Privacy Law

Illinois’s Biometric Information Privacy Act (BIPA) is the country’s most powerful law governing biometric data—data generated from an individual’s biological characteristics, like fingerprints and voiceprints. Over the past decade, BIPA garnered a reputation as an exceptionally plaintiff-friendly statute. But from 2023–2024, the Illinois legislature, Illinois Supreme Court, and Ninth Circuit Court of Appeals all sided with BIPA defendants for the first time. Most significantly, in Zellmer v. Meta Platforms, Inc., the Ninth Circuit dismissed the plaintiff’s BIPA claim because the face scan collected by the defendant could not be used to identify him.

It is unclear whether these developments represent a trend or an exception to BIPA’s plaintiff-friendliness. Which path is charted will largely turn on how courts interpret Zellmer: While Zellmer established that a biometric identifier must be able to identify an individual, lower courts have construed its holding narrowly to require that the entity collecting biometric data must itself be capable of identifying, rather than it being sufficient for any entity to do so. Reading BIPA this narrowly would significantly weaken the statute’s protections.

After detailing how employer and consumer cases catalyzed this recent defendant-friendly shift, this Comment proposes a two-step framework to determine whether a biometric identifier is able to identify, falling under BIPA’s reach. Given BIPA’s broad influence, where courts ultimately land on this question will be crucial to the protection of biometric data nationwide."

Recently, many states have reacted to the growing data economy by passing data privacy statutes. These follow the “interaction model”: they allow consumers to exercise privacy rights against firms by directly interacting with them. But data brokers, firms that buy and sell data for consumers whom they do not directly interact with, are key players in the data economy. How is a consumer meant to exercise their rights against a broker with an “interaction gap” between them?

A handful of states have tried to soften the interaction gap by enacting data-broker-specific legislation under the “transparency model.” These laws, among other things, require brokers to publicly disclose themselves in state registries. The theory is that consumers would exercise their rights against brokers if they knew of the brokers’ existence. California recently went further with the Delete Act, providing consumers data-broker-specific privacy rights.

Assembling brokers’ reported privacy request metrics, this Comment performs an empirical analysis of the transparency model’s efficacy. These findings demonstrate that the transparency model does not effectively facilitate consumers in following through on their expected privacy preferences or meaningfully impacting brokers. Therefore, regulators should follow in the footsteps of the Delete Act and move beyond the transparency model.

The canonical test for Fourth Amendment searches looks to whether the government has violated a person’s reasonable expectation of privacy. Yet the Supreme Court has recently added a property-based test to address cases involving physical intrusions. Further, influential judges and scholars have proposed relying primarily on property in determining the Fourth Amendment’s scope. This Article exposes the overlooked flaws of a property-centered Fourth Amendment. It examines the complications of property law, explores the malleability of property rights, and reveals how governments can manipulate them. Normatively, Fourth Amendment regimes based on property are likely to be underinclusive and grounded in trivial physical contact while ignoring greater intrusions. Finally, because property is unequally distributed, its use as a determinant of Fourth Amendment protections risks leaving disadvantaged members of society with the least protection. While property concepts will sometimes be relevant, they should be used very carefully, and very little, in Fourth Amendment law.

The Roberts Court has made protecting “the privacies of life” a catchphrase of Fourth Amendment law in the digital era. The time is thus ripe for revisiting the doctrinal and political roots of this newly influential quote from the Court’s 1886 decision Boyd v. United States. This Article makes a novel argument that Boyd and its elevation of protecting the “privacies of life” to an animating principle of the Fourth Amendment was instead a product of Reconstruction and its dismantlement. Fourth Amendment privacy was produced by and helped secure Reconciliation—the process through which White Americans North and South, Democrat and Republican came together to limit Reconstruction, preserve White supremacy, and pave the way for the violent disenfranchisement of newly freed Black men. The Article concludes by considering the divergent doctrinal implications of resituating Boyd and Fourth Amendment privacy in the politics of Reconciliation.

For data, the whole is greater than the sum of its parts. There may be millions of people with the same birthday. But how many also have a dog, a red car, and two kids? The more data is aggregated, the more identifying it becomes. Accordingly, the law has developed safe harbors for firms that take steps to prevent aggregation of the data they sell. A firm might, for instance, anonymize data by removing identifying information. But as computer scientists have shown, clever de-anonymization techniques enable motivated actors to unmask identities even if the data is anonymized. Data brokers collect, process, and sell data. Courts have traditionally calculated data brokering harms without considering the larger data ecosystem. This Comment suggests a broader conception is needed because the harm caused by one broker’s conduct depends on how other brokers behave. De-anonymization techniques, for instance, often cross-reference datasets to make guesses about missing data. A motivated actor can also buy datasets from multiple brokers to combine them. This Comment then offers a framework for courts to consider these “network harms” in the Federal Trade Commission’s (FTC) recent lawsuits against data brokers under its Section 5 authority to prevent unfair acts and practices.

A Response to Profs. Anupam Chander & Paul Schwartz’s Privacy and/or Trade.

On February 16, 2016, a federal court ordered Apple to “assist law enforcement agents in enabling the search” of an iPhone that had been lawfully seized during the investigation into a mass shooting in San Bernardino, California.