Author

This Article explores the relationship between the First Amendment and criminal procedure. These two domains of constitutional law have long existed as separate worlds, rarely interacting with each other despite the fact that many instances of government information gathering can implicate First Amendment freedoms of speech, association, and religion. The Fourth and Fifth Amendments used to provide considerable protection for First Amendment interests, as in the famous 1886 case Boyd v. United States, in which the Supreme Court held that the government was prohibited from seizing a person’s private papers. Over time, however, Fourth and Fifth Amendment protection has shifted, and countless searches and seizures involving people’s private papers, the books they read, the websites they surf, and the pen names they use when writing anonymously now fall completely outside the protection of constitutional criminal procedure. Professor Solove argues that the First Amendment should protect against government information gathering that implicates First Amendment interests. He contends that there are doctrinal, historical, and normative justifications for developing what he calls “First Amendment criminal procedure.” Solove sets forth an approach for determining when certain instances of government information gathering fall within the regulatory domain of the First Amendment and what level of protection the First Amendment should provide.

Personally identifiable information (PII) is one of the most central concepts in
information privacy regulation. The scope of privacy laws typically turns on
whether PII is involved. The basic assumption behind the applicable laws is that if
PII is not involved, then there can be no privacy harm. At the same time, there is no
uniform definition of PII in information privacy law. Moreover, computer science
has shown that in many circumstances non-PII can be linked to individuals, and
that de-identified data can be re-identified. PII and non-PII are thus not immutable
categories, and there is a risk that information deemed non-PII at one time can be
transformed into PII at a later juncture. Due to the malleable nature of what constitutes
PII, some commentators have even suggested that PII be abandoned as the
mechanism by which to define the boundaries of privacy law.
In this Article, we argue that although the current approaches to PII are flawed, the
concept of PII should not be abandoned. We develop a new approach called “PII
2.0,” which accounts for PII’s malleability. Based upon a standard rather than a
rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information
that relates to either an “identified” or “identifiable” individual, and it establishes
different requirements for each category. To illustrate this theory, we use the
example of regulating behavioral marketing to adults and children. We show how
existing approaches to PII impede the effective regulation of behavioral marketing,
and how PII 2.0 would resolve these problems.