Marc Rotenberg - Academia.edu (original) (raw)
Papers by Marc Rotenberg
European Law Journal, 2020
When the Court of Justice announced the judgment in Schrems I, commentators described the outcome... more When the Court of Justice announced the judgment in Schrems I, commentators described the outcome as an "earthquake" that tossed aside the fragile legal framework for transatlantic data flows known as the "Safe Harbor". The judgment of the Court in Schrems II has now toppled the second framework, the "Privacy Shield". In this article, I restate recommendations to the US Congress following the first Schrems judgment: (1) enact a comprehensive privacy law, (2) establish an independent data protection agency, and (3) ratify Council of Europe Convention 108. But I also explain that the United States and Europe are more aligned today in the common enterprise of data protection than they were five years ago, as the backdrop has shifted from the disclosures of Edward Snowden to the surveillance ambitions of the Chinese government. A common approach is therefore in the interests of these two key trading partners. There is also today shared urgency in strengthening the foundations of democratic institutions. 1 | SCHREMS I I testified before the United States Congress in 2015 after the first Schrems judgment. 1 In my statement I explained that the judgment of the Court of Justice was not surprising. For many years, scholars, members of the European Parliament and consumer groups on both sides of the Atlantic had expressed concern about the Safe Harbor framework, the legal basis for the transfer of personal data of Europeans to the United States. From the perspective of Europeans, the data transfer agreement failed to provide the protections otherwise afforded by the EU Data Protection Directive (which would become the General Data Protection Regulation). 2 The shortcoming of Safe Harbor
ACM SIGCAS Computers and Society, 1990
European Data Protection Law Review, 2017
Law, Governance and Technology Series, 2016
The enforcement of rights is a critical requirement of privacy law. Absent actual enforcement, th... more The enforcement of rights is a critical requirement of privacy law. Absent actual enforcement, there is little meaningful incentive for companies to comply with privacy requirements. Enforcement also helps to ensure that the individuals whose privacy is placed at risk are fairly compensated. In matters involving a large number of consumers, providing a remedy to all users affected by a company’s practice is difficult and often times inefficient. For this reason, courts in the US provide for “class action litigation”, lawsuits brought on behalf of a large number of individuals in similar circumstances. The theory is that it is more efficient to merge all of the individual suits that might otherwise be brought. But class action litigation has its own shortcomings. Attorneys who represent the class members frequently settle these cases with the companies and agree to terms that provide benefits to the company, such as eliminating the possibility of all future lawsuits, and sacrifice the benefits that the individuals who they purport to represent might otherwise achieve. US courts are sensitive to the problem of collusion between the lawyers in class action settlements and have increasingly scrutinised these agreements to ensure that the settlements protect the interests of class members and are consistent with the purposes for which the lawsuit was brought. In the area of consumer privacy, the problem is particularly serious with class action attorneys increasingly trading the privacy rights of Internet users for their own private benefit. As a consequence, US consumer privacy organisations are challenging the settlements and turning to the Federal Trade Commission and others to block their adoption. In this article, the authors recommend that the US courts continue to closely scrutinise these agreements for fairness to the class members. Regarding the allocation of funds from such settlements, the authors propose that courts adopt objective criteria to ensure that the monies will be distributed for purposes that serve the interests of the class and are consistent with the reason for the litigation. The authors contend that these factors are the fundamental requirements for cy pres allocations.
Harvard International Review, 2014
The author presents a discussion on information privacy in the U.S. and Europe. Topics include th... more The author presents a discussion on information privacy in the U.S. and Europe. Topics include the improvement of modern privacy law, the condition of mass surveillance in the U.S. following the disclosure of government surveillance program by former American defense contract worker and whistleblower Edward Snowden, and the response of U.S. President Barack Obama to the concerns raised by the public, both in the U.S. and Europe, on information privacy
SSRN Electronic Journal, 2006
... Since the establishment of the office of Chief Privacy Office, three individuals have served.... more ... Since the establishment of the office of Chief Privacy Office, three individuals have served. Secretary of Homeland Security Tom Ridge named Nuala O'Connor Kelley on April 16, 2003. Ms. O'Connor Kelly had previously served as legal counsel for ...
Index on Censorship, 2011
What does a corporation have in common with a person? Marc Rotenberg examines a test case for tra... more What does a corporation have in common with a person? Marc Rotenberg examines a test case for transparency in the US
Computerization and Controversy, 1996
Proceedings of the second conference on Computers, freedom and privacy - CFP '92, 1992
The Journal of Academic Librarianship, 1998
The Journal of Academic Librarianship, 1994
... of pin acy inquiries The Electronic Pw acy Information Center (EPIC t recently held a confere... more ... of pin acy inquiries The Electronic Pw acy Information Center (EPIC t recently held a conference on cryptography and pt macy issues Whitfield Ditt e ... the Protection o/ Personal Data in the Contrit of Public Digital Telee otnnitonc anon Nerii or i 1 199'' 1 11 Eli Noam Special Report ...
Government Information Quarterly, 1996
Government Information Quarterly, 1991
Computers & Security, 1992
Most US banks arc international so they may offer this covcragc to their foreign branches." Compu... more Most US banks arc international so they may offer this covcragc to their foreign branches." Computer Weekly, April 9, 1992, p. 3. Viral Mind Games. Word has spread of a new Macintosh virus, Code 252, which can destroy the System 7.0 operating system and other system files. Thcrc have been limited sightings of the virus in the US, giving rise to system crashes and boot failures. One source commcntcd that the current version of Gatckccpcr can detect Code 252. Computerworld, April 27, 1992, p. 114.
Computer Law & Security Review, 1998
Abstract The following is the paper Marc Rotenberg of the Electronic Privacy Information Center i... more Abstract The following is the paper Marc Rotenberg of the Electronic Privacy Information Center in Washington, DC gave at the 19th International Conference on Data Protection, which took place in Brussels in September 1997. In it he discusses the different approach to privacy taken in both Europe and the United States and the possible way forward.
Communications of the ACM, 2006
A ccording to the report of the 9/11 Commission , all but one of the 9/11 hijackers acquired some... more A ccording to the report of the 9/11 Commission , all but one of the 9/11 hijackers acquired some form of U.S. identification, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other activities. As a result, the Commission and some lawmakers concluded it was necessary for the federal government to set technical standards for the issuance of birth certificates and sources of identification, such as driver's licenses. The result was the Real ID Act of 2005. The new law states that beginning in 2008, " a Federal agency may not accept, for any official purpose, a driver's license or identification card issued by a State to any person unless the State is meeting the requirements of this section. " This means the Department of Homeland Security will issue the technical standards for the issuance of the state driver's license. The practical impact, as CNET explained, is that " Starting three years from now, if you live or work in the United States, you'll need a federally approved ID card to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service. " And even some of the more conservative commentators in the U.S. have expressed concerns about " mission creep. " Several objections have been raised about the plan, including privacy and cost, but the most significant concern may be security. As Bruce Schneier has explained, " The biggest risk of a national ID system is the database. Any national ID card assumes the existence of a national database…large databases always have errors and outdated information. " Even if the identity documents are maintained in the states, problems are likely. One example concerns the vulnerability of the state agencies that collect the personal information used to produce the license. In 2005, the burglary of a Las Vegas Department of Motor Vehicles put thousands of driver's license holders at risk for identity theft. The information of at least 8,738 license and ID card holders was stolen, and reports of identity theft have already surfaced. Another report uncovered 10 " license-for-bribe " schemes in state DMVs in 2004. Not surprisingly, the administrators of the state license systems are among those most concerned about the proposal. As the director of Driver Services in Iowa said, " It's one thing to present a …
Communications of the ACM, 1993
European Law Journal, 2020
When the Court of Justice announced the judgment in Schrems I, commentators described the outcome... more When the Court of Justice announced the judgment in Schrems I, commentators described the outcome as an "earthquake" that tossed aside the fragile legal framework for transatlantic data flows known as the "Safe Harbor". The judgment of the Court in Schrems II has now toppled the second framework, the "Privacy Shield". In this article, I restate recommendations to the US Congress following the first Schrems judgment: (1) enact a comprehensive privacy law, (2) establish an independent data protection agency, and (3) ratify Council of Europe Convention 108. But I also explain that the United States and Europe are more aligned today in the common enterprise of data protection than they were five years ago, as the backdrop has shifted from the disclosures of Edward Snowden to the surveillance ambitions of the Chinese government. A common approach is therefore in the interests of these two key trading partners. There is also today shared urgency in strengthening the foundations of democratic institutions. 1 | SCHREMS I I testified before the United States Congress in 2015 after the first Schrems judgment. 1 In my statement I explained that the judgment of the Court of Justice was not surprising. For many years, scholars, members of the European Parliament and consumer groups on both sides of the Atlantic had expressed concern about the Safe Harbor framework, the legal basis for the transfer of personal data of Europeans to the United States. From the perspective of Europeans, the data transfer agreement failed to provide the protections otherwise afforded by the EU Data Protection Directive (which would become the General Data Protection Regulation). 2 The shortcoming of Safe Harbor
ACM SIGCAS Computers and Society, 1990
European Data Protection Law Review, 2017
Law, Governance and Technology Series, 2016
The enforcement of rights is a critical requirement of privacy law. Absent actual enforcement, th... more The enforcement of rights is a critical requirement of privacy law. Absent actual enforcement, there is little meaningful incentive for companies to comply with privacy requirements. Enforcement also helps to ensure that the individuals whose privacy is placed at risk are fairly compensated. In matters involving a large number of consumers, providing a remedy to all users affected by a company’s practice is difficult and often times inefficient. For this reason, courts in the US provide for “class action litigation”, lawsuits brought on behalf of a large number of individuals in similar circumstances. The theory is that it is more efficient to merge all of the individual suits that might otherwise be brought. But class action litigation has its own shortcomings. Attorneys who represent the class members frequently settle these cases with the companies and agree to terms that provide benefits to the company, such as eliminating the possibility of all future lawsuits, and sacrifice the benefits that the individuals who they purport to represent might otherwise achieve. US courts are sensitive to the problem of collusion between the lawyers in class action settlements and have increasingly scrutinised these agreements to ensure that the settlements protect the interests of class members and are consistent with the purposes for which the lawsuit was brought. In the area of consumer privacy, the problem is particularly serious with class action attorneys increasingly trading the privacy rights of Internet users for their own private benefit. As a consequence, US consumer privacy organisations are challenging the settlements and turning to the Federal Trade Commission and others to block their adoption. In this article, the authors recommend that the US courts continue to closely scrutinise these agreements for fairness to the class members. Regarding the allocation of funds from such settlements, the authors propose that courts adopt objective criteria to ensure that the monies will be distributed for purposes that serve the interests of the class and are consistent with the reason for the litigation. The authors contend that these factors are the fundamental requirements for cy pres allocations.
Harvard International Review, 2014
The author presents a discussion on information privacy in the U.S. and Europe. Topics include th... more The author presents a discussion on information privacy in the U.S. and Europe. Topics include the improvement of modern privacy law, the condition of mass surveillance in the U.S. following the disclosure of government surveillance program by former American defense contract worker and whistleblower Edward Snowden, and the response of U.S. President Barack Obama to the concerns raised by the public, both in the U.S. and Europe, on information privacy
SSRN Electronic Journal, 2006
... Since the establishment of the office of Chief Privacy Office, three individuals have served.... more ... Since the establishment of the office of Chief Privacy Office, three individuals have served. Secretary of Homeland Security Tom Ridge named Nuala O'Connor Kelley on April 16, 2003. Ms. O'Connor Kelly had previously served as legal counsel for ...
Index on Censorship, 2011
What does a corporation have in common with a person? Marc Rotenberg examines a test case for tra... more What does a corporation have in common with a person? Marc Rotenberg examines a test case for transparency in the US
Computerization and Controversy, 1996
Proceedings of the second conference on Computers, freedom and privacy - CFP '92, 1992
The Journal of Academic Librarianship, 1998
The Journal of Academic Librarianship, 1994
... of pin acy inquiries The Electronic Pw acy Information Center (EPIC t recently held a confere... more ... of pin acy inquiries The Electronic Pw acy Information Center (EPIC t recently held a conference on cryptography and pt macy issues Whitfield Ditt e ... the Protection o/ Personal Data in the Contrit of Public Digital Telee otnnitonc anon Nerii or i 1 199'' 1 11 Eli Noam Special Report ...
Government Information Quarterly, 1996
Government Information Quarterly, 1991
Computers & Security, 1992
Most US banks arc international so they may offer this covcragc to their foreign branches." Compu... more Most US banks arc international so they may offer this covcragc to their foreign branches." Computer Weekly, April 9, 1992, p. 3. Viral Mind Games. Word has spread of a new Macintosh virus, Code 252, which can destroy the System 7.0 operating system and other system files. Thcrc have been limited sightings of the virus in the US, giving rise to system crashes and boot failures. One source commcntcd that the current version of Gatckccpcr can detect Code 252. Computerworld, April 27, 1992, p. 114.
Computer Law & Security Review, 1998
Abstract The following is the paper Marc Rotenberg of the Electronic Privacy Information Center i... more Abstract The following is the paper Marc Rotenberg of the Electronic Privacy Information Center in Washington, DC gave at the 19th International Conference on Data Protection, which took place in Brussels in September 1997. In it he discusses the different approach to privacy taken in both Europe and the United States and the possible way forward.
Communications of the ACM, 2006
A ccording to the report of the 9/11 Commission , all but one of the 9/11 hijackers acquired some... more A ccording to the report of the 9/11 Commission , all but one of the 9/11 hijackers acquired some form of U.S. identification, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other activities. As a result, the Commission and some lawmakers concluded it was necessary for the federal government to set technical standards for the issuance of birth certificates and sources of identification, such as driver's licenses. The result was the Real ID Act of 2005. The new law states that beginning in 2008, " a Federal agency may not accept, for any official purpose, a driver's license or identification card issued by a State to any person unless the State is meeting the requirements of this section. " This means the Department of Homeland Security will issue the technical standards for the issuance of the state driver's license. The practical impact, as CNET explained, is that " Starting three years from now, if you live or work in the United States, you'll need a federally approved ID card to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service. " And even some of the more conservative commentators in the U.S. have expressed concerns about " mission creep. " Several objections have been raised about the plan, including privacy and cost, but the most significant concern may be security. As Bruce Schneier has explained, " The biggest risk of a national ID system is the database. Any national ID card assumes the existence of a national database…large databases always have errors and outdated information. " Even if the identity documents are maintained in the states, problems are likely. One example concerns the vulnerability of the state agencies that collect the personal information used to produce the license. In 2005, the burglary of a Las Vegas Department of Motor Vehicles put thousands of driver's license holders at risk for identity theft. The information of at least 8,738 license and ID card holders was stolen, and reports of identity theft have already surfaced. Another report uncovered 10 " license-for-bribe " schemes in state DMVs in 2004. Not surprisingly, the administrators of the state license systems are among those most concerned about the proposal. As the director of Driver Services in Iowa said, " It's one thing to present a …
Communications of the ACM, 1993