Year: 2023

Events:

JSD Fellows Stav Zeitouni and Kat Geddes are leading an upper-level reading group called “Propertizing Intangibles in the Digital Age.” The group intends to explore the changes that laws dealing with intangibles have gone through in the digital age, focusing in particular on copyright. For example, digital rights management (DRM) emerged as a response to the erasure of physical constraints on copying brought about by digital technologies. More recently, data firms have found innovative ways to propertize and monetize data despite its intangibility and ambiguity around its copyrightability and patentability. These changes have long-lasting implications for how we think about property and how that’s reflected in the law and in its governance of intangibles. We will explore these themes through a mixture of academic and popular materials.

News:

On January 24, the Department of Justice Antitrust Division, along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia, filed a civil antitrust suit against Google in the Eastern District of Virginia. The complaint alleges that Google monopolized a number of key digital advertising technologies through an anticompetitive course of conduct over the last 15 years, allowing the company to take home on average 30% of all digital advertising revenue that uses their technologies. This is DOJ’s second antitrust suit against Google. The first suit, which alleges anticompetitive conduct in Google’s search function, is scheduled for trial in September 2023.

The National Institute of Standards and Technology (NIST) published a long-awaited Artificial Intelligence Risk Management Framework, directed at any organization or individual developing or using AI. The framework describes novel risks posed by AI and highlights core concepts for responsible AI including human centricity, social responsibility, and sustainability.

On January 26, the Office of the Privacy Commissioner of Canada announced the results of an investigation into Home Depot, finding that the company failed to obtain user consent before sharing personal data with Meta in violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), a Canadian law that applies to private-sector organizations that collect, use or disclose personal information in the course of a commercial activity.

Netflix announced that they will be cracking down on password-sharing in the U.S. starting in March 2023, reversing their previous approach which encouraged password-sharing as a form of free advertising. The company’s efforts to deter password-sharing in other countries has seen mixed results.

OpenAI has released a tool to detect when text has been generated by its own ChatGPT and GPT-3 AI tools. 

(Compiled by Student Fellow Talya Nevins)

The use and collection of voice data in general has been in the spotlight in part due to new Microsoft voice-cloning software called VALL-E . Privacy advocates have voiced worries that the VALL-E, Apple’s Siri, and Amazon’s Alexa could be utilized in ways that do not involve the consent of recorded individuals.

The Law and Political Economy (LPE) Project recently published an article by UC Hastings law professor Veena Dubal about the algorithmic gamification of work for gig workers; in this article, Dubal argues that companies’ algorithmic systems risk “undermining the possibility of economic stability and mobility through work by transforming the basic terms of how workers are paid.”

The European Court of Justice recently ruled that the right to access information under Article 15 of the GDPR requires that individuals whose data has been shared to certain recipients must be provided with the “actual identity of those recipients, unless it is impossible to identify those recipients or the controller demonstrates that the data subject’s requests for access are manifestly unfounded or excessive.” Because the ruling stipulates that providing general categories of recipients in response to a data request, rather than the identities of those recipients, is insufficient except in “exceptional cases,” European legal practitioners are now advising companies to “review their internal processes and their templates for responding to access requests so as to avoid fines and damages actions for failure to provide access.”

U.S. fast-food restaurant chain Chick-Fil-A was hit with a new privacy class-action lawsuit last week that alleges it shared personally identifiable information to Meta in violation of the Video Privacy Protection Act (VPPA).

The New York Police Department recently filmed concertgoers leaving a Drake concert in a manner that the Surveillance Technology Oversight Project called “highly concerning;” the NYPD said in a statement that this filming was intended purely for a future social media post on local events.

(Compiled by Student Fellow Cooper Aspegren)