See new research from Professor Mikołaj Barczentewicz on information privacy and security in the EU. Check out this brief video from Professor Barczentewicz explaining his new paper:

See new research from Professors Ginger Zhe Jin, Mario Leccese, and Liad Wagman on technology mergers. Check out this brief video on explaining this paper from Professor Leccese.

Public demand for stronger privacy laws has reached a critical point, and congress is likely to pass sweeping, cross-technology and cross-industry privacy legislation for the first time in US history. This is an exciting juncture for information policy, but also a perilous one. Poorly constructed privacy laws can frustrate the interests of the people they are meant to protect.

In her newest white paper, PEP Director Jane Bambauer explains why an evidence-based privacy law would not look like the GDPR or the CCPA, and offers the contours (and even model language) of a statutory scheme that would better serve the modern American consumer.

You can read the full paper and model legislation here.

In 2014 and 2015, the research company Cambridge Analytica was able to amass a database of information on 87 million Facebook users, based on the survey results of just a few hundred thousand personality quiz participants. The company then used this data to try to get political consulting clients. In her new white paper, Program on Economics & Privacy Director Jane Bambauer argues that while almost everyone agrees that something went wrong here, defining the harm such that it can elucidate the best course for public policy is an exceedingly difficult task.

This issue raises multiple concerns, each deserving of careful consideration, but which have divergent implications for how policymakers should respond. Professor Bambauer’s paper uses the Cambridge Analytica episode to explore why the meaning of a privacy-related harm is so difficult to define and why lawmakers are wise to proceed with caution as they develop new privacy laws.

You can read the full paper here.

Program on Economics & Privacy affiliated faculty member, Professor Jane Bambauer, explores the recent developments in biometric privacy laws in her latest paper, “Biometric Privacy Laws: How a Little-Known Illinois Law Made Facebook Illegal.”

Banks and retailers are increasingly interested in using biometric information to authenticate customers by converting a scan of their biological features into an elaborate password.

The benefits of biometric authentication are obvious, but so are the drawbacks: since the systems use scans of irises, fingers, and even facial structures, a user’s biometric passwords are on public display every time they leave the house. Some states have passed biometric privacy laws to help facilitate the development of biometric authentication technologies. But these well-intentioned biometric privacy laws showcase the problems that arise when public policy tries to keep up with technology.

They are wildly overbroad, potentially exposing even individual users of basic photo organization software to civil liability based on conduct that poses no risk to data security. What is more, the laws are also unlikely to be necessary to accomplish their intended goals; companies that are developing biometric authentication systems to protect sensitive personal data are already using technological solutions to manage the security risks, rendering the legal solutions obsolete. Finally, their scope possibly contravenes the First Amendment and the Dormant Commerce Clause.

Although the purpose of these nascent laws is laudable, so far they appear to have only spurred class action litigation that is likely to harm, rather than help, the interests of the average consumer.

Read the full paper here.