Reference Materials
ornament
Apply for CLE

Privacy Law Salon, Miami Roundtable, Feb 16 – 18, 2025
The Great Scrape: The Clash Between AI Scraping and Privacy
Daniel J. Solove & Woodrow Hartzog, 113 California Law Review (forthcoming 2025)

The Economics of Privacy at a Crossroads
Alessandro Acquisti, in The Economics of Privacy (Goldfarb & Tucker eds. 2024)

The President’s Authority Over Cross-Border Data Flows
Anupam Chander & Paul M. Schwartz, 172 U. Penn. L. Rev. 1989 (2024)

What the US Election Results May Mean for Digital Policy
Jedidiah Bracey, IAPP, Nov. 7, 2024

Chapter 30 – Project 2025 – Federal Trade Commission

Privacy Law Salon: Powerpoint Presentation

Privacy Law Salon, Miami Roundtable, Jan 28 – 30, 2024

Artificial Intelligence and Privacy
Daniel J. Solove, forthcoming 77 Florida L. Rev. (2025)

The Overton Window and Privacy Enforcement
Alicia Solow-Niederman, 37 Harv. J. L. & Tech 1007 (2023)

Gaining or Losing Control: Real Use of Data Control Rights and Policy Implications
Ella Corren, 109 Iowa L. Rev. 2017 (2024)

How Harris and Trump Differ on Tech Policy
Nicol Turner Lee and Darrell M. West, Brookings (July 23, 2024)

Privacy Law Salon: Powerpoint Presentation

Privacy and/or Trade [Link] (focus on pp. 84-105)
Anupam Chander & Paul Schwartz

In re EPIC Games  [Link]
FTC  (Dec. 19, 2022)

Unifying Privacy and Data Security [Link]
Daniel J. Solove & Woodrow Hartzog (Aug. 3, 2022)

Lex Reformatica: Five Principles of Policy Reform for the Technological Age [Link]
Sonia Katyla (Nov. 3, 2022)

Supplementary Readings

California Age-Appropriate Design Code Act [Link]
Introduced by Assembly Members Wicks, Cunningham, and Petrie-Norris
(Coauthors: Senators Allen, Newman, and Stern)

American Data Privacy and Protection Act (ADPPA)  [Link]

Federal privacy negotiators should accept victory gracefully [Link]
Cameron F. Kerry, Brookings (Aug. 12, 2022)

Comparison Chart of CCPA vs. ADPPA [Link]
Californians for Consumer Privacy (Aug. 12, 2022)

A Faustian Bargain: Is Preemption Too High a Price for a Federal Privacy Law? [Link]
Daniel J. Solove (July 22, 2022)

Further Thoughts on ADPPA, the Federal Comprehensive Privacy Bill [Link]
Daniel J. Solove (July 30, 2022)

Required Readings

The Myth of the Privacy Paradox [Link]
Daniel J. Solove, George Washington University Law School

Fiduciary Boilerplate: Locating Fiduciary Relationships in Information Age Consumer Transactions [Link]
Lauren Scholz, Florida State University – College of Law

Is Data Localization a Solution for Schrems II? [Link]
Anupam Chander, Georgetown University Law Center

Supplementary Readings

Session 1 – A New Chapter in Federal Privacy Law 
California Voters Adopt the California Privacy Rights Act [Link]
Jones Day Insights

Apple, Facebook & Google – How California’s new privacy measures apply [Link]
Mike Peterson, Apple Insider

California’s Proposition 24 is an ambitious—but controversial—privacy overhaul [Link]
Ruth Reader, Fast Company

Session 3 – EU Privacy and Cross-Border Transfers in a Post Schrems II World 
Data transfers: Questions and answers abound, yet solutions elude [Link]
Caitlin Fennessy, CIPP/US – IAPP

Frequently Asked Questions & Resources on ‘Schrems II’ [Link]
IAPP Resource Center

EDPB, recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data [Link]

Required Readings

State Privacy Law + Federal Privacy Law Session
Daniel J. Solove & Paul M. Schwartz, ALI Data Privacy: Overview and Black Letter Text [Link]

State, Federal, and International Privacy Law Session
Ari Waldman, Privacy Law’s False Promise [Link]

International Privacy Law Session
Anapum Chander et al., Catalyzing Privacy Law [Link]

Supplementary Readings – Hot Topics Session

Frank A. Pasquale, Data-Informed Duties in AI Development, 119 Colum. L. Rev. 1917 (2019) [Link]

Danielle Keats Citron, Cyber Mobs, Disinformation, and Death Videos: The Internet As It Is (And As It Should Be), — Mich. L. Rev. – (forthcoming 2020) [Link]

Chris Jay Hoofnagle, Bart van der Sloot and Frederik Zuiderveen Borgesius, The European Union General Data Protection Regulation: What It Is And What It Means  [Link]

Daniel J. Solove,The Trouble with Spokeo: Standing, Privacy Harms, and Biometric Information  [Link]

Ari Ezra Waldman, Privacy’s Law of Design [Link]

Daniel J. Solove, The Future of Cybersecurity Insurance and Litigation: An Interview with Kimberly Horn [Link]

Paul Schwartz, Global Data Privacy: the EU Way [Link]

Paul M. Schwartz and Karl-Nikolaus Peifer, Transatlantic Data Privacy Law,106 Georgetown Law Journal 115 (2017) [Link]

Chris Jay Hoofnagle, The Federal Trade Commission’s Inner Privacy Struggle, in The Cambridge Handbook of Consumer Privacy (Evan Selinger, Jules Polonetsky, & Omer Tene, eds) (Cambridge University Press 2018, forthcoming). [Link]
 
Natali Helberger, Frederik J. Zuiderveen Borgesius, and Agustin Reyna, The Perfect Match? A Closer Look at the Relationship between EU Consumer Law and Data Protection Law, Common Market Law Review, Vol. 54, No. 5 (2017) [Link]

Woodrow Hartzog, The Inadequate, Invaluable Fair Information Practices,76 Maryland Law Review 952 (2017) [Link]

Bart Custers, Francien Dechesne, Alan M. Sears, Tommaso Tani, and Simone van der Hof, A Comparison of Data Protection Legislation and Policies Across the EU,  Computer Law & Security Review, doi 10.1016/j.clsr.2017.09.001. [Link]

ICO, Overview of the General Data Protection Regulation (Oct. 2016) [Link]

Paul M. Schwartz, Risk and High Risk: Walking the GDPR Tightrope, IAPP Privacy Perspectives (March 29, 2016) [Link]

European Commission, EC launches EU-U.S. Privacy Shield: stronger protection for transatlantic data flows, Jul. 12, 2016 [Link]

EC, Fact Sheet, European Commission, EU-US Privacy Shield (July 2016) [Link]

Sarah Spiekermann and Lorrie Faith Cranor, Engineering Privacy, 35(1) IEEE Transactions on Software Engineering (Jan. 2009) [Link]

Daniel J. Solove, Privacy by Design: 4 Key Points [Link]

Paul M. Schwartz, Microsoft, Ireland and a Level Playing Field for U.S. Cloud Companies, Bloomberg BNA Privacy and Security Law Report, (Aug. 2016.) [Link]

Paul M. Schwartz, The delayed revolution in digital financial services, TechCrunch, Apr. 9, 2016​ [Link]

Daniel J. Solove and Danielle K. Citron, Risk and Anxiety: A Theory of Data Breach Harms, Dec. 14, 2016 [Link]

Ira Rubinstein, The Future of Self-Regulation is Co-Regulation, in The Cambridge Handbook of Consumer Privacy (CUP Forthcoming 2017) [Link]

Daniel J. Solove & Woodrow Harzog, The Future of the FTC on Privacy and Security [Link]

Chris Hoofnagle, The Federal Trade Commission’s Inner Privacy Struggle [Link]

New Directions in Privacy Law
FTC, Big Data: A Tool for Inclusion or Exclusion? (Jan. 2016) [Link]
In the Matter of Nomi Technologies, Inc. (FTC 2015)
Case Documents [Link]
Press Release [Link]

The Internet of Things, Robotics, Al and New Paradigms of Privacy and Security
Ryan Calo, Robotics and the Lessons of Cyberlaw, 103 Calif. L. Rev. 513-63 (2015) [Link]
Woodrow Hartzog, Unfair and Deceptive Robots, 74 Maryland L. Rev. – (2015) [Link]

The Future of Cybersecurity
Orin Kerr, How does the Cybersecurity Act of 2015 change the Internet surveillance laws? [Link]
Daniel J. Solove, The Kafkaesque Sacrifice of Encryption Security in the Name of Security [Link]

Safe Harbor 2.0? The Future of US-EU Data Sharing
General Data Protection Regulation (GDPR) [Link]
Maximillian Schrems v. Data Protection Commissioner [Link]
Daniel J. Solove, 10 Implications of the New EU General Data Protection Regulation (GDPR) [Link]

Daniel J. Solove & Paul M. Schwartz, Privacy and Security Developments (Nov. 24, 2014) [Link]
Overview of new developments in the field; the first of many more periodic issues

California Attorney General, California Privacy Legislation Enacted in 2014 [Link]
List of 10+ statutes pertaining to privacy and data security enacted by California in 2014

Byrne v. Avery Center for Obstetrics and Gynecology, No. 18904, 2014 WL 5507439 (Conn. Nov. 11, 2014) [Link]
The Connecticut Supreme Court held that HIPAA could be used as a basis in establishing the standard of care for negligence.

Daniel J. Solove, Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole (Nov. 18, 2014) [Link]
Post about Byrne v. Avery Center

Briefs in FTC v. Wyndham Worldwide Corp., on Appeal to 3rd Circuit
Wyndham’s Brief  [Link]
FTC’s Brief  [Link]

Eduardo Ustaran, The Privacy Challenges of the New European Commission, Chronicle of Data Protection (Hogan Lovells, Nov. 4, 2014) [Link]
Identifies challenges to the new regulatory framework for data protection.

NY Times Special Section on Data Security (Dec. 2, 2014) [Link]
Includes many feature articles

Scott Goss, Data Protection Law Errors in Google Spain LS, Google Inc. v. Agencia Espanola de Proteccion de Datos, Mario Costeja Gonzalez, Future of Privacy Forum (2014)  [Link]
Detailed analysis of the Google Spain “right to be forgotten” case

NY Times, Room for Debate, Is Big Data Spreading Inequality? [Link]
Featuring Chris Wolf, Danielle Citron, Solon Barocas, among others

NY Times, Room for Debate, Privacy and the Internet of Things [Link]
Featuring Julie Brill and Ryan Calo, along others

Alessandro Acquisti, What Is Privacy Worth? [Link]

Woodrow Hartzog & Frederic D. Stutzman, Obscurity by Design, 88 Washington L. Rev. 385 (2013) [Link]

Comments of the Future of Privacy Forum Re: Internet of Things [Link]

Christopher Wolf & Jules Polonetsky, An Updated Privacy Paradigm for the Internet of Things [Link]

Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European Union , 102 California L. Rev. (forthcoming 2014) [Link]

Daniel J. Solove, Privacy Self-Management and the Consent Dilemma, 126 Harvard L. Rev. 1880 (2013) [Link]

Paul Schwartz, The “California Effect” on Privacy Law [Link]

ornament