Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Law.

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

The Law of Privacy Prof. Michael Madison – University of Pittsburgh School of Law – January 22, 2004 [1] What is privacy? [2] What law regulates privacy?
International Privacy Laws Ashley Michele Green Sensitive Information in a Wired World October 30, 2003.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
4.01 Foundational knowledge of promotion
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.
IS3350 Security Issues in Legal Context
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Fair Information Practice.
13.1 Chapter 13 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
CyLab Usable Privacy and Security Laboratory 1 Privacy Policy, Law and Technology Privacy Law September 9, 2010.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Intellectual Property.
Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Class 13 Internet Privacy Law European Privacy.
Invasion of Privacy – What you are (and are not) entitled to in the eyes of the law Image courtesy of privacy-please/
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods What.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Fair Information Practice.
The U.S. Approach to Consumer Protection in the Online World U.S. Presentation FTAA Joint Government Private Sector Committee on Electronic Commerce 13th.
The Privacy Torts Public Disclosure of a Private Fact Intrusion False Light Appropriation.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
CHAPTER Cybertorts, Privacy, and Government Regulation Cybertorts, Privacy, and Government Regulation 11.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
Notes for Discussion on a Privacy Practice © Joe Cleetus.
Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
The Right to Privacy Jody Blanke, Professor Computer Information Systems and Law.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS Regulatory Law Michael I. Shamos, Ph.D., J.D. Institute for Software Research School of.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Federal Agencies and Laws for Consumer Rights
14.1 Chapter 14 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
Privacy Jody Blanke Distinguished Professor of Computer Information Systems and Law Mercer University.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
COMMUNICATION LAW Chapter 20. Communication Law Preview Libel— –Libel is defamation (injury to someone’s reputation) by written words or by communication.
Essentials Of Business Law Chapter 27 Conducting Business In Cyberspace McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.
Privacy Policy Issues & Pages Amy Reese INF385E Information Architecture and Design 1 UT iSchool 21 September 2004.
Jody Blanke, Professor Computer Information Systems and Law 1.
Cyberlaw. “The moving finger writes; and, having writ Moves on: nor all thy piety nor wit Shall lure it back to cancel half a line. Nor all thy tears.
Public Communications Law Lecture 9 Slide 1 Commercial Speech and the First Amendment Commercial speech (advertising products, etc.) does enjoy certain.
Human Subjects Update E. Wethington, Chair, UCHS.
Keeping Secrets: An Overview of Privacy Considerations in recent Legislation David W Houser, CISSP ISSA Delaware Valley Chapter March 2003 Lockheed Martin.
CHAPTER SIXTEEN The Right to Privacy and Other Protections from Employer Intrusions.
Privacy. Some Web Science Issues Kieron O’Hara 29 November 2011.
Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.
6 BANK LOANS 6.1 Consumer Loans 6.2 Granting and Analyzing Credit
Privacy and the Law.
Surveillance around the world
CHAPTER 24 Laws of Debtor--Creditor Relations and Consumer Protection
Federal Agencies and Laws for Consumer Rights
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Information Governance and Data Privacy: A World of Risk
The Law of Journalism & Mass Communication
Employee Privacy and Privacy of Employee Information
General Date Protection Regulation
Legal Terms electronic commerce (p. 284) electronic signature (p.286)
Chapter 23 Government Regulation and Administrative Law
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Law September 13, 2007

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 2 September 17 is Constitution Day

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 3 The Bill of Rights ddocs/billeng.htm ddocs/billeng.htm

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 4 Privacy laws around the world Privacy laws and regulations vary widely throughout the world US has mostly sector-specific laws, with relatively minimal protections - often referred to as “patchwork quilt” Federal Trade Commission has jurisdiction over fraud and deceptive practices Federal Communications Commission regulates telecommunications European Data Protection Directive requires all European Union countries to adopt similar comprehensive privacy laws that recognize privacy as fundamental human right Privacy commissions in each country (some countries have national and state commissions) Many European companies non-compliant with privacy laws (2002 study found majority of UK web sites non-compliant)

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 5 US law basics Constitutional law governs the rights of individuals with respect to the government Tort law governs disputes between private individuals or other private entities Congress and state legislatures adopt statutes Federal agencies can adopt regulations which are equivalent to statutes, as long as they don’t conflict with statute

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 6 US Constitution No explicit privacy right, but a zone of privacy recognized in its penumbras, including 1st amendment (right of association) 3rd amendment (prohibits quartering of soldiers in homes) 4th amendment (prohibits unreasonable search and seizure) 5th amendment (no self-incrimination) 9th amendment (all other rights retained by the people) Penumbra: “fringe at the edge of a deep shadow created by an object standing in the light” (Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut)

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 7 Federal statutes and state laws Federal statutes Tend to be narrowly focused State law State constitutions may recognize explicit right to privacy (Georgia, Hawaii) State statutes and common (tort) law Local laws and regulations (for example: ordinances on soliciting anonymously)

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 8 Four aspects of privacy tort You can sue for damages for the following torts (Smith 2000, p ) Disclosure of truly intimate facts  May be truthful  Disclosure must be widespread, and offensive or objectionable to a person of ordinary sensibilities  Must not be newsworthy or legitimate public interest False light  Personal information or picture published out of context Misappropriation (or right of publicity)  Commercial use of name or face without permission Intrusion into a person’s solitude

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 9 The Authority of the FTC Federal Trade Commission deals with consumer protection Section 5 of the FTC Act allows the FTC to bring action against any “unfair or deceptive trade practice” Deceptive = false or misleading claims Unfair = commercial conduct that causes substantial injury that consumers can’t reasonable avoid, without offsetting benefits FTC can also enforce certain laws FTC does not have jurisdiction over certain industries, for example financial FTC action does not preclude state action FTC may work with companies to resolve problems informally or launch a formal enforcement action May result in consent decree and/or fines

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 10 How does the law regulate privacy? Law may require waiving privacy interests Law may enforce privacy interests Typically, the law identifies relevant privacy interests to protect, identifies relevant interests supporting disclosure, and tries to balance both sets of issues in a single resolution

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 11 Difficult legal problems Can an individual “own” (and therefore sell) his or her own privacy rights? Should the default assumption be “protect the privacy interest” or “compel waiver of the privacy interest”? When should the law defer to informal or social norms, or to technological barriers or solutions?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 12 Some US privacy laws Bank Secrecy Act, 1970 Fair Credit Reporting Act, 1971 Privacy Act, 1974 Right to Financial Privacy Act, 1978 Cable TV Privacy Act, 1984 Video Privacy Protection Act, 1988 Family Educational Right to Privacy Act, 1993 Electronic Communications Privacy Act, 1994 Freedom of Information Act, 1966, 1991, 1996

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 13 US law – recent additions HIPAA (Health Insurance Portability and Accountability Act, 1996) When implemented, will protect medical records and other individually identifiable health information COPPA (Children‘s Online Privacy Protection Act, 1998) Web sites that target children must obtain parental consent before collecting personal information from children under the age of 13 GLB (Gramm-Leach-Bliley-Act, 1999) Requires privacy policy disclosure and opt-out mechanisms from financial service institutions

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 14 Safe harbor Membership US companies self-certify adherence to requirements Dept. of Commerce maintains signatory list Signatories must provide  notice of data collected, purposes, and recipients  choice of opt-out of 3rd-party transfers, opt-in for sensitive data  access rights to delete or edit inaccurate information  security for storage of collected data  enforcement mechanisms for individual complaints Approved July 26, 2000 by EU reserves right to renegotiate if remedies for EU citizens prove to be inadequate

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 15 Data protection agencies Australia: Canada: France: Germany: Hong Kong: Italy: Spain: Switzerland: UK: … And many more

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.