Catherine M. Sharkey (NYU School of Law) has posted “Personalized Damages” (U. Chi. L. Rev. Online 2022) on SSRN. Here is the abstract:
In Personalized Law: Different Rules for Different People, Professors Omri Ben-Shahar and Ariel Porat imagine a brave new tort world wherein the ubiquitous reasonable person standard is replaced by myriad personalized “reasonable you” commands. Ben-Shahar’s and Porat’s asymmetrical embrace of personalized law—full stop for standards of care, near rejection for damages—raises four issues, not sufficiently taken up in the book. First, the authors equivocate too much with regard to the purposes of tort law; ultimately, if and when forced to choose, law-and-economics deterrence-based theory holds the most promise for modern tort law. Second, the damage-uniformity approach clearly dominates the status quo of “crude” personalization. Third, via a deterrence lens that eschews “misalignments” in tort law, a personalized standard of care necessitates personalized damages. Fourth, the true benefit of an ideal personalized damages regime might be further uncovering the root cause of racial and gender disparities in status quo tort damages. Paradoxically, ideal personalization might then reinforce the damage-uniformity approach.
Maria Lillà Montagnani (Bocconi University – Department of Law) and Mark Verstraete (UCLA School of Law) have posted “What Makes Data Personal?” (UC Davis Law Review, Vol. 56, No. 3, Forthcoming 2023) on SSRN. Here is the abstract:
Personal data is an essential concept for information privacy law. Privacy’s boundaries are set by personal data: for a privacy violation to occur, personal data must be involved. And an individual’s right to control information extends only to personal data. However, current theorizing about personal data is woefully incomplete. In light of this incompleteness, this Article offers a new conceptual approach to personal data. To start, this Article argues that personal data is simply a legal construct that describes the set of information or circumstances where an individual should be able to exercise control over a piece of information.
After displacing the mythology about the naturalness of personal data, this Article fashions a new theory of personal data that more adequately tracks when a person should be able to control specific information. Current approaches to personal data rightly examine the relationship between a person and information; however, they misunderstand what relationship is necessary for legitimate control interests. Against the conventional view, this Article suggests that how the information is used is an indispensable part of the analysis of the relationship between a person and data that determines whether the data should be considered personal. In doing so, it employs the philosophical concept of separability as a method for making determinations about which uses of information are connected to a person and, therefore, should trigger individual privacy protections and which are not.
This framework offers a superior foundation to extant theories for capturing the existence and scope of individual interests in data. By doing so, it provides an indispensable contribution for crafting an ideal regime of information governance. Separability enables privacy and data protection laws to better identify when a person’s interests are at stake. And further, separability offers a resilient normative foundation for personal data that grounds interests of control in a philosophical foundation of autonomy and dignity values—which are incorrectly calibrated in existing theories of personal data. Finally, this Article’s reimagination of personal data will allow privacy and data protection laws to more effectively combat modern privacy harms such as manipulation and inferences.
Gregory M. Dickinson (St. Thomas University – School of Law; Stanford Law School) has posted “The Internet Immunity Escape Hatch” (47 BYU L. Rev. 1435 (2022)) on SSRN. Here is the abstract:
Internet immunity doctrine is broken, and Congress is helpless. Under Section 230 of the Communications Decency Act of 1996, online entities are absolutely immune from lawsuits related to content authored by third parties. The law has been essential to the internet’s development over the last twenty years, but it has not kept pace with the times and is now deeply flawed. Democrats demand accountability for online misinformation. Republicans decry politically motivated censorship. And all have come together to criticize Section 230’s protection of bad-actor websites. The law’s defects have put it at the center of public debate, with more than two dozen bills introduced in Congress in the last year alone.
Despite widespread agreement on basic principles, however, legislative action is unlikely. Congress is deadlocked, unable to overcome political polarization and keep pace with technological change. Rather than add to the sizeable literature proposing changes to the law, this Article asks a different question—how to achieve meaningful reform despite a decades-old statute and a Congress unable to act. Even without fresh legislation, reform is possible via an unlikely source: the Section 230 internet immunity statute that is already on the books. Because of its extreme breadth, Section 230 grants significant interpretive authority to the state and federal courts charged with applying the statute. This Article shows how, without any change to the statute, courts could press forward with the very reforms on which Congress has been unable to act.
Selcukhan Unekbas (European University Institute – Department of Law) has posted “Competition, Privacy, and Justifications: Invoking Privacy to Justify Abusive Conduct under Article 102 TFEU” (Journal of Law, Market & Innovation, forthcoming) on SSRN. Here is the abstract:
This Article aims to delineate the extent to which potentially anticompetitive behavior that simultaneously improve user privacy are cognizable as efficiencies or objective justifications within the context of unilateral conduct cases in European competition law. After mapping the existing literature, it moves on to discuss whether the decisional guidance of the European Commission, as well as the case law of the Union Courts, allow the invocation of privacy as proper grounds to mount a defense against abusive practices. In order to concretize the theoretical discussions, the Article focuses on two recent and highly-relevant developments: Apple’s App-Tracking Transparency initiative, and Google’s unveiling of the Privacy Sandbox. It finds that the state of the law pertaining to the second stage of an abuse case is underdeveloped and is in need of clarification. Nevertheless, considering the recent developments surrounding European competition law in general, and the digital transformation in particular, both efficiencies and objective justifications are likely to find room for application in the digital economy. Whereas efficiencies must be evaluated within the context of substantive symmetry, legal coherence, and economic considerations in a manner that caters to consumer choice, objective justifications may give rise to unintended consequences resulting from judicial and legislative developments. Overall, it is apparent that the case law provides valuable insights as to the implementation of efficiency arguments and objective justifications, but the concepts are nonetheless in need of further analysis vis-à-vis the latest jurisprudence and legislative developments. In that regard, the Article highlights several points of potential contention in the near future.
Gabriele Mazzini (European Commission) and Salvatore Scalzo (same) have posted “The Proposal for the Artificial Intelligence Act: Considerations around Some Key Concepts” on SSRN. Here is the abstract:
The proposal for the Artificial Intelligence (“AI”) Act has broken new ground in many respects. Most visibly, the proposal introduces the first comprehensive draft regulatory framework for AI in the EU and, for the time being, on a global level. In addition, the proposal contains several innovative approaches linked to the specificities of its subject matter and to the fact that it has to interact as smoothly as possible with a very wide range of existing legal frameworks in the EU.
A number of important choices were therefore made to ensure that the AI Act could meet quite unprecedented challenges. The paper aims to briefly outline some of those choices with the hope to help facilitating the understanding of the overall logic of the proposal and it is structured as follows.
After some introductory statements, section II explains the classification of AI systems as products. Section III delves into the essential features of the so-called New Legislative Framework (NLF), a well-known and experimented type of EU legislation that constitutes the fundamental regulatory model of the AI Act. This section also highlights certain adaptations made to the NLF tools in order to take into account certain specificities of AI systems. Having clarified the philosophy behind and the core architecture of the AI Act, section IV discusses briefly how that architecture has been shaped by a number of important points of contact (at times real “interlocks”) between the AI Act and other existing or proposed EU legal acts beyond the realm of NLF product legislation.