protection—to restore balance for the good of both competition and innovation.

With data rapidly becoming the lifeblood of the global economy, the ability to improve its use significantly affects both social and private welfare. Data standardization is key to facilitating and improving the use of data when data portability and interoperability are needed. Absent data standardization, a “Tower of Babel” of different databases may be created, limiting synergetic knowledge production. Based on interviews with data scientists, this Article identifies three main technological obstacles to data portability and interoperability: metadata uncertainties, data transfer obstacles, and missing data. It then explains how data standardization can remove at least some of these obstacles and lead to smoother data flows and better machine learning. The Article then identifies and analyzes additional effects of data standardization. As shown, data standardization has the potential to support a competitive and distributed data collection ecosystem and lead to easier policing in cases where rights are infringed or unjustified harms are created by data-fed algorithms. At the same time, increasing the scale and scope of data analysis can create negative externalities in the form of better profiling, increased harms to privacy, and cybersecurity harms. Standardization also has implications for investment and innovation, especially if lock-in to an inefficient standard occurs. The Article then explores whether market-led standardization initiatives can be relied upon to increase welfare, and the role governmental-facilitated data standardization should play, if at all.

EU data protection law is playing an increasingly prominent role in today’s global technological environment. The cornerstone of EU law in this area, the General Data Protection Regulation (GDPR), is now widely regarded as a privacy law not just for the EU, but for the world. In the conventional wisdom, the EU has become the world’s privacy cop, acting in a unilateral fashion and exercising de facto influence over other nations through its market power. Yet, understanding the forces for convergence and divergence in data privacy law demands a more nuanced account of today’s regulatory environment.

In contrast to the established narrative about EU power, this Article develops a new account of the diffusion of EU data protection law. It does so through case studies of Japan and the United States that focus on how these countries have negotiated the terms for international data transfers from the EU. The resulting account reveals the EU to be both collaborative and innovative.

Three important lessons follow from the case studies. First, rather than exercising unilateral power, the EU has engaged in bilateral negotiations and accommodated varied paths for non-EU nations to meet the GDPR’s “adequacy” requirement for international data transfers. Second, while the adequacy requirement did provide significant leverage in these negotiations, it has been flexibly applied throughout its history. Third, the EU’s impressive regulatory capacity rests on a complex interplay of institutions beyond the European Commission. Not only are there a multiplicity of policy and lawmaking institutions within the EU, but the EU has also drawn on non-EU privacy innovations and involved institutions from non-EU countries in its privacy policymaking.

Finally, this Article identifies two overarching factors that have promoted the global diffusion of EU data protection law. The first such factor regards legal substance. Public discourse on consumer privacy has evolved dramatically, and important institutions and prominent individuals in many non-EU jurisdictions now acknowledge the appeal of EU-style data protection. Beyond substance, the EU has benefited from the accessibility of its omnibus legislative approach; other jurisdictions have been drawn to the EU’s highly transplantable legal model. In short, the world has weighed in, and the EU is being rewarded for its success in the marketplace of regulatory ideas.

As the federal campaign finance laws have withered, leading to the rise of super PACs and other forms of largely unregulated spending, the parties have remained subject to stringent legal restrictions and must contend with other factors adverse to their competitive position in the electoral landscape. Certain of the limitations they have encountered affect their ability to fund, control, and manage core institutional functions. One such function is the conduct of presidential debates, now largely financed, planned, and operated by the news media organizations and nonprofit organizations. The candidates, especially front-running candidates and party nominees, also have some say in the conduct of debates. But the parties occupy the periphery of these major campaign events that bear directly on how they present themselves and showcase their candidates to the electorate. Empowering parties through modest legal reforms to play more of a role in the debate process would be one limited but potentially important step in bolstering their standing and capabilities.