Privacy Decisionmaking in Administrative Agencies
Much appreciation to Colin Bennett, Malcolm Crompton, Peter Cullen, Lauren Edelman, Robert Gellman, Chris Hoofnagle, Robert Kagan, Jennifer King, Anne Joseph O’Connell, Fred B. Schneider, Ari Schwartz, Paul Schwartz, and the participants at The University of Chicago Law School’s Surveillance Symposium for insight, comment, and discussion; Nuala O’Connor Kelly and Peter Swire for consenting to be interviewed about their experience in privacy leadership roles within the United States government; Sara Terheggen, Marta Porwit Czajkowska, Rebecca Henshaw, and Andrew McDiarmid for their able research.
- Share The University of Chicago Law Review | Privacy Decisionmaking in Administrative Agencies on Facebook
- Share The University of Chicago Law Review | Privacy Decisionmaking in Administrative Agencies on Twitter
- Share The University of Chicago Law Review | Privacy Decisionmaking in Administrative Agencies on Email
- Share The University of Chicago Law Review | Privacy Decisionmaking in Administrative Agencies on LinkedIn
Administrative agencies increasingly rely on technology to promote the substantive goals they are charged to pursue. The Department of Health and Human Services has prioritized digitized personal health data as a means for improving patient safety and reducing bureaucratic costs. The DOJ hosts electronic databases that pool information between agencies to facilitate national law enforcement in ways previously unimaginable. The Departments of Defense and Education mine digital information to effect goals as diverse as human resources management; service improvement; fraud, waste, and abuse control; and detection of terrorist activity.
This Case Note argues that categorizing college athletes as employees would, under a faithful application of Title IX and the court’s reasoning in Johnson, take wage payments outside the purview of Title IX’s equal opportunity requirement for athletes. Instead, Title IX as applied to college employees would govern, along with the other relevant employment discrimination laws. Under these statutes, it would likely be permissible for colleges to pay athletes in revenue-generating sports more than those athletes in nonrevenue sports.
Special thanks to Mario Barnes, Courtney Douglas, Paul Gowder, Deborah Turkheimer, to the audience at Northwestern Law’s Julian Rosenthal Lecture, and to Miranda Coombe, Sam Hallam, Caroline Kassir, and Danielle O’Connell for superb editing. Adeleine Lee and Alex Wilfert provided excellent research assistance. The authors contributed equally to this essay.
Antidemocratic forces rely on intimidation tactics to silence criticism and opposition. Today’s intimidation playbook follows a two-step pattern. We surface these tactics so their costs to public discourse and civic engagement can be fully understood. We show how the misappropriation of the concept of online abuse has parallels in other efforts at conceptual diversion that dampen democratic guarantees. Democracy’s survival requires creative solutions. Politicians and government workers must be able to operate free from intimidation. Journalists and researchers must be able to freely investigate governmental overreach and foreign malign influence campaigns that threaten the democratic process. Surfacing the two-step strategy is a critical start to combating it.
I would like to thank Jack Brake, Anne Marie Hawley, and Jonah Klausner for their thoughtful edits and Jake Holland for his indispensable advice all throughout the drafting process.
Illinois’s Biometric Information Privacy Act (BIPA) is the country’s most powerful law governing biometric data—data generated from an individual’s biological characteristics, like fingerprints and voiceprints. Over the past decade, BIPA garnered a reputation as an exceptionally plaintiff-friendly statute. But from 2023–2024, the Illinois legislature, Illinois Supreme Court, and Ninth Circuit Court of Appeals all sided with BIPA defendants for the first time. Most significantly, in Zellmer v. Meta Platforms, Inc., the Ninth Circuit dismissed the plaintiff’s BIPA claim because the face scan collected by the defendant could not be used to identify him.
It is unclear whether these developments represent a trend or an exception to BIPA’s plaintiff-friendliness. Which path is charted will largely turn on how courts interpret Zellmer: While Zellmer established that a biometric identifier must be able to identify an individual, lower courts have construed its holding narrowly to require that the entity collecting biometric data must itself be capable of identifying, rather than it being sufficient for any entity to do so. Reading BIPA this narrowly would significantly weaken the statute’s protections.
After detailing how employer and consumer cases catalyzed this recent defendant-friendly shift, this Comment proposes a two-step framework to determine whether a biometric identifier is able to identify, falling under BIPA’s reach. Given BIPA’s broad influence, where courts ultimately land on this question will be crucial to the protection of biometric data nationwide."