Cyber & Privacy
Topics
We live in a society in which personal information is increasingly entrusted to third parties in exchange for innovative new services. This creates both an opportunity for bad actors to steal sensitive information and a risk that this information will be misused or leaked. What is the most effective way to balance these risks against the innovation the data economy provides? Is there a role for federal regulatory agencies in this area?
Potential Constitutional Conflicts in State and Local Data Privacy Regulations
This paper lays out a set of constitutional concerns pertaining to certain new state and local regulations on data privacy. Do these new rules impinge on free speech, violate the dormant commerce clause, or are they preempted by other federal laws?
Read this paperWhen Considering Federal Privacy Legislation
In this paper, Neil Chilson explores modern conceptions of privacy, examines methods of protecting privacy, and offers recommendations for those considering legislative privacy proposals.
Read this paperThe GDPR and the Consequences of Big Regulation
In this paper, Matthew Heiman provides a brief overview of the EU’s General Data Privacy Regulation (GDPR), discusses how the GDPR differs from previous European privacy laws, and highlights six consequences of the GDPR for companies and consumers worldwide.
Read this paperModern Privacy Advocacy: An Approach at War with Privacy Itself?
In this paper, Justin “Gus” Hurwitz and Jamil Jaffer paper argue that there is a fundamental incoherence both of privacy as a concept and the modern debates around that concept, and that this incoherence leads privacy advocates to “take positions that while appearing on the surface to protect privacy actually serve to undermine it (or aspects of it) in the long-run.”
Read this paperRegulators in Cyberia
The authors of this paper discuss the negative and sometimes unintended consequences that regulations can have on America’s most dynamic and fastest growing industry: the technology sector.
Read this paperAssessing the Federal Data Privacy Landscape: A Discussion of the American Privacy Rights Act
Congress has been working on comprehensive federal data privacy legislation for decades without reaching agreement. But the finish line may…
Listen to this podcastCourthouse Steps Oral Argument: Murthy v. Missouri
Murthy v. Missouri, originally filed as Missouri v. Biden, concerns whether federal government officials had violated the First Amendment by…
Listen to this podcast[Webinar] Transatlantic Debate: Evaluating the EU-US Data Privacy Framework
In October 2022, President Biden issued an executive order regarding the European Union – U.S. Data Privacy Framework. The Framework…
Listen to this podcast[Webinar] Liability in the Digital Ecosystem: A Conversation on Biden’s New National Cybersecurity Strategy
In the past several months, President Biden released a new national cybersecurity strategy. As part of that strategy, the Administration…
Listen to this podcastTech Roundup Episode 19 – Should TikTok Be Banned? A Conversation on Free Speech, National Security, State Actors, and State Actions
Following concerns about the information collected by and influence of the immensely popular Chinese-owned social media app TikTok, debates have…
Listen to this podcastDeep Dive Episode 265 – A Discussion on Central Bank Digital Currencies and the Future of Financial Privacy
Experts explore central bank digital currencies (CBDCs) and the ongoing debates over financial privacy, especially in relation to use of cryptocurrencies and other software privacy tools.
Listen to this podcastDeep Dive Episode 259 – AI & Antidiscrimination: AI Entering the Arena of Labor & Employment Law [Panel Discussion]
AI is increasingly used both in the public and private sectors for facial recognition, dataset analysis, risk and performance predictions, and much more, though how companies use it and the actual input it has can be unclear. At an in-person luncheon, an expert panel discussed the tensions surrounding the issues of AI and employment law.
Listen to this podcastDeep Dive Episode 258 – AI & Antidiscrimination: AI Entering the Arena of Labor & Employment Law [Keynote Address]
At an in-person luncheon, EEOC Commissioner Keith Sonderling delivered a keynote address on issues concerning AI’s entrance into the Labor and Employment space.
Listen to this podcastExplainer Episode 50 – FTC on Privacy: The Statutory Authority Behind the Plan
Last November, the Federal Trade Commission accepted comments on its proposal to start a rulemaking related to “Commercial Surveillance” – the agency’s newly minted term for any and all business use of data about customers.
Listen to this podcastDeep Dive Episode 251 – FTC: Cost/Benefit Analysis of Proposed Rules – A Deeper Dive
A panel of experts explore how a federal agency undertakes the cost-benefit analysis for proposed rules, comparing independent agencies to those subject to OIRA review, and provide practical tips for lawyers and economists working on agency rulemaking comments.
Listen to this podcastExplainer Episode 44 – The Implications of AI Innovation and Regulation
Technology and data privacy experts discuss the evolving landscape of artificial intelligence, machine learning, and what these new technologies mean for existing and future policy and technology innovation.
Listen to this podcastDeep Dive Episode 237 – Private Rights of Action in Data Policy Settlements
In this podcast, experts discuss the implications of data privacy laws for businesses and consumers.
Listen to this podcastDeep Dive Episode 235 – A Discussion on the US-EU Trans-Atlantic Data Privacy Framework
In this podcast, experts discuss the efficacy of the new Trans-Atlantic Data Privacy Framework.
Listen to this podcastDeep Dive Episode 234 – Dobbs and the Potential Implications for Data Privacy
In this podcast, experts discuss the potential impact of the Dobbs decision on data privacy.
Listen to this podcastDeep Dive Episode 213 – After California and Virginia, What’s Next? Examining the State of State Data Privacy Legislation
What might new and upcoming state data privacy laws mean for consumers and companies, both large and small?
Listen to this podcastDeep Dive Episode 195 – President Biden’s Executive Order on Foreign-Controlled Apps
An expert panel breaks down Biden’s executive order on foreign-controlled apps and its implications for relations between the United States and its foreign adversaries.
Listen to this podcastDeep Dive Episode 182 – Cybersecurity Threats and the Regulatory Response
Stewart Baker and Tatyana Bolton trade insights on the Biden administration’s potential policy responses to the cybersecurity threats facing the United States.
Listen to this podcastDeep Dive Episode 179 – Artificial Intelligence and Bias
Experts discuss concerns about artificial intelligence systems’ potential biases against racial minorities and other identity groups.
Listen to this podcastDeep Dive Episode 163 – Shapers of Cyber Speech: Silicon Valley and American Discourse
Experts debate the pros and cons of regulatory proposals aimed at curbing social media content moderation.
Listen to this podcastDeep Dive Episode 147 – The State of State Data Privacy Laws Post-2020 Election
An expert panel discusses what state data privacy actions mean for the debates surrounding data privacy as well as what might be anticipated in the next sessions of Congress and state legislatures.
Listen to this podcastDeep Dive Episode 141 – Interoperability and Data Sharing: An Antitrust Remedy in Search of a Market Problem?
An expert panel discusses the use of portability and interoperability mandates in competition law.
Listen to this podcastDeep Dive Episode 139 – Implications of Data Portability: A Consumer Protection Tool or Burden?
An expert panel discusses the consumer protection and privacy implications of data portability.
Listen to this podcastDeep Dive Episode 123 – Antitrust Investigations into Big Tech Companies
This live podcast explores what investigations into big tech tell us about innovation and antitrust, as well as the current concerns regarding these firms’ market power and conduct.
Listen to this podcastDeep Dive Episode 117 – How to Approach Data Collection and Breaches in the Age of COVID-19
What are the data privacy and security implications for widespread data collection for COVID-19 contact tracing? Drew Bagley, Neil Chilson, and Roger Klein discuss.
Listen to this podcastDeep Dive Episode 115 – Public-Private Partnerships: The Future of Cybersecurity?
Are public-private partnerships the best way to fight cybercrime? If not, can the government alone protect the nation from cybercrime? If these partnerships are the way of the future, how could they be improved? Dmitri Alperovitch and Jamil Jaffer discuss these important questions and more.
Listen to this podcastDeep Dive Episode 114 – Is Artificial Intelligence Biased? And What Should We Do About It?
It’s not hard to find patterns in AI decisions that have a disparate impact on protected groups. Is this bias? And if so, whose? Stewart Baker, Curt Levey, and Nicholas Weaver discuss.
Listen to this podcastExplainer Episode 14 – Options for Data Privacy Enforcement
How can data privacy enforcement provide clarity for businesses while protecting the public from harm? What might be the best enforcment options available to the FTC and state attorneys general going forward? Jennifer Huddleston and Ian Adams discuss.
Listen to this podcastExplainer Episode 13 – COVID-19 Contact-Tracing and Data Privacy
In this episode, Jennifer Huddleston and Brent Skorup discuss how contact-tracing might work here, what privacy concerns it might involve, and what it means for data privacy going forward.
Listen to this podcastDeep Dive Episode 109 – Regulating by Consent Agreement: Examining FTC’s YouTube Settlement and Beyond
This episode explores FTC settlements and consent decrees, including the YouTube case and what it means for FTC enforcement going forward.
Listen to this podcastDeep Dive Episode 106 – Should Big Tech Platforms Be Viewpoint Neutral? Should the Government Care?
On March 4, 2020, the Regulatory Transparency Project sponsored a symposium with the University of Pennsylvania Federalist Society student chapter. This episode features audio from the second panel.
Listen to this podcastDeep Dive Episode 103 – Ajit Pai: The FCC and the Pandemic
Listen as Federal Communications Commission Chairman Ajit Pai discusses how the FCC is addressing the COVID-19 pandemic. What measures has the FCC taken to date, and what is planned in the future?
Listen to this podcastDeep Dive Episode 95 – Update on FISA Reauthorization and Reform
In this episode, Ashley Baker and Nathan Leamer discuss the mechanics and processes of FISA, recent controversies, and issues Congress will consider as it determines whether and how to renew these key provisions.
Listen to this podcastExplainer Episode 11 – GDPR Compliance and Cybersecurity Concerns
In this episode, Ashley Baker and Neil Chilson discuss the implications for data security under recently-enacted privacy laws.
Listen to this podcastDeep Dive Episode 86 – Amazon’s Case Against Trump
Dan Kelly, Alexander Major and Franklin Turner, nationally recognized commentators and practitioners in the federal bid protest arena, unpack what we know about Amazon’s case, and discuss the possible grounds, laws and regulations governing mandates for competitive contracting by federal agencies.
Listen to this podcastExplainer Episode 9 – Biometric Information Privacy Act
This episode explores the implications of private rights of action under laws like Illinois’ Biometric Information Privacy Act. Are the paramaters around these private rights of action too vague and susceptible to abuse? Experts discuss this question and more.
Listen to this podcastExplainer Episode 7 – Carpenter v. United States
In this episode, Ashley Baker and Jennifer Huddleston discuss the implications of the famous privacy case, in which the Supreme Court decided that the warrant-less seizure of the plaintiff’s cell phone records violated his Fourth Amendment rights.
Listen to this podcastExplainer Episode 6 – Regulating Biometric Access Technologies
With emerging debates around facial recognition technology, the issue of regulating biometric access technologies has become more prominent. San Francisco, notably, has banned government use of facial recognition, and states like Illinois and Texas have also begun more aggressive regulations on biometrics. The implications of these technologies and the rules to limit their use with regard to civil liberties are explored and explained in this podcast.
Listen to this podcastDeep Dive Episode 75 – Spectrum Wars
Is there a clear and coherent path forward on the assignment or repurposing of spectrum? Perhaps as importantly, who has the authority and expertise to decide?
Listen to this podcastDeep Dive Episode 72 – The Net Neutrality Saga: Mozilla v. FCC
In this episode, a panel of legal and economic experts share their views of the court’s reasoning and of the implications of this Mozilla v FCC case upon the on-going net neutrality debate.
Listen to this podcastDeep Dive Episode 68 – Challenges in Regulating Cybersecurity at the Department of Defense
In this episode, experts in cyber-security law discuss the implications of recent changes to the internal rules that govern the information systems of contractors in the DoD supply chain.
Listen to this podcastDeep Dive Episode 41 – General Data Protection Regime & California Consumer Privacy Act
In this episode, Anna Hsia, Chris Riley, Gus Hurwitz, Thomas Hazlett, and Matthew R.A. Heiman discuss the implications of internet privacy legislation on innovation, small businesses, and consumer protection.
Listen to this podcastDeep Dive Episode 35 – Examining the California Consumer Privacy Act
Justin “Gus” Hurwitz (University of Nebraska College of Law), Eric Goldman (Santa Clara University School of Law), and Lindsey L. Tonsager (Covington & Burling) discuss the substance of the California Consumer Privacy Act (including recent amendments), the process that led to its enactment, and how it is likely to affect future privacy regulation in the United States.
Listen to this podcastDeep Dive Episode 34 – Net Neutrality and Federalism
Justin “Gus” Hurwitz (University of Nebraska College of Law), Brent Skorup (Mercatus Center), and Geoffrey A. Manne (International Center for Law & Economics) discuss questions surrounding recent state efforts to enforce net neutrality principles after the FCC’s decision in 2017 to eliminate common carrier regulations.
Listen to this podcastDeep Dive Episode 32 – What to do about Facebook: On Data Privacy and the Future of Tech Regulation
Matthew R. A. Heiman (National Security Institute), Thomas Hazlett (Clemson University), Jamil N. Jaffer (National Security Institute), and Megan Stifel (Atlantic Council) discuss Facebook, data privacy, and the future of tech regulation.
Listen to this podcastDeep Dive Episode 15 – Exploring Net Neutrality and the Implications of Repeal
Brent Skorup (Mercatus Center) discusses the history of the net neutrality movement, the 2015 rules, the First Amendment issues at stake, and the effect of repealing the rules.
Listen to this podcastDeep Dive Episode 14 – Discussion on the Wassenaar Arrangement
Stewart Baker (Steptoe & Johnson), Alan Cohn (Steptoe & Johnson), and Matthew R. A. Heiman (Johnson Controls) discuss the Wassenaar Arrangement, which governs international export controls for “intrusion software,” and its regulatory effects.
Listen to this podcastDeep Dive Episode 7 – IoT: Rise of the Machines?
Paul Rosenzweig (Red Branch Law & Consulting) and Suhail A. Khan (Microsoft) discuss the Internet of Things, the risks it potentially poses, and the role of government in mitigating these risks.
Listen to this podcastDeep Dive Episode 5 – LabMD v. FTC: A David Against Goliath Story
Justin “Gus” Hurwitz (Nebraska College of Law) and Michael Daugherty (LabMD) discuss Michael’s experience defending his medical testing lab against allegations by the FTC that it had deficient cybersecurity practices.
Listen to this podcastAssessing the Federal Data Privacy Landscape: A Discussion of the American Privacy Rights Act
Congress has been working on comprehensive federal data privacy legislation for decades without reaching agreement. But the finish line may…
Watch this videoCourthouse Steps Oral Argument: Murthy v. Missouri
Murthy v. Missouri, originally filed as Missouri v. Biden, concerns whether federal government officials had violated the First Amendment by…
Watch this video[Webinar] Transatlantic Debate: Evaluating the EU-US Data Privacy Framework
In October 2022, President Biden issued an executive order regarding the European Union – U.S. Data Privacy Framework. The Framework…
Watch this video[Webinar] Liability in the Digital Ecosystem: A Conversation on Biden’s New National Cybersecurity Strategy
In the past several months, President Biden released a new national cybersecurity strategy. As part of that strategy, the Administration…
Watch this videoA Discussion on Central Bank Digital Currencies and the Future of Financial Privacy
In this webinar, experts explore central bank digital currencies (CBDCs) and the ongoing debates over financial privacy, especially in relation to use of cryptocurrencies and other software privacy tools.
Watch this videoAI & Antidiscrimination: AI Entering the Arena of Labor & Employment Law [Panel Discussion]
What statutes and regulations apply to AI, and do the existing legal and regulatory frameworks concerning anti-discrimination in labor and employment suffice to address the novel nature of AI?
Watch this videoAI & Antidiscrimination: AI Entering the Arena of Labor & Employment Law [Keynote Address]
At an in-person luncheon, EEOC Commissioner Keith Sonderling delivered a keynote address on issues concerning AI’s entrance into the Labor and Employment space.
Watch this videoAI & Antidiscrimination: AI Entering the Arena of Labor & Employment Law
What statutes and regulations apply to AI, and do the existing legal and regulatory frameworks concerning anti-discrimination in labor and employment suffice to address the novel nature of AI?
Watch this videoFTC: Cost/Benefit Analysis of Proposed Rules – A Deeper Dive
Although primarily an enforcement agency, the Federal Trade Commission (FTC) has issued a historic number of proposed rules over the…
Watch this videoPrivate Rights of Action in Data Policy Settlements
In this webinar, experts discuss the implications of data privacy laws for businesses and consumers.
Watch this videoA Discussion on the US-EU Trans-Atlantic Data Privacy Framework
In this webinar, experts discuss the efficacy of the new Trans-Atlantic Data Privacy Framework.
Watch this videoDobbs and the Potential Implications for Data Privacy
In this webinar, experts discuss the potential impact of the Dobbs decision on data privacy.
Watch this videoPresident Biden’s Executive Order on Foreign-Controlled Apps
An expert panel breaks down Biden’s executive order on foreign-controlled apps and its implications for relations between the United States and its foreign adversaries.
Watch this videoNet Neutrality and the Evolving Internet
Does net neutrality improve or hinder competition? Is it better for the consumer?
Watch this videoArtificial Intelligence and Bias
Experts discuss concerns about artificial intelligence systems’ potential biases against racial minorities and other identity groups.
Watch this videoShapers of Cyber Speech – Silicon Valley and American Discourse
What are the realistic regulatory options for curbing Silicon Valley’s influence on the national discourse? What are the potential downsides of these options?
Watch this videoThe Price of Privacy: A Debate over Corporate Surveillance
Data is being collected on each of us every day by the apps that we use, the websites that we visit, and the services we subscribe to. How is this data used by companies and organizations? What is the difference between data security and data privacy? Where should the balance be struck between privacy and the benefits of increased data collection? This video will discuss these questions and more.
Watch this videoGovernment Surveillance: The National Security Perspective
Many national security experts argue that lawful surveillance activities, such as those authorized by the Foreign Intelligence Surveillance Act (FISA), are necessary to protect the national security of the United States.
In this Fourth Branch video, Matthew Heiman takes a deep dive into this issue from the national security perspective.
Watch this videoGovernment Surveillance: Security v. Liberty?
In this Fourth Branch video, Matthew Heiman and Julian Sanchez debate the pros and cons of government surveillance and Faisal Gill, a former Department of Homeland Security official who was surveilled by the federal government beginning in 2006, tells his story.
Watch this videoPepperdine Law Review’s 2019 Symposium: General Data Protection & California Consumer Privacy Act
Today’s regulatory landscape presents challenges for public and private entities. Private actors are often faced with conflicting, ambiguous, or altogether absent regulatory frameworks. Is it possible for them to overcome these challenges while delivering the creativity and innovation the marketplace demands? How can government regulators and legislators avoid stifling opportunity, function more efficiently, and enact and enforce sensible and effective regulatory schemes?
Pepperdine Law Review’s 2019 Symposium, in partnership with the Regulatory Transparency Project, explored these vital questions from both the academic and practical perspectives. The first panel of the symposium focused on the General Data Protection and California Consumer Privacy Act.
Watch this videoReboot 2018: Are We Headed for a U.S. General Data Protection Regulation (GDPR)?
With continued scrutiny over social media companies’ data practices, states are stepping in to pass aggressive new privacy laws. For instance, the recently enacted California Consumer Privacy Act of 2018 will be the toughest data privacy law in the nation when it goes into effect in 2020. But with fears over navigating a patchwork of inconsistent laws, tech companies are increasingly interested in a federal privacy bill that will preempt the states. What might this look like, how likely is it to happen in the next Congress, and what will it mean for consumers?
The Regulatory Transparency Project co-sponsored the Lincoln Network’s Reboot 2018 conference.
Watch this video2018 JLEP Symposium: 21st Century Business Models Meet 20th Century Regulation
Government regulation is intended to improve the efficiency of markets and protect people from harms they cannot identify or prevent on their own. But, for decades, advocates have debated whether the regulatory process and rules developed through it are too strict or too lax; whether they properly account for all the things society values; and even whether they make society better or worse off on balance. The Journal of Law, Economics & Policy’s Symposium on Regulatory Reform, Transparency, and the Economy explored these and related questions as leading scholars and practitioners examined a number of recent regulatory proposals impacting a broad swath of the American economy – from banking and finance to energy and the environment, and from employment law to the internet economy. Speakers considered and debated how well these proposals would perform their intended functions and how they might be improved.
The symposium featured discussions of research papers prepared by experts working on the Federalist Society’s Regulatory Transparency Project. The proceedings of the Conference were published in a special symposium issue of George Mason’s Journal of Law, Economics & Policy.
Watch this videoNew Webinar: “Executive Order on Foreign-Controlled Apps”
Matthew R. A. Heiman
In June, President Biden issued a new executive order directing the federal government to review the security threats posed by foreign-controlled software applications. On September 2, Matthew Feeney (Cato Institute) moderated an insightful discussion on the topic featuring Jennifer Hay (DataRobot), Jamil Jaffer (National Security Institute), and Margaret Peterlin (Texas A&M University)…
Read this articleTwo Useful Pieces of Commentary on Net Neutrality
Matthew R. A. Heiman
Matthew Heiman points to two recent items on net neutrality from Tom Hazlett.
Read this articleWhat the Biden Administration May Bring for Tech Policy
Jennifer Huddleston
“The Biden administration should carefully consider the significant tradeoffs regulation can have and embrace bipartisan opportunities to build on the United States’ innovation-friendly approach.”
Read this articleThe FCC Should Not Engage in Section 230 Rulemaking
Jennifer Huddleston
Governing the Internet: An FCC decision to engage in changing Section 230 would not only be concerning for First Amendment principles, but also should raise concerns about the expansion of the administrative state and the intrusion of government into private actions.
Read this articleExamining the California Consumer Privacy Act
Matthew R. A. Heiman
In a new teleforum, Professor Eric Goldman, Lindsey Tonsager, and moderator Professor Gus Hurwitz discuss the California Consumer Privacy Act (CCPA).
Read this articleModern Privacy Advocacy
Matthew R. A. Heiman
In their thought-provoking essay, Gus Hurwitz and Jamil Jaffer explain that orthodoxy in the defense of privacy, a term that is ill-defined, may undermine the very value it tries to serve.
Read this articleLetter to Congress: Support an Open and Free Internet
Richard Epstein
We support a free and open Internet and we oppose utility regulation of the most dynamic communications platform the world has ever seen. For these reasons, we encourage Congress to oppose the adoption of a CRA resolution to overturn the RIF Order.
Read this article