Teaching Information Privacy @ SU Law
I just accepted a position at Seattle University Law teaching Information Privacy in the spring. This is a great opportunity to look at cutting edge privacy & technology issues from a policy and legal perspective with a group of motivated law students. SU is granting me opportunity to take the course in an interesting direction, it will be the first course at SU with an optional blogging component for students. I administered a student run blog at University of Washington’s iSchool in Winter quarter for IMT550: Law, Ethics Policy & Information Management that was very successful, and am curious to see how law students react to blogging compared to Masters students with an IT background. Was the positive involvement generational or related to tech literacy? Are law students more likely to publish publicly or privately? There are trade offs both ways, I enjoy the honesty that can come from private forums while also appreciate the professionalism many student put into public works.
The Information Privacy class I am teaching is a mix of old and new educational techniques. The class has a traditional legal focus covering the classics including Brandeis and Warren & Prosser and a fairly decent portion of case law, but will also adds in some components that I see as essential for being a lawyer in a digital age such as a focus on FTC cases, how the press reacts to privacy issues and international privacy law. When reconciling clients lawyers need to be aware of more then just risk of a law suit public image and ethics matter when you are charged with peoples personal information. The class will also be following recent events through privacy blogs, and focus on practical skills including giving a short 5 minute oral presentation and evaluating start up companies for potential privacy pitfalls.
I am posting the current draft syllabus here for comments and ideas.
Draft Syllabus v2:
This course examines legal and ethical issues related to information privacy, an individuals right to control his or her personal information held by others. Topics include:
- privacy policies (including ToS & EULA) contract law
- privacy rights as tort
- privacy rights as human rights
- privacy as copyright
- administrative Law w/ regards to privacy
- governmental surveillance and private tracking
- data portability v. privacy
- Information as an assets
- Users rights w/ regard to information
Upon completion of the course, students will be able to discuss orally and in writing:
- The major decisions, statutes, and international frameworks of information privacy law
- The “reasonable expectation of privacy” test and its various applications
- How to assess the privacy implications of new business practices and new government practices
- Technologies role in privacy protection
- The tension between privacy & transparency
- The tension between privacy & free speech
- The tension between privacy rights & information as an asset
- The role information professionals play in shaping modern privacy law & practices
This is not a lecture class, this is a discussion class with projects and presentations. All readings must be done before class. We will spend about half of each day working through concepts in the readings together in a Socratic dialogue, the other half of class will be spent on group activities, guest speakers or student presentations. I expect you and I to learn as much if not more from your fellow students as from the instructor. The questions in class will often have no right answers.
Course Schedule, Topics and Readings:
No text is required for this course. All readings are available online through this site or through the web. Beyond the required reading you would be well advised to keep up on current events related to the topics of this class. Some recent links & news stories will be distributed each week via email & the blog, and will be discussed up at the beginning of each class.
Week 1: Intro and Overview of Topics
Class 1: Course Overview, Blogging Assignments, Introductions & Preview of Issues. Be prepared to discuss what is privacy broadly and the difference between privacy & secrets.
- Brandeis and Warren, “The Right to Privacy” (1890)
Schneier Privacy and Control on originally appeared on Forbes.com
Cavoukian, Privacy in the Clouds (2008)
- “Privacy is a transaction cost” – Eric Bell
- Cory Doctorow – Privacy: Is it Time for A Revolution? 2008 (watch the 14min video)
Week 2 Sources of Privacy Law – Overview & Comparison
- Universal Declaration of Human Rights – Read all not just article 12
- Explore the Global Network Initiative website pay attention to http://www.globalnetworkinitiative.org/principles/index.php#19 – Read the GNI Wiki Primer
- ATJ – Technology Principles
- Statutes Federal – Child Online Protection Act COPA
- Statutes State Washington State Wiretapping – also Read Wash. Rev. Code § 9.73.030(1)
- International EU Data Directive
Week 3 Torts / NDA (cases to be added)
- Private Facts
- False Light
- Appropriation / Publicity
- Confidentiality (including NDA)
Week 4 1st Amendment tensions
- Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975)
- Hiibel v. Sixth Judicial District
- NAACP v.Alabama et seq.
- Case Law search in WA state currently before the Judaical Information Services Committee
Week 5: 4th Amendment
- Olmstead – wiretapping
- Katz v. US – Reasonable Expectation of Privacy
- US v. Karo 1984
- California v. Ciraolo 1986
- Kyllo v. US 2001 (Thermal imaging)
- Waldo, Lin & Millett, Eds., Engaging Privacy and Information Technology in a Digital Age (2007), ch. 1 – 3
- Nehf, Shopping for Privacy Online: Consumer Decision-Making Strategies and the Emerging Market for Information Privacy (2005)
- Database Nation – Who Owns Your Information?
- “Justifying Informational Privacy Rights.” San Diego Law Review 45 (spring 2008) Moore
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Possible Speaker from Health Vault
- The European Union Privacy Directive and Its Impact on the U.S. Privacy Protection Policy: A Year 2003 Perspective
Week 8: Current 4th Amendment special cases
Guest speaker – ACLU
- US v. Aukai – travel
- Chandler v. Miller – Drug testing & NTEU – v. Raab
Week 9: Policy Solutions & Statutes
- 1973: The Code of Fair Information Practice
- 1980: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
- p3p – a platform for privacy preferences
- Privacy Act and FOIA (still looking for reading and case)
- Video Privacy Act
- Identity Theft and Assumption Deterrence Act of 1998
Week 10: Privacy Policies Best & Worst Practices
- Haynes, Online Privacy Policies: Contracting Away Control over Personal Information (2007)
- CC-BY license Human Readable Deed & the CC-BY lawyer readable text
- Mozilla’s Drumbeat Privacy Icons
- EFF’s Terms of (Ab)use project
Week 11: Social Networks & FTC
- EPIC Facebook Complaint
- Evolution of Facebook from a private network to a public broadcast platform – Kai
- Foursquare Hack, Facebook private photo hack
Week 12: Protecting Children
- The Child Online Privacy Protection Act, 15 U.S.C. §§ 6501-6506, P.L. No. 105-277, 112 Stat. 2681-728.
- FTC’s COPPA Regulation, 64 Fed. Reg. 212.
- History of the ACT
- ACLU v. Mukasey 2009
Week 13: Google Book Settlement
- Laws for Libraries
- The settlement
- Current complaints filed
- Goggle’s policies
The final week is reserved for a more in depth look at any topics students want to explore along with student presentations not held in other classes.
RSS to Scan
Keep up on current events is essential to this class. Each class will begin with a review of recent news related to privacy. Here are a few sources to follow:
The Electronic Privacy Information Center’s Blog – EPIC.org
The Privacy Law Blog @ privacylaw.proskauer.com Large group law firm blog
Tech Dirt – Free Culture User Rights Slant – techdirt.com
New York Times Bits Blog- Main stream pop media perspective – bits.blogs.nytimes.com
DeepLinks – EFF – Digital Civil Rights eff.org/deeplinks
Assignments & Grading
Short Blogging Assignment:
Each student will write one short 150 to 300 word blog post on a current news items related to the class. The post must contain at least 3 links to relevant sources and one related image or other form of multi media. The post should also include at least one thought from the student about the news item. The next class after you post the short blog post be prepared to be questioned over this news item specifically.
This assignment may be completed in non public format on the class email list. Instead of posting the blog post to the class blog you post it to the class email list.
Long Blogging Assignment:
Each student will write one long 800 to 1500 word blog post on a topic covered in class. This serious reflection on a topic covered. The student needs to take a point of view and write in favor of against a rhetorical point made in class. The student is free to agree or disagree with points made in class and must reference the class readings. The logic and source cites used to defend the POV are of critical importance in this post.
The student must also find at least one other online source that disagrees with their POV on the same topic and respond to that source within the post. This assignment needs to show careful reflection on the topic and must engage viewpoints that agree and disagree with the authors perspective. This assignment may be completed in non public format. Instead of posting the blog post to the class blog you post it to the class email list.
Purpose: Integrate the topics and challenges of the class into a real world case study. Each group of 3 students will choose a real business to study their information privacy policies and challenges and make concrete suggestion for how to improve policies and avoid liability long term.
Each group must prepare a 10 to 20 page case study of the companies policies relating to topics covered in this class. This should include but is not limited to:
- Review of the companies TOS or EULA
- Review of privacy Policies
- Past handling of privacy concerns
- Assessment of private information that the company or service might be collecting and how that information should be handled as both an asset and a liability
- List of potential legal issues related to privacy
- Suggestion for improving the companies privacy policies and practices
This final group report should be of professional quality as if being presented to a chief Legal Officer & a Chief Information Office or other top level executives at the company you have been assigned to evaluate.
Groups must choose a company to evaluated by week three, an outline is due on week 7 and the final draft is due Thursday of week 13 by 5pm.
Each student must choose 1 topic covered in the class and prepare a 5 minute talk that explores that aspect of the class in more depth. Students may choose any topic covered including weekly news, short blog post, or long blog posts. The time limit on this talk is short, but do not think that this means the talk is easy. The talk should be concise, focused, informative and well practiced. The talk should include 2 to 20 visual aids or slides. Examples of short informative talks will be provided along with some basic speaking techniques. I take public speaking very seriously, anytime you have the undivided attention of a group of people you should prepare.
Each talk will also be followed by a Q&A section from the professor and class.
Each student is expected to participate in class discussion at least eight time through comments and questions in class or comments on the discussion board or on the blog. At least two of those times must be in class and two of them must be online (via the private email list or the public blog), the other four times are up to you and can be in either forum.
Class Participation: 15%
5 min Presentation 15%
Short Form Blog Post: 5%
Long Form Blog Post: 25%
Group Project: 40%
Evaluation of Student Work
You may expect to receive comments on and evaluations of assignments and submitted work in a timely fashion. All work from the course will be returned, with comments, within two weeks of being submitted.
For writing assignments, when ideas or materials of others are used, they must be cited using Blue Book for formal writing and best practices of web citation for online work. The format though is not as important as that the source material can be located and the citation verified. What is important is that the material be cited. Parallel citations to open access sources should be included when ever possible.
All of the expressions of ideas in this class that are fixed in any tangible medium such as digital and physical documents are covered by copyright law by default. These expressions include the work product of both: (1) your student colleagues; and, (2) your instructors (e.g., the syllabus, assignments, reading lists, and lectures).
All work product of your professor, Brian Rowe, are made available under the Creative Commons BY License
* to Share — to copy, distribute and transmit the work
* to Remix — to adapt the work
Under the following condition: You must attribute the work as from “Class# Information Privacy by Brian Rowe, 2010; First published by Seattle University Law”
To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/
Creative Commons License preserve your”fair use”, under Section 107 of the copyright act. Learn about those rights and use them!
All work products of your student colleagues are under All Rights Reserved and you must approach them to reuse their work beyond what fair use allows.
Note that the class blog is default licensed under a CC BY license, if you want your work on the blog under a different license you must state that at the end of your blog post! (This is an example of opt-out licensing which we will discuss the ethics of in class) If you have any questions regarding copyright, fair use or Creative Commons, please feel free to ask the instructor for guidance.
To support an academic environment of rigorous discussion and open expression of personal thoughts and feelings, we, as members of the academic community, must be committed to the inviolate right of privacy of our student and instructor colleagues. As a result, we must forego sharing personally identifiable information about any member of our community including information about the ideas they express, their families, life styles and their political and social affiliations. If you have any questions regarding whether a disclosure you wish to make regarding anyone in this course or in the law school community violates that person’s privacy interests, please feel free to ask the instructor for guidance.
Knowing violations of these principles of academic conduct, or privacy may result in University disciplinary action under the Student Code of Conduct.
This syllabus was influenced by many other professors’ syllabus. Two people that have greatly influenced this syllabus are Prof. Marc Rotenberg of Georgetown University Law Center and Executive Director of the Electronic Privacy Information Center (EPIC), and Adam Moore author of “Justifying Informational Privacy Rights.”San Diego Law Review 45 (spring 2008) and mentor from University of Washington’s iSchool.
If you made it this far in post I must thank you, I know I am breaking all the rules of blogging by posting a 7 page syllabus as part of the post. Please feel free to comment here or via private email at: Brian <at> BrianRowe.org