Privacy Research Group




Joining PRG

PRG Calendar

Spring 2025

April 23: Maria P. Angel - Breaking Up with Privacy: The FTC’s Shift to Commercial Surveillance and its Reimagined Role in Data Governance

     ABSTRACT: In 2022, the Federal Trade Commission (FTC) launched an Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security.” This initiative was widely interpreted in the media as another bid to regulate data privacy. If anything, the use of the term “commercial surveillance” was read by some critics as adversarial and biased against industry practices. However, the deliberate exclusion of the term “privacy” from the ANPR’s title signals a strategic reframing of the FTC’s regulatory priorities, reflecting a conceptual and institutional shift that began at least three years earlier—well before Chair Lina Khan joined the agency. This Article argues that the FTC’s ANPR on Commercial Surveillance and Data Security embodies the agency’s attempt to move beyond traditional data privacy frameworks—marking a break with the past—and toward a broader approach to data governance. Specifically, the FTC’s growing interest in “commercial surveillance” indicates a shift toward a more holistic approach to consumer data, one that addresses its full lifecycle and its implications not only for consumers, but for businesses, the economy, and society at large. Although largely overlooked, this shift could profoundly influence not only the FTC’s cultural orientation and the evolving boundaries of the concept of privacy, but also the broader trajectory of emerging technology regulation in the U.S. This Article’s focus on long-term trends, structural dynamics, and the conceptual evolution of the FTC’s priorities ensures its enduring relevance as a framework for understanding U.S. privacy regulation. While forthcoming policy changes under a new Republican-led FTC may shift the agency’s emphasis and likely result in a rollback of the proposed rulemaking on commercial surveillance and data security, the foundational issues explored in this Article remain deeply rooted in the FTC’s institutional history as well as in current social norms. Predictably, these internal and external broader dynamics will continue to shape regulatory debates and influence privacy policymaking in the years to come.

April 16:  Ashit Srivastava - Atmanirbhar Bharat and Personal Data Protection

     ABSTRACT: The recent inculcation of the Indian Personal Data Protection Act within the Indian framework has deeper implications for the Indian approach towards personal data protection. However, it is worth mentioning that the Indian journey towards data protection has been as tedious as that of mountaineering Kanchenjunga, preliminary because of constant change of approaches towards data protection. The first bill of Personal Data Protection 2018 had a more elaborative approach towards data protection, and to a large extent, it could have been aligned with that of the European GDPR. However, ever since the 2018 Bill, the Indian personal data framework has been trimmed down to a large extent to its present form (the initial bill was around 70 pages, but the current Act has been trimmed down to around 30 pages). What conspicuously seems to have become a part of the Indian framework and was surely missing in the initial bills are the specially curated exemption clauses targeted towards the nurturing growth of a start-up culture in India. The presentation will be highlighting this aspect of the personal data protection, that India is trying to balance between a sound personal data framework vis-à-vis a nascent start-up & MSME culture, what the author terms it as ‘Atmanirbhar Bharat’ approach or Self-Reliant India approach.

April 9: Mark Verstraete - Training Data Protectionism

     ABSTRACT: The United States is increasingly adopting protectionist policies in pursuit of its AI development goals. Within this paradigm, AI policymakers are attempting to choke off foreign access to essential AI inputs, such as training data. This Article intervenes in the debate about protectionist policies for training data. First, this Article demonstrates how American privacy law constructs useful training data. More specifically, American privacy law creates incentives that produce data that is effective for model training. Second, this Article canvasses existing protectionist regulations that seek to keep American training data within American territorial borders for exploitation by American AI developers. And finally, this Article argues that training data protectionism misunderstands cybersecurity risks on a number of fronts that may cause training data protectionism to backfire, and offers a new path forward.

April 2: Mimee Xu - Input-Private Fairness Audits

     ABSTRACT: During the Covid-19 pandemic, overcrowded emergency rooms nationwide turned patients away. This life-or-death process, known as triaging, may be automated with machine learning [1, 2, 3]. The allocation of scarce healthcare resources by AI demands regulatory oversight, ensuring fair and non-discriminative decision-making. Yet auditing these models requires access to sensitive records, which are protected with encryption under privacy regulations. Indeed, current algorithmic audit practices, particularly in hospital settings, often compromise encryption protocols. Adopting output-private techniques like anonymization and differential privacy fundamentally presupposes some data release, establishing a problematic precedent for AI auditing in sensitive domains, and are known to lead to less effective audits [4]. However, is the conflict between AI regulation and robust privacy fundamentally predetermined? We counter by presenting the first proposal for private fairness auditing of machine learning decisions to address regulatory tension surrounding healthcare providers' increasing use of AI. Our lightweight system posits a simple argument: privacy can be maintained at the source, without disempowering fairness audits. Unlike output-private techniques, ours conducts fairness audits without a priori model or data release. Thus, oversight need not rely on approximations, nor does it require hospitals to risk exposing unencrypted data.

March 19: Ignacio Cofone - The Fairness-Accuracy Tradeoff Myth in AI

     ABSTRACT: This paper examines an understated reason for which we should push back against the pervasive but flawed notion of a “fairness-accuracy tradeoff” in AI. The idea persists in academic, industry, and policy discourse, yet it rests on a fundamental misunderstanding of how AI models function and how they are used in society. AI outputs aren’t direct indications of ground truth—they are proxies for decisions, meaning that "accuracy" is always relative to an arbitrarily chosen output variable. Because AI models optimize for imperfect output variables rather than ground truth, adjusting for fairness doesn’t necessarily reduce accuracy; in many cases, it can enhance it. The real question isn’t whether fairness comes at the cost of accuracy, but whose definition of accuracy is being prioritized and why. The assumption of a universal fairness-accuracy tradeoff is tempered significantly when examined through the lens of model multiplicity and varying fairness definitions, many of which include accuracy. But it collapses when examined in light of biases in the very output variables used to measure whether de-biasing reduces accuracy. Any claim of a tradeoff depends on what is being optimized—which output variable is chosen and whether it embeds the very biases fairness constraints seek to correct. An AI model that optimizes for a biased output variable may be “accurate” with respect to that flawed variable but inaccurate with respect to the underlying characteristic that actually matters for decision-making. Thus, there can be no general tradeoff between fairness and accuracy—only competing choices about which metrics to accept and whose interests to prioritize.

March 12: PRG Student Fellows

     ABSTRACT: A presentation by the PRG Student Fellows Marco Germanò, Krimul Malhotra, Rebecca Kahn, Carolina Barcelos, Yujia Wu, Naveen Rajan, Lesley Yang, Hugh Ó Laoide Kelly, and Yuting Yu. They will be presenting on the tech- and privacy-related implications of several of the Trump administration's executive orders. While there's no shortage of material, the Student Fellows will be focusing on the following executive orders:

• Ensuring Accountability for All Agencies
• President's Council of Advisors on Science and Technology
• Ensuring Lawful Governance and Implementing the President's “Department of Government Efficiency” Deregulatory Initiative
• Restoring Freedom of Speech and Ending Federal Censorship
• Removing Barriers to American Leadership in Artificial Intelligence
• Strengthening American Leadership in Digital Financial Technology
• Unleashing Prosperity Through Deregulation

March 5: Nicholas Tilmes (with Ignacio Cofone and Katherine Strandburg) - Taxonomizing Synthetic Data for Law

     ABSTRACT: In their Article Synthetic Data: Legal Implications of the Data-Generation Revolution, Michal Gal & Orla Lynskey explore how synthetic data is set to revolutionize data usage, especially in artificial intelligence (“AI”). (Michal S. Gal & Orla Lynskey, Synthetic Data: Legal Implications of the Data-Generation Revolution, 109 Iowa L. Rev. 1087 (2024)). Synthetic data is artificially generated but retains analytical value because it is created using methods intended to represent aspects of ground truth in the real world. Gal & Lynskey’s instructive and illuminating treatment introduces the under-studied field of synthetic data, including how and why it is created, to a non-technical legal audience. They persuasively argue that this shift requires re-evaluating current law because current law is primarily designed to address collected data. Their Article explores the implications of synthetic data for market dynamics, privacy, and data quality, arguing it will disrupt established competitive advantages and require new regulatory approaches to balance the utility of data applications with social and legal values such as privacy. Our main Comment on the Article is that the relationship between synthetic data and background knowledge and assumptions about ground truth deserves greater emphasis in the analysis. Understanding that relationship is crucial to distinguishing between types of synthetic data in a way that is necessary to address legal and policy considerations. To further the Article’s normative objectives in particular arenas of synthetic data application, it is essential to bring an analysis of these ground truth assumptions to the fore. Our Comment proceeds as follows. In Part I, we briefly review synthetic data and its applications, then proceed to our proposal to revise Gal & Lynskey’s taxonomy of synthetic data to emphasize the importance of ground truth assumptions. Then, we develop the implications of our revised taxonomy for each of Gal & Lynskey’s treatments of legal and policy implications. We examine competition law in Part II (reconsidering Gal & Lynskey Part II), privacy in Part III (reconsidering Gal & Lynskey Part III), and data generation in Part IV (reconsidering Gal & Lynskey Part IV).

February 26: Danny Huang and Grace McGrath - Toward helping non-expert users detect hidden cameras in real-world environments

     ABSTRACT: Hidden cameras pose significant privacy threats in short-term rentals, such as Airbnb, and even in private residences, such as cases of intimate partner surveillance. However, existing detection methods, including commercial tools and academic solutions, are often expensive, ineffective, or overly specialized to controlled environments, lacking real-world usability. In this project, we present preliminary designs of Hidden Cam Inspector, a usable tool designed for non-experts to discover and locate hidden WiFi-connected cameras in real-world indoor settings. The tool leverages motion-triggered network traffic analysis to detect camera activity and provides what will be intuitive user guidance for identifying their approximate locations. To develop a practical and effective solution, we adopt a participatory design process with non-expert users in controlled lab settings with actual hidden cameras, where we are iteratively assessing its usability, effectiveness, and potential false positives and negatives. Our preliminary results demonstrate that many non-expert users can detect and locate hidden cameras using our tool. We also discuss key ethical considerations, including privacy risks and adversarial misuse, as well as the tool’s limitations and future improvements. We will invite the audience to our participatory design sessions, where participants will have a chance to use a prototype of our tool to do a scavenger hunt for hidden cameras in a controlled lab environment.

February 19: Sky Ma - AI in Judicial Decision-Making: A Theoretical Framework Based on the Fact-Law Dichotomy

     ABSTRACT: The expanding role of AI in judicial decision-making (AI-JDM) raises overwhelming concerns spanning technical (e.g., errors, biases, inaccuracies), legal (e.g., fairness, accountability, legitimacy), and societal (e.g., transparency, trust, equity, and humanity) dimensions. While these anxieties underscore various risks, existing literature often rest on broad principles, such as the overly simplistic “keep humans in the loop,” without providing systematic guidance on specific procedures, goals, standards, or boundaries for AI integration in judicial processes. To address this gap, this paper revisits the “fact-law dichotomy,” proposing it as a novel theoretical framework to analyze the potential and risks of AI-assisted judicial decision-making. The fact-law distinction reveals two fundamentally different objectives, tasks, cognitive processes, and expectations for decision-makers. Fact-finding, a value-neutral process focused on achieving objective truth, appears well-suited for AI applications. In contrast, legal reasoning involves complex value judgments, requiring the reconciliation of conflicting norms and the interpretation of vague principles—areas where AI faces significant challenges. By leveraging this dichotomy, the paper introduces a multidimensional assessment criterion for evaluating AI’s integration into judicial decision-making. This framework highlights the importance of aligning AI applications with the distinct cognitive and normative demands of adjudication. It offers a structured approach to determine AI’s suitability for different stages of judicial decision-making, balancing its strengths in data-driven fact-finding with the limitations of its current capabilities in legal reasoning. It underscores the need for more nuanced evaluation standards, procedural guidance, and boundary-setting to regulate AI’s integration.  Ultimately, this study reexamines the objectives and values underlying judicial decision-making, offering normative and practical guidance for leveraging AI while safeguarding the foundational principles of justice. The proposed theoretical framework serves as a foundation for pilot programs, regular auditing, and well-defined boundaries to balance innovation with the core values of the judiciary. It aims to ensure that AI serves as a facilitator, not a disruptor, of justice. 

February 12: Ronald J. Coleman - Human Confrontation

     ABSTRACT: The U.S. Constitution’s Confrontation Clause ensures that an accused in a criminal prosecution has the right “to be confronted with the witnesses against him[.]”  In the 2022 Hemphill v. New York case, Justice Sotomayor referred to the Confrontation Clause as “[o]ne of the bedrock constitutional protections afforded to criminal defendants[,]” but emerging law enforcement technology may pose an existential threat to this right.  If an AI or algorithmic system places an alleged perpetrator at the scene of the crime, or an automated forensic process produces a DNA report used to convict an alleged perpetrator, should this type of automated evidence invoke a right to confront? Determining the Confrontation Clause’s application to automated statements is both critically important and highly under-theorized.  Existing work treating this issue has largely discussed the scope of the threat to confrontation, called for more scholarship in this area, suggested that technology might not make the types of statements that would implicate a confrontation right, or found that direct confrontation of the technology itself could be sufficient. This Article posits that human confrontation is required.  Drawing upon the dignity, technology, policing, and confrontation literatures, it offers several contributions.  First, it uses automated forensics and several comparative vignettes to show that certain technology-generated statements should implicate confrontation.  Second, it claims that for dignitary reasons only cross-examination of live human witnesses can meet the Confrontation Clause.  Third, it reframes automation’s challenge to confrontation as a “humans in the loop” problem.  Finally, it discusses instances where confrontation should necessitate actual human involvement in an evidence-producing automated process, identifies an open set of principles to guide courts as to which human or humans must be presented in relevant remaining cases, notes possible supplemental approaches, and discusses certain broader implications of requiring human confrontation.

February 5: Alexis Shore Ingber and Nazanin Andalibi - Regulating Emotion AI in the United States: Insights from Empirical Inquiry

     ABSTRACT: Emotion AI is increasingly deployed in high-stakes contexts, yet U.S. regulation does not adequately protect emotion data. Moreover, there is no representative evidence on public attitudes toward the regulation of emotion AI, including how it should be regulated and who should be responsible for its regulation. We present the first nationally representative survey on perceptions of emotion AI regulation. Findings suggest the U.S. public 1) believes emotion data should be regulated using existing data governance models and that emotion data should not be used as courtroom evidence; 2) supports banning emotion AI across contexts; and 3) emphasizes the responsibility of government collaboration with data subjects and experts. Our analysis demonstrates perceived ownership of emotion data, perceived accuracy and bias of emotion AI systems, and individual identity significantly shape support for banning emotion AI. We argue for a critical and collaborative approach to emotion AI regulation that recognizes the unique nature of emotion AI as compared to non-emotion AI systems.

January 29: Ari Waldman - The Digital Iron Cage: The Radical Death of Tech Ethics and Safety (with Danielle Keats Citron)

     ABSTRACT: Concern about social media’s recommendation algorithms is prevalent and righteous. Youth spend hours on content platforms, distracting them from school and play. People are caught in endless loops of videos and posts that grow more extreme, more hateful, and more dangerous. All the while, tech companies earn billions in profits. Despite these and other concerns, policymakers are at a standstill. Section 230 of the Communications Decency Act of 1996 ensures that tech platforms enjoy broad legal immunity for user-generated content, including life-endangering bullying, harassment, and predation. Tech companies can freely exploit personal data, escalating their recommendation algorithms’ manipulative power. Looming in the backdrop is the dismantling of self-regulatory efforts, making these problems much, much worse. In the past decade, tech companies responded to the array of potential harms with the fact they could regulate—after all, they had employees devoted to AI ethics, trust, and safety. No longer. Tech companies are adhering to the law of the iron cage—that organizations tend to follow each other’s lead, emulating fellow travelers’ structures and practices. There is a digital iron cage afoot, which has completed a crucial cycle. What tech companies once built—AI ethics teams and boards and trust and safety employees and contractors—they are now destroying. The destruction is not just the loss of those employees and the re-emergence of harm that they sought to avert. Exponential harm is at risk. Even exercises in cynically performative box checking can have some positive expressive effects, but those are gone too. Gone are the networks created by trust and safety staff who worked with each other and with government agencies, sharing key intelligence. Therefore, institutional and organizational learning on user safety is over. Gone are key insights into the extent of abuse circulating online. In this article, we explore the dynamics of the digital iron cage and its radical destruction of AI ethics, trust, and safety teams and advisers. We document the costs and show why now more than ever we need law to right this ship. Self-regulation is dead. Law is not.

Fall 2024

November 20: Nathalie Smuha - Drafting, Thinking, Judging: What We Delegate to Generative AI and How it Can Threaten Democracy

    ABSTRACT: Our reliance on Generative AI, and LLMs in particular, is steadily growing, for an ever wider range of tasks. No matter how extensive or limited the tasks we delegate to generative AI, this delegation inevitably impacts how we express ourselves. After all, it is through language and art that we convey our thoughts, feelings and ideas. Yet what is the effect of such a delegation? This question can be answered from many perspectives. In this draft paper, I focus on one in particular: the human capacity to engage in public deliberation and democratic decision-making. Drawing on Hannah Arendt’s work, I claim this capacity hinges – amongst others – on a faculty that is unprecedently affected by the delegation to generative AI: the faculty of judgment. Many scholars examined Arendt’s conceptualization of judgment and its link to democratic politics. Recently, this examination expanded to the space of social media, as an illustration of how the (online) public realm morphed into a social (media) realm. Yet I believe the advent of generative AI has deepened the risk of the erosion of judgment in an unparalleled way. While analogies to the dissemination of propaganda, hate speech, and otherwise problematic content via ‘the internet’ retain validity, the centralization, creation and personalization through generative AI applications has brought this problem to a different level. I therefore argue that, without adequate safeguards, generative AI can pose a dual threat to democracy. First, an authoritarian-minded regime can purposely oblige such systems to be embedded with oppressive values and censor critical views. Second, more subliminally and therefore perhaps more dangerously, reliance on such systems can also erode our capacity to think critically and shape our (political) judgment based on a plurality of opinions. Rather than authoritarian regimes, the source of this second threat is our own human laziness and zeal for efficiency. Both are, however, detrimental for democracy.

November 13: Sky (Qin) Ma - Paternalistic Privacy

     ABSTRACT: This paper introduces the concept of “Paternalistic Privacy” to describe a distinctive model of privacy governance in China, centered on the complex power dynamics among individuals, digital platforms, and the state. This analysis is based on the distinction of two primary aspects of privacy protection: preventing state overreach and mitigating abuses by private entities, particularly tech platforms. In the past decades, privacy violations by platforms have become widespread, affecting the general population in the digital era. Existing research predominantly examines state surveillance in China, exposing significant problems in limiting government intrusions into personal privacy. However, far less attention has been given to how China handles platform-based privacy violations. This study addresses this gap by analyzing mechanisms for protecting individuals against platform abuse and examining the state’s regulatory role. The find of this paper suggests that China’s approach to privacy protection is relatively strong in regulating private entities, supported by proactive legislation and enforcement measures. Through a comparative legal perspective, this paper argues that China’s privacy model is not merely a top-down framework but is better described as “paternalistic information management.” In this model, the state assumes a supervisory role, requiring lower-level entities to report information upwards, facilitating informed decision-making and the coordination of public interests. Here, the primary objective of privacy protection is to uphold personal dignity and secure private life, rather than serving as a tool for resisting state intrusion. The “Paternalistic Privacy” framework thus redefines the state’s role as a legal supporter of individuals against platform infringements, providing a structural buffer rather than direct interference. By presenting this novel conceptual approach, the paper enhances the understanding of the dynamic interplay among individuals, platforms, and the state in China and offers a new theoretical perspective for the broader discourse on global privacy protection.  

November 6: Sevinj Novruzova - Broaden Compliance: What are Guardrails for the Financial Institutions in Ensuring Global Anti-Money Laundering and Combating Terrorism Financing (AML/CFT) in AI Use

     ABSTRACT: In an era where financial institutions (banks) are under increasing scrutiny to comply with Global Anti-Money Laundering and Combating Terrorism Financing (AML/CFT), leveraging advanced technologies like AI presents a significant opportunity. Akin there are risks involved with deploying AI solutions to production to enhance AML/CFT programs, driving compliance and efficiency in the financial sector. AML/CFT frameworks are foundational to maintaining the integrity of the financial sector. This kind of program encompasses a broad range of regulations aimed at ensuring financial institutions (banks) operate within the legal standards set by regulatory bodies. AML/CFT initiatives are vital for detecting and preventing financial crimes such as money laundering, terrorist financing, and fraud. These frameworks require continuous monitoring, reporting, and updating to address evolving threats and regulatory changes. Financial institutions (banks) must implement robust systems to identify suspicious activities, conduct thorough customer due diligence, and maintain detailed records. The integration of AI into these systems can enhance their effectiveness by providing real-time analysis, improving detection capabilities, and streamlining compliance workflows. Compliance with these regulations is crucial to avoid hefty fines, build and maintain the trust of stakeholders and safeguard the customers’ money and data. AI may assist banks in becoming more effective in implementing AML/CFT standards through solutions that enhance the understanding, assessment, and mitigation of risks; customer due diligence (know your customer) and monitoring; and communication among stakeholders. In this presentation, I would like to shed light on the following questions: (i) What is the guidance of U.S. governmental regulatory agencies and international standard-setting organizations on AI use for AML/CFT?;  (ii) How do these organizations ensure the balance between the technology innovation and efficiency of the AML/CFT framework?; (iii) Do the efforts of FATF as global AML/CFT standard setter keep abreast of innovative technologies and business models in the financial sector and ensure that global standards remain up-to-date and could enable “smart” financial sector regulation that both addresses risks and promotes responsible innovation in this area? Are we expecting the same efforts from U.S. regulators or legislators on AI use? (iv) What are the conclusions, observations, and recommendations for financial institutions in mastering the guardrails in AI use for AML/CFT purposes?

October 30: Seb Benthall - Agents, Autonomy, Intelligence, Persons, and Properties

     ABSTRACT: This is a very early stage project for which I am seeking general feedback. The project is about laws regulating AI, and how they map to AI's architecture and capabilities, now and in the future. Rather than make an argument at this stage, I would like to present three thought experiments based on future AI scenarios and the legal controversies that might arise. Please see the attached document for those scenarios. I'm looking for feedback as to whether these scenarios are (a) realistic, in terms of technical claims made, (b) interpreted correctly, from a legal perspective, (c) inspiring of any fresh ideas about AI law.

October 23: Aileen Nielsen and Yafit Lev-Aretz - Current Prospects for Automated Data Privacy Opt-Outs

     ABSTRACT: The growing complexity of digital interactions has amplified the need for automated privacy management tools, particularly as user-driven privacy control mechanisms, such as Global Privacy Controls (GPCs), gain legal recognition in the U.S. This study investigates the challenges and adoption rates of GPCs through a panel survey study of over 600 U.S. adults. Findings reveal that nearly 80% of participants successfully installed a GPC browser extension, with 74% continuing to use it after one week. We also investigate propensity to take up and retain use of GPC based on privacy attitudes, privacy knowledge, and demographic attributes, finding little influence of these categories on GPC uptake or use. These results highlight the potential of automated opt-out tools to enhance consumer privacy, while underscoring the need for broader accessibility and education efforts. (Full disclosure: this abstract was generated by ChatGPT based on the circulated draft and only lightly edited thereafter!)

October 15: Chinmayi Sharma - Interoperable Obscurity

     ABSTRACT: Data brokers are abuse enablers. By systematically sharing personal information online, brokers facilitate stalking, harassment, and intimate-partner violence. While perpetrators of interpersonal abuse bear significant responsibility for their acts, brokers are complicit in physical, psychological, financial, and reputational harms because they make it so easy for people to be surveilled. This, in a nutshell, is the sociotechnical phenomenon of brokered abuse—the role data brokers play in enabling and exacerbating interpersonal abuse. To date, responses to this phenomenon have failed to address one of its key features: people suffering abuse must separately beg hundreds of brokers to conceal their information across the internet, with little recourse if the companies rebut their efforts to regain some safety and privacy.

October 9: Arna Wömmel - Algorithmic Fairness: The Role of Human Bias

     ABSTRACT: Legal mandates requiring the exclusion of sensitive attributes in the training data of predictive algorithms used in consequential decision-making often conflict with the technical complexities of machine learning, where such interventions can lead to disparate impact. Much of this research focuses on the quantitative properties of these systems in isolation, without considering broader contextual factors. In this paper, I take a behavioral perspective on this issue. Using an online lab experiment, I examine how algorithmic fairness interventions affect discrimination when human decision-makers, supported by predictive algorithms in making consequential decisions, retain ultimate authority. Specifically, I measure how this is influenced by their prior beliefs about the protected groups. I find that these fairness interventions can exacerbate discrimination when decision-makers hold biases against the groups explicitly protected by the algorithm, even when the fairness-aware algorithm is accurate and informative. These individuals tend to override the algorithm more often and mistakenly perceive fairness-aware algorithms as less accurate. As a result, discrimination in the final decision outcomes is not reduced. These findings suggest that to effectively mitigate discrimination in human-machine decision-making, human bias must be addressed not only during the development and training of these tools but also throughout their deployment. More broadly, they may help explain why recent technical advances in reducing algorithmic bias have not yet translated into reduced discrimination in domains where these tools are widely employed.

October 2: Ari Waldman - Technology Expertise in Technology Policy

     ABSTRACT: Scholars, commentators, and policymakers often assume that technology expertise—how the technology actually works and perspectives from engineers—is necessary to formulate law and policy about technology. Commentators chide members of Congress and the Supreme Court for not knowing how the Internet works; policymakers have proposed money for new technical staff at the FTC, SEC, and other agencies regulating the algorithmic economy; scholars suggest that technical expertise from engineers is necessary to understand how algorithms work so they can be made transparent and accountable. This turn to engineering expertise is reflexive and operates as an underlying assumption of much law and technology scholarship. In this discussion, I would like to challenge the over-prioritization of technology expertise in technology policymaking. I will highlight the effects of privileging this kind of expertise over others. And I will ask: What are the conditions, if any, under which technology expertise is necessary or welcome in law and policymaking processes.

September 25: Michael Goodyear - Dignity and Deepfakes

     ABSTRACT: Today, we face a perilous technosocial combination: AI-generated deepfakes and the Internet. Believable and accessible, AI-generated deepfakes have already spread sex, lies, and false advertisements across the Internet by targeting everyone from President Biden to Taylor Swift to middle school students. Deepfakes inflict multifarious harms against their targets, stripping them of control over their own identities, harming their reputations, and causing them to feel shame. Public dissemination of deepfakes augments these harms to victims’ dignity. Yet due to the dual problem of a technology that captures one’s likeness and another that disseminates it, few legal remedies are viable. Dignity-based torts are ineffective at restricting online platforms due to the safe harbor of Section 230. Copyright and trademark claims can succeed against online platforms, but do not primarily address dignity, making them of limited utility. This Article reveals the right of publicity as a historically, conceptually, and doctrinally apt vehicle for addressing the worst excesses of deepfakes. Over a century ago, the right of publicity emerged in response to a similar troubling combination: the portable camera and mass media. With no legal remedy for the capture and dissemination of one’s likeness to friend and foe alike, the right of publicity sought to protect individuals’ dignitary and economic interests to curtail the worst harms of modern technology and society. Resolving a circuit split by recognizing the right of publicity as intellectual property outside of Section 230’s liability shield would allow the right of publicity to not only restrict the creation of deepfakes, but also oblige online platforms to adopt notice-and-takedown regimes to restrict their dissemination. Utilizing the right of publicity to counter deepfakes in this manner will simultaneously help restore the original dignitary goals of the right of publicity, which has increasingly become associated with intellectual property aimed only at redressing economic loss.

September 18: Aniket Kesari - Federal Open Data as an Artificial Intelligence Resource

     ABSTRACT: In the 2010s, the open government data movement—a confluence of government transparency and open source advocates—succeeded in making most federal data disclosed by default and free of restriction on downstream use. However, keen-eyed observers noted a “new ambiguity” in open government data policies. It was not clear if the appropriate focus of these policies was “government”—in the sense of accountability and transparency—or “data”—in the sense of downstream use and reuse of government datasets by public and private actors. Even as federal government data policies moved from Executive Branch prerogative to statutory mandate, that ambiguity remained unresolved. But the rise of artificial intelligence—and its accompanying demand for new data sources—tipped the scale in favor of “data.” This Article does not seek to resolve the ambiguity in the other direction or rebalance the scales. Instead, we articulate how open government principles have a role to play even when federal open data is viewed primarily as an asset or resource to build artificial intelligence systems. Further, that role may require refinements in how we think about the “open” part of open government data. In short, there are compelling reasons to condition certain reuses of federal open data on the disclosure of the use even if that would make the use of that data less “open” in some senses.

Spring 2024

April 17: Elettra Bietti - Data is Infrastructure
April 10: Angela Zhang - The Promise and Perils of China's Regulation of Artificial Intelligence
April 3: Sebastian Benthall - Complex Sociotechnical System Alignment
March 27: Katja Langenbucher - Financial Profiling
March 13: Thomas Streinz - With Pride and Without Prejudice: Constructing European Data Law around the GDPR
March 6: Yafit Lev-Aretz and Aileen Nielsen - Understanding Privacy as a Public Health Priority
February 28: Ari Waldman - Compromised Advocates: Civil Society and the Future of Privacy Law
February 21: PRG Student Fellows - Executive Order on Safe, Secure, and Trustworthy Development and Use of AI
February 14: Stein & Florencia Marotta-Wurgler - Training 'Legal Thinking': An Automated Approach to Interpreting Privacy Policies
February 7: Fabien Lechevalier & Marie Potel-Saville - Moving from Dark to Fair Patterns: Regulation & countermeasures for human-centered digital
January 31: Moritz Schramm - Platform Administrative Law: A Research Agenda
January 24: Priyanka Nanayakkara - Will Challenges of Understanding Differential Privacy Prevent it from Becoming Policy?
 

Fall 2023

November 29: Monika Leszczynska - Defining the Boundaries of Marketing Influence: Public Perception and Unfair Trade Practices in the Digital Era
November 15: Aileen Nielsen & Arna Woemmel - Ageism unrestrained: the perplexing lack of action to protect older adults in the digital world
November 8: Aniket Kesari - A Legal Framework for Explainable AI
November 1: Toussaint Nothias - The Idea of Digital Colonialism: An Intellectual History At the Intersection of Research and Digital Rights Advocacy
October 25: Sebastian Benthall - Regulatory CI: Adaptively Regulating Privacy as Contextual Integrity
October 18: Michal Shur-Ofry - Multiplicity as an AI Governance Practice
October 11: Michael Goodyear - Infringing Information Architectures
October 4: Yafit Lev-Aretz - Humanized Choice Architecture
September 27: Alexis Shore - Governing the screenshot feature: Fighting interpersonal breaches of privacy through law and policy
September 20: Moritz Schramm - How the European Union and Big Tech reshape Judicial Power
September 13: David Stein – Rethinking IP (and Competition) in the Age of Online Software
 

Spring 2023

April 19: Anne Bellon -  Seeing through the screen. Transparency as regulation in the digital economy
April 12: Gabriel Nicholas, Christopher Morton & Salome Viljeon - Researcher Access to Social Media Data: Lessons from Clinical Trial Data Sharing
April 5: Amanda Parsons & Salome Viljeon - How Law Collides with Informational Capitalism
March 29: Cade Mallett - Judicial Review of Administrative Action Based on AI
March 22: Stein - Innovation Protection for Platform Competition
March 8: Aileen Nielsen & Yafit Lev-Aretz - Disclosure and Our Moral Calculus: Do Data Use Disclosures Change Data Subjects’ Sense of Culpability
March 1: Ari Ezra Waldman - Privacy Civil Society
February 22: Thomas Streinz - Contingencies of the Brussels Effect in the Digital Domain
February 15: Sebastian Benthall - New Computational Approaches to Information Policy Research
February 8:  Argyri Panezi, Leon Anidjar, and Nizan Geslevich Packing - The Metaverse Privacy Problem: If you built it, it will come
February 1: Aniket Kesari - The Consumer Review Fairness Act and the Reputational Sanctions Market
January 25: Michelle Shen - The Brussels Effect as a ‘New-School’ Regulation Globalizing Democracy: A Comparative Review of the CLOUD Act and the European-United States Data Privacy FrameworkAlgorithmic Turn

Fall 2022

November 30: Ira Rubenstein - Artificial Speech and the First Amendment: A Skeptical View
November 16: Michal Gal - Synthetic Data: Legal Implications of the Data-Generation Revolution
November 9: Ashit Srivastava - Default Protectionist Tracing Applications: Erosion of Cooperative Federalism
November 2: María Angel - Privacy's Algorithmic Turn
October 26: Mimee Xu - Netflix and Forget
October 19: Paul Friedl - Dis/similarities in the Design and Development of Legal and Algorithmic Normative Systems: the Case of Perspective API
October 12: Katja Langenbucher - Fair Lending in the Age of AI
October 5: Ari Waldman - Gender Data in the Automated State
September 28: Elettra Bietti - The Structure of Consumer Choice: Antitrust and Utilities' Convergence in Digital Platform Markets
September 21: Mark Verstraete - Adversarial Information Law
September 14: Aniket Kesari - Do Data Breach Notification Laws Work?

Spring 2022

April 27: Stefan Bechtold - Algorithmic Explanations in the Field
April 20: Molly de Blanc - Employing the Right to Repair to Address Consent Issues in Implanted Medical Devices
April 13: Sergio Alonso de Leon - IP law in the data economy: The problematic role of trade secrets and database rights for the emerging data access rights
April 6: Michelle Shen – Criminal Defense Strategy and Brokering Innovation in the Digital and Scientific Era: Justice for Whom?
March 30: Elettra Bietti – From Data to Attention Infrastructures: Regulating Extraction in the Attention Platform Economy
March 23: Aniket Kesari - A Computational Law & Economics Toolkit for Balancing Privacy and Fairness in Consumer Law
March 9: Gabriel Nicholas - Administering Social Data: Lessons for Social Media from Other Sectors
March 2: Jiaying Jiang - Central Bank Digital Currencies and Consumer Privacy Protection
February 23: Aileen Nielsen & Karel Kubicek - How Does Law Make Code? The Timing and Content of Open Source Responses to GDPR and CCPA
February 16: Stein - Unintended Consequences: How Data Protection Laws Leave our Data Less Protected
February 9: Stav Zeitouni - Propertization in Information Privacy
February 2: Ben Sundholm - AI in Clinical Practice: Reconceiving the Black-Box Problem
January 26: Mark Verstraete - Probing Personal Data
 

Fall 2021

December 1: Ira Rubinstein & Tomer Kenneth - Health Misinformation, Online Platforms, and Government Action
November 17: Aileen Nielsen - Can an algorithm be too accurate?
November 10: Thomas Streinz - Data Capitalism
November 3: Barbara Kayondo - A Governance Framework for Enhancing Patient’s Data Privacy Protection in Electronic Health Information Systems
October 27: Sebastian Benthal - Fiduciary Duties for Computational Systems
October 20: Jiang Jiaying -  Technology-Enabled Co-Regulation as a New Regulatory Approach to Blockchain Implementation
October 13: Aniket Kesari - Privacy Law Diffusion Across U.S. State Legislatures
October 6: Katja Langenbucher - The EU Proposal for an AI Act – tested on algorithmic credit scoring
September 29: Francesca Episcopo - PrEtEnD – PRivate EnforcemenT in the EcoNomy of Data
September 22: Ben Green - The Flaws of Policies Requiring Human Oversight of Government Algorithms
September 15: Ari Waldman - Misinformation Project in Need of Pithy
 

Spring 2021

April 16:Tomer Kenneth — Public Officials on Social Media
April 9: Thomas Streinz — The Flawed Dualism of Facebook's Oversight Board
April 2: Gabe Nicholas — Have Your Data and Eat it Too: Bridging the Gap between Data Sharing and Data Protection
March 26: Ira Rubinstein  — Voter Microtargeting and the Future of Democracy
March 19: Stav Zeitouni
March 12: Ngozi Nwanta
March 5: Aileen Nielsen
February 26: Tom McBrien
February 19: Ari Ezra Waldman
February 12: Albert Fox Cahn
February 5: Salome Viljoen & Seb Benthall — Data Market Discipline: From Financial Regulation to Data Governance
January 29: Mason Marks  — Biosupremacy: Data Protection, Antitrust, and Monopolistic Power Over Human Behavior
 

Fall 2020

December 4: Florencia Marotta-Wurgler & David Stein — Teaching Machines to Think Like Lawyers
November 20: Andrew Weiner
November 6: Mark Verstraete — Cybersecurity Spillovers
October 30: Ari Ezra Waldman — Privacy Law's Two Paths
October 23: Aileen Nielsen — Tech's Attention Problem
October 16: Caroline Alewaerts — UN Global Pulse
October 9: Salome Viljoen — Data as a Democratic Medium: From Individual to Relational Data Governance
October 2: Gabe Nicholas — Surveillance Delusion: Lessons from the Vietnam War
September 25: Angelina Fisher & Thomas Streinz — Confronting Data Inequality
September 18: Danny Huang — Watching loTs That Watch Us: Studying loT Security & Privacy at Scale
September 11: Seb Benthall — Accountable Context for Web Applications
   

Spring 2020

April 29: Aileen Nielsen — "Pricing" Privacy: Preliminary Evidence from Vignette Studies Inspired by Economic Anthropology
April 22: Ginny Kozemczak — Dignity, Freedom, and Digital Rights: Comparing American and European Approaches to Privacy
April 15: Privacy and COVID-19 Policies
April 8: Ira Rubinstein — Urban Privacy
April 1: Thomas Streinz — Data Governance in Trade Agreements: Non-territoriality of Data and Multi-Nationality of Corporations
March 25: Christopher Morten — The Big Data Regulator, Rebooted: Why and How the FDA Can and Should Disclose Confidential Data on Prescription Drugs
March 4: Lilla Montanagni — Regulation 2018/1807 on the Free Flow of Non Personal Data: Yet Another Piece in the Data Puzzle in the EU?
February 26: Stein — Flow of Data Through Online Advertising Markets
February 19: Seb Benthall — Towards Agend-Based Computational Modeling of Informational Capitalism
February 12: Yafit Lev-Aretz & Madelyn Sanfilippo — One Size Does Not Fit All: Applying a Single Privacy Policy to (too) Many Contexts
February 5: Jake Goldenfein & Seb Benthall — Data Science and the Decline of Liberal Law and Ethics
January 29: Albert Fox Cahn — Reimagining the Fourth Amendment for the Mass Surveillance Age
January 22: Ido Sivan-Sevilia — Europeanization on Demand? The EU's Cybersecurity Certification Regime Between the Rationale of Market Integration and the Core Functions of the State

 

Fall 2019

December 4: Ari Waldman — Discussion on Proposed Privacy Bills
November 20: Margarita Boyarskaya & Solon Barocas [joint work with Hanna Wallach] — What is a Proxy and why is it a Problem?
November 13: Mark Verstraete & Tal Zarsky — Data Breach Distortions
November 6: Aaron Shapiro — Dynamic Exploits: Calculative Asymmetries in the On-Demand Economy
October 30: Tomer Kenneth — Who Can Move My Cheese? Other Legal Considerations About Smart-Devices
October 23: Yafit Lev-Aretz & Madelyn Sanfilippo — Privacy and Religious Views
October 16: Salome Viljoen — Algorithmic Realism: Expanding the Boundaries of Algorithmic Thought
October 9: Katja Langenbucher — Responsible A.I. Credit Scoring
October 2: Michal Shur-Ofry — Robotic Collective Memory   
September 25: Mark Verstraete — Inseparable Uses in Property and Information Law
September 18: Gabe Nicholas & Michael Weinberg — Data, To Go: Privacy and Competition in Data Portability 
September 11: Ari Waldman — Privacy, Discourse, and Power

Spring 2019

April 24: Sheila Marie Cruz-Rodriguez — Contractual Approach to Privacy Protection in Urban Data Collection
April 17: Andrew Selbst — Negligence and AI's Human Users
April 10: Sun Ping — Beyond Security: What Kind of Data Protection Law Should China Make?
April 3: Moran Yemini — Missing in "State Action": Toward a Pluralist Conception of the First Amendment
March 27: Nick Vincent — Privacy and the Human Microbiome
March 13: Nick Mendez — Will You Be Seeing Me in Court? Risk of Future Harm, and Article III Standing After a Data Breach
March 6: Jake Goldenfein — Through the Handoff Lens: Are Autonomous Vehicles No-Win for Users
February 27: Cathy Dwyer — Applying the Contextual Integrity Framework to Cambride Analytica
February 20: Ignacio Cofone & Katherine Strandburg — Strategic Games and Algorithmic Transparency
February 13: Yan Shvartshnaider — Going Against the (Appropriate) Flow: A Contextual Integrity Approach to Privacy Policy Analysis
January 30: Sabine Gless — Predictive Policing: In Defense of 'True Positives'

Fall 2018

December 5: Discussion of current issues
November 28: Ashley Gorham — Algorithmic Interpellation
November 14: Mark Verstraete — Data Inalienabilities
November 7: Jonathan Mayer — Estimating Incidental Collection in Foreign Intelligence Surveillance
October 31: Sebastian Benthall — Trade, Trust, and Cyberwar
October 24: Yafit Lev-Aretz — Privacy and the Human Element
October 17: Julia Powles — AI: The Stories We Weave; The Questions We Leave
October 10: Andy Gersick — Can We Have Honesty, Civility, and Privacy Online? Implications from Evolutionary Theories of Animal and Human Communication
October 3: Eli Siems — The Case for a Disparate Impact Regime Covering All Machine-Learning Decisions
September 26: Ari Waldman — Privacy's False Promise
September 19: Marijn Sax — Targeting Your Health or Your Wallet? Health Apps and Manipulative Commercial Practices
September 12: Mason Marks — Algorithmic Disability Discrimination
 

Spring 2018

May 2: Ira Rubinstein — Article 25 of the GDPR and Product Design: A Critical View [with Nathan Good and Guilermo Monge, Good Research]
April 25: Elana Zeide — The Future Human Futures Market
April 18: Taylor Black — Performing Performative Privacy: Applying Post-Structural Performance Theory for Issues of Surveillance Aesthetics
April 11: John Nay — Natural Language Processing and Machine Learning for Law and Policy Texts
April 4: Sebastian Benthall — Games and Rules of Information Flow
March 28: Yann Shvartzshanider and Noah Apthorpe — Discovering Smart Home IoT Privacy Norms using Contextual Integrity    
February 28: Thomas Streinz — TPP’s Implications for Global Privacy and Data Protection Law
February 21: Ben Morris, Rebecca Sobel, and Nick Vincent — Direct-to-Consumer Sequencing Kits: Are Users Losing More Than They Gain?
February 14: Eli Siems — Trade Secrets in Criminal Proceedings: The Battle over Source Code Discovery
February 7: Madeline Bryd and Philip Simon — Is Facebook Violating U.S. Discrimination Laws by Allowing Advertisers to Target Users?
January 31: Madelyn Sanfilippo — Sociotechnical Polycentricity: Privacy in Nested Sociotechnical Networks 
January 24: Jason Schultz and Julia Powles — Discussion about the NYC Algorithmic Accountability Bill

Fall 2017

November 29: Kathryn Morris and Eli Siems — Discussion of Carpenter v. United States
November 15:Leon Yin — Anatomy and Interpretability of Neural Networks
November 8: Ben Zevenbergen — Contextual Integrity for Password Research Ethics?
November 1: Joe Bonneau — An Overview of Smart Contracts
October 25: Sebastian Benthall — Modeling Social Welfare Effects of Privacy Policies
October 18: Sue Glueck — Future-Proofing the Law
October 11: John Nay — Algorithmic Decision-Making Explanations: A Taxonomy and Case Study
October 4:Finn Bruton — 'The Best Surveillance System we Could Imagine': Payment Networks and Digital Cash
September 27: Julia Powles — Promises, Polarities & Capture: A Data and AI Case Study
September 20: Madelyn Rose Sanfilippo AND Yafit Lev-Aretz — Breaking News: How Push Notifications Alter the Fourth Estate
September 13: Ignacio Cofone — Anti-Discriminatory Privacy
 

Spring 2017

April 26: Ben Zevenbergen — Contextual Integrity as a Framework for Internet Research Ethics
April 19: Beate Roessler — Manipulation
April 12: Amanda Levendowski — Conflict Modeling
April 5: Madelyn Sanfilippo — Privacy as Commons: A Conceptual Overview and Case Study in Progress
March 29: Hugo Zylberberg — Reframing the fake news debate: influence operations, targeting-and-convincing infrastructure and exploitation of personal data
March 22: Caroline Alewaerts, Eli Siems and Nate Tisa will lead discussion of three topics flagged during our current events roundups: smart toys, the recently leaked documents about CIA surveillance techniques, and the issues raised by the government’s attempt to obtain recordings from an Amazon Echo in a criminal trial. 
March 8: Ira Rubinstein — Privacy Localism
March 1: Luise Papcke — Project on (Collaborative) Filtering and Social Sorting
February 22: Yafit Lev-Aretz and Grace Ha (in collaboration with Katherine Strandburg) — Privacy and Innovation     
February 15: Argyri Panezi — Academic Institutions as Innovators but also Data Collectors - Ethical and Other Normative Considerations
February 8: Katherine Strandburg — Decisionmaking, Machine Learning and the Value of Explanation
February 1: Argyro Karanasiou — A Study into the Layers of Automated Decision Making: Emergent Normative and Legal Aspects of Deep Learning
January 25: Scott Skinner-Thompson — Equal Protection Privacy
 

Fall 2016

December 7: Tobias Matzner — The Subject of Privacy
November 30: Yafit Lev-Aretz — Data Philanthropy
November 16: Helen Nissenbaum — Must Privacy Give Way to Use Regulation?
November 9: Bilyana Petkova — Domesticating the "Foreign" in Making Transatlantic Data Privacy Law
November 2: Scott Skinner-Thompson — Recording as Heckling
October 26: Yan Shvartzhnaider — Learning Privacy Expectations by Crowdsourcing Contextual Informational Norms
October 19: Madelyn Sanfilippo — Privacy and Institutionalization in Data Science Scholarship
October 12: Paula Kift — The Incredible Bulk: Metadata, Foreign Intelligence Collection, and the Limits of Domestic Surveillance Reform
October 5: Craig Konnoth — Health Information Equity
September 28: Jessica Feldman — the Amidst Project
September 21: Nathan Newman — UnMarginalizing Workers: How Big Data Drives Lower Wages and How Reframing Labor Law Can Restore Information Equality in the Workplace
September 14: Kiel Brennan-Marquez — Plausible Cause
 

Spring 2016

April 27: Yan Schvartzschnaider — Privacy and loT AND Rebecca Weinstein - Net Neutrality's Impact on FCC Regulation of Privacy Practices
April 20: Joris van Hoboken — Privacy in Service-Oriented Architectures: A New Paradigm? [with Seda Gurses]
April 13: Florencia Marotta-Wurgler — Who's Afraid of the FTC? Enforcement Actions and the Content of Privacy Policies (with Daniel Svirsky)
April 6: Ira Rubinstein — Big Data and Privacy: The State of Play
March 30: Clay Venetis — Where is the Cost-Benefit Analysis in Federal Privacy Regulation?
March 23: Diasuke Igeta — An Outline of Japanese Privacy Protection and its Problems; Johannes Eichenhofer — Internet Privacy as Trust Protection
March 9: Alex Lipton — Standing for Consumer Privacy Harms
March 2: Scott Skinner-Thompson — Pop Culture Wars: Marriage, Abortion, and the Screen to Creed Pipeline [with Professor Sylvia Law]
February 24: Daniel Susser — Against the Collection/Use Distinction
February 17: Eliana Pfeffer — Data Chill: A First Amendment Hangover
February 10: Yafit Lev-Aretz — Data Philanthropy
February 3: Kiel Brennan-Marquez — Feedback Loops: A Theory of Big Data Culture
January 27: Leonid Grinberg — But Who BLocks the Blockers? The Technical Side of the Ad-Blocking Arms Race
 

Fall 2015

Spring 2015

Fall 2014

Spring 2014

Fall 2013

Spring 2013

Fall 2012