Paul M. Schwartz

Property, Privacy, and Personal Data

Modern computing technologies and the Internet have generated the capacity to gather, manipulate, and share massive quantities of data; this capacity, in turn, has spawned a booming trade in personal information. Even as it promises new avenues for the creation of wealth, this controversial new market also raises significant concerns for individual privacy-consumers and citizens are often unaware of, or unable to evaluate, the increasingly sophisticated methods devised to collect information about them. This Article develops a model of propertized personal information that responds to these serious concerns about privacy. It begins this task with a description and an analysis of several emerging technologies that illustrate both the promise and peril of the commodification of personal data. This Article also evaluates the arguments for and against a market in personal data, and concludes that while free alienability arguments are insufficient to justify unregulated trade in personal information, concerns about market failure and the publics interest in a protected privacy commons are equally insufficient to justify a ban on the trade. This Article develops the five critical elements of a model for propertized personal information that would help fashion a market that would respect individual privacy and help maintain a democratic order. These five elements are: limitations on an individuals right to alienate personal information; default rules that force disclosure of the terms of trade; a right of exit for participants in the market; the establishment of damages to deter market abuses; and institutions to police the personal information market and punish privacy violations. Finally, this Article returns to examples of technologies already employed in data trade and discusses how this proposed model would apply to them.

Prosser's Privacy and the German Right of Personality: Are Four Privacy Torts Better than One Unitary Concept?

After fifty years, William Prosser’s essay “Privacy” rests securely in the canon of classic American law review articles. Today, Prosser’s verdict on the momentous article by Samuel Warren and Louis Brandeis can fittingly be applied to his own work: “It has come to be regarded as the outstanding example of the influence of legal periodicals upon the American law.” At the fiftieth anniversary of Prosser’s “Privacy,” this article takes a comparative approach in assessing his accomplishments. Germany’s legal system offers a fitting point of comparison because of its well-developed privacy law as well as its rich media landscape with similar kinds of invasions of privacy. Moreover, both the United States and Germany share the same Western cultural focus regarding the importance of the individual and the significance of permitting each person to use self-determination in forming her life. We argue that Prosser built on the earlier work by Warren and Brandeis to operationalize their central insight into terms that the U.S. legal system could easily adopt. Prosser also decided that the common law privacy cases were not tightly linked to each other in a conceptual fashion, but rather were “a complex of four distinct and loosely related torts.” The splintering of the privacy tort was a highly significant and profoundly creative jurisprudential choice. Yet, there is a road not taken in American privacy law – that of a right of personality. The idea behind such a right is that each person, as a unique and self-determining entity, is due certain kinds of protection. This Article explores the development and current status of the right of personality in Germany. German law views the privacy tort as safeguarding an interest that rests on human dignity. Thus, while there is one unitary concept of tort privacy in Germany, more than four categories follow from it. Nonetheless, many of the resulting categories can be placed into the Prosser categories. In other words, there has been a fair amount of convergence between the two legal systems. Another aspect of the convergence concerns judicial methodology. German courts engage in a balancing approach that is quite similar to the tack of American courts. There are also significant differences between the approaches in the Germany and the United States. One highly significant difference is that German personality rights have a constitutional aspect. As a result, they apply to the behavior of both the government and private parties. Another difference is that German law does not balance interests in cases that involve “a core area of life formation.” In these cases, the court conducts a necessary examination of whether a “significant impact” on the core interest took place. If such an impact occurred, the court must protect the individual against the violation of her interests. Information about the core area of private life is subject to absolute protection. In the article’s final Part, it considers the present and future status of tort privacy in Germany and the United States and the relative merits of the two approaches. We conclude by discussing the question posed in this Article’s subtitle: are four privacy torts better than one? The answer turns, however, on the role that each legal form plays in its respective legal system and underlying culture. Our approach is to consider the different legal and cultural functions served by the different forms of the privacy tort in the United States and Germany.

Reconciling Personal Information in theUnited States and European Union

U.S. and EU privacy law diverge greatly. At the foundational level, they differ in their underlying philosophy: In the United States, privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the European Union, privacy is hailed as a fundamental right that can trump other interests. Even at the threshold level—determining what information is covered by the regulation—the United States and European Union differ significantly. The existence of personal information— commonly referred to as “personally identifiable information” (PII)—triggers the application of privacy law. The U.S. and the European Union define this essential term of privacy law quite differently. The U.S. approach involves multiple and inconsistent definitions of PII that are often particularly narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it threatens the stability of existing policy mechanisms for permitting international data flows.

Warrantless Wiretapping, FISA Reform, and the Lessons of Public Liberty: A Comment on Holmes' Jorde Lecture

This Essay responds to Stephen Holmes’ Jorde Lecture, which was delivered at Boalt Hall on November 5, 2007. It builds on his model of “public liberty” by discussing how private liberty, and information privacy in particular, is a precondition for public liberty. For Holmes, private liberty is largely a negative right - a right to be free from governmental interference. In contrast, this Essay considers privacy to be an element of public rights. Participation in a democracy requires individuals to have an underlying capacity for self-determination, which requires some personal privacy.This Essay analyzes a number of Holmesian concepts through the lens of the recent amendment of the Foreign Intelligence Surveillance Act (FISA). In Part I, I describe the background of FISA, the National Security Agency’s (NSA) warrantless surveillance program in violation of this statute, and the amendments to this law in the Protect America Act of 2007, a short term statutory “fix” that has expired, and the FISA Amendments Act of 2008, which remains in effect. In Part II, I turn to an analysis of the challenges to private and public liberty posed by the NSA’s surveillance. I organize this Part around three topics: (1) past wisdom as codified in law; (2) the impact of secrecy on government behavior; and (3) institutional lessons. As we shall see, a Holmesian search for the wisdom previously collected in law proves quite difficult. FISA regulated some aspects of intelligence gathering and left the intelligence community entirely free to engage in others. Over time, moreover, technological innovations and altered national security concerns transformed the implications of the past policy landscape. As a result, the toughest questions, which concern surveillance of foreign-to-domestic communications, do not receive an easy answer from the past. Regarding the impact of secrecy on government behavior, the analysis is, at least initially, more straightforward. As Holmes discusses, the Bush administration was adept at keeping secrets not only from the public and other branches of government, but from itself. It is also striking how little Congress knew about NSA activities while amending FISA. The larger lessons, however, prove yet more complicated: strong structural and political factors are likely to limit the involvement of Congress and courts in this area. This Essay concludes by confronting these institutional lessons and evaluating elements of a response that would improve the government’s performance by crafting new informational and deliberative structures for it.

Privacy Inalienability and Personal Data Chips

Even as new possibilities for trade in personal information promise new avenues for the creation of wealth, this controversial market raises significant concerns for individual privacy-consumers and citizens are often unaware of, or unable to evaluate, the increasingly sophisticated methods devised to collect information about them. This Essay develops a model of propertized personal information that responds to concerns about privacy and evaluates it in the context of tracking chips. It sets out the five critical elements of such a model, which is intended to fashion a market for data trade that respects individual privacy and helps maintain a democratic order. These five elements are: limitations on an individual’s right to alienate personal information; default rules that force disclosure of the terms of trade; a right of exit for participants in the market; the establishment of damages to deter market abuses; and institutions to police the personal information market and punish privacy violations.

Datentreuhändermodelle – Sicherheit vor Herausgabeverlangen US-amerikanischer Behörden und Gerichte?

̧ Professor Paul M. Schwartz ist Jefferson E. Peyser Professor of Law an der Berkeley Law School und Direktor des Berkeley Center for Law & Technology an der U.C. Berkeley Law School. Professor Dr. Karl-Nikolaus Peifer ist Direktor des Instituts für Medienrecht und Kommunikationsrecht der Universität zu Köln und Richter am OLG Köln. Die Forschungen zu diesem Beitrag wurden unterstützt durch die Microsoft Corp. Der vorliegende Beitrag untersucht, welchen Stellenwert europäische Datenschutzvorschriften gegenüber extraterritorial wirkenden Herausgabeverlangen hat und ob eine Datentreuhänderkonstruktion, wie sie die Microsoft-Gruppe (auch) als Reaktion auf die erstinstanzliche Entscheidung im Microsoft-Ireland-Fall eingeführt hat, Einfluss auf die Abwehr extraterritorial wirkender Herausgabeverlangen hat. Es wird sich zeigen, dass die Bedeutung solcher Treuhandmodelle über die konkrete Fallsituation in der erwähnten Entscheidung hinausgeht und die Rechtslage zugunsten des Service Providers immer dann verbessert, wenn eine Abwägung zwischen Herausgabeinteressen und Abwehrinteressen nach USamerikanischen Vorschriften vor den US-Gerichten erforderlich ist.

Law and technology Keeping track of telecommunications surveillance

The creation of a statistical index of U.S. telecommunications surveillance activities and their results will benefit both civil liberties and law enforcement.