Prerequisites: None

Exam Type: No Exam

Today’s digital economy relies on the collection, analysis, sale, and monetization of consumers’ personal data. Every time consumers pick up their smartphones, go on the internet, drive, shop, walk in public, or just sit quietly in their homes, they disclose sensitive data about themselves to a vast digital ecosystem that exists to collect and monetize it. These innovative technologies yield tremendous potential, but present serious privacy concerns and unknown risks. There is no general state or federal law that confers a “right to data privacy” on the internet. In this absence, State Attorneys General have stepped up as the “cops on the beat,” using their traditional consumer protection powers to try to balance the playing field between consumers and corporate players in the digital marketplace and hold companies responsible for failing to protect the privacy of consumers’ data. But are state consumer protection laws, many decades-old, up to the task? What should be the “rules of the road” for data use, and is state law, or any law, the right way to establish them? What kind of privacy harm should be cognizable, and how does it get determined, measured, prevented, and redressed?

In this reading group, we will examine the existing data privacy and security regulatory landscape, the role of State Attorneys Generals and state consumer protection law, and its interaction with federal legislative efforts. Drawing from past settlements, key cases, and state and federal regulations and law, discussants will analyze data privacy and cybersecurity problems pulled from the headlines and discuss and propose various approaches that a regulator might take to solve them.

Note: This reading group will meet 9/16, 9/30, 10/14, 10/28, 11/11, 12/2.