Welcome

PLSC 2021 Conference Schedule

Day 1 – Thursday June 3rd, 2021

Day 1 – Thursday, June 3rd
NOTE: All times are U.S. Eastern Time (ET)

9:00 AM – 9:15 AM What’s New at PLSC: Ari Waldman, Northeastern University, PLSC Chair
9:15 AM – 9:30 AM Welcome: Julie Cohen & Paul Ohm, Georgetown University, PLSC 2021 Hosts
9:30 AM – 10:30 AM First Session
Surveillance and the Tyrant Test by Andrew Guthrie Ferguson, discussion by Rebecca LipmanHow should society respond to police surveillance technologies? This question has divided activists, law enforcement, and academics and will be a central question for years to come as police surveillance technology grows in scale and scope. This Article explores the taxonomy of past approaches to policing technologies, and – finding them all lacking – offers the “tyrant test” as an alternative.
Reckoning with Roots: Constitutional Privacy and White Supremacy by Sophia Lee, discussion by Mariana OliverThis paper resituates the origins of privacy as a subject of constitutional protection away from the Supreme Court’s 1886 decision Boyd v. United States; protecting constitutional privacy, it turns out, was part of the process through which White elites North and South, Democrat and Republican come together to limit Reconstruction, preserve White supremacy, and pave the way for the violent disenfranchisement of newly freed Black men.
Healthcare Sanctuaries by Medha Makhlouf, discussion by Craig KonnothReluctance to seek health care or coverage because of fear of immigration consequences is a barrier to healthcare access for noncitizens. This Article focuses on concerns that arise from two modes of immigration surveillance in health care: (1) interrogation, arrest, search, or detention by immigration enforcement officers at healthcare sites; and (2) use of personal information disclosed for the purpose of obtaining health care to deny immigration benefits or for immigration enforcement purposes.
Data Protection in Africa: An Appraisal of the Data Protection and Privacy Act of Uganda by Joel Basoga and Paul Epodoi, discussion by Przemyslaw PalkaData driven technologies are integrating Africa like never before and placing the Continent on a path to increasing data flows. In the face of other pressing challenges, are African countries, particularly Uganda doing enough to protect the privacy and personal data of their citizens?
Empowering Digital Decisions: Designing Mobile Location-Based Services for Informed Location Data Disclosure by Alexis Shore and James Cummings, discussion by Lorrie CranorMobile location-based services (LBS) often lack a consent framework that encourages users to make a decision that prioritizes their data privacy. The current experiment manipulates various interface features (friction, social proof, defaults), in addition to WTA/WTP framing, to unpack what influences users’ likelihood to obscure their location data. Results garnered from this study not only provide interdisciplinary theoretical insight but also practical recommendations for technology designers.
“In the Wild’ Trials of Live Facial Recognition Technology by Police: Why Responsible Trial Protocol is Urgently Needed and What They Should They Require? by Wenlong Li and Karen Yeung, discussion by Anne WashingtonThe aim of this paper is to critically examine ‘in-the-wild’ testing of live FRT by law enforcement authorities, and we argue that this technology may well turn out to be the Thalidomide of AI – enthusiastically embraced across the globe without rigorous trials to demonstrate its safety or efficacy, even as it degrades the core assumptions upon which liberal democratic societies rest.
Rethinking Platform Power by Mark Burdon and Tegan Cohen, discussion by Evelyn DouekRegulator concerns about platform power are constructed along existing legal trajectories. We rethink how platform power emerges and is acted upon based on Deleuze’s Postscript on the Societies of Control (1992). Platform power involves the harnessing of data mutations which gives new insight into modulation harms and regulatory responses.
Gender as Emotive AI and the Case of Nadia: Regulatory and Ethical Implications by Rachel Adams, Nora Ni Loidean, and Damian Clifford, discussion by Brenda LeongThis paper unpacks the regulatory and ethical problematics of the artificial intelligence (AI) powered virtual assistant, ‘Nadia’, developed for use in the Australian Government’s National Disabilities Insurance Agency (NDIA). We explore how Nadia is gendered female, utilises high-risk AI technologies, including emotive AI and machine learning, and was developed for use by a group deemed vulnerable to further human rights violations by the law.
Privacy, Practice, and Performance by Ari Waldman, discussion by Salome ViljoenThis paper suggests that long-standing practices of privacy law–compliance mechanisms, regulators as industry partners, and individual self-governance–have socially constructed what privacy law is and should be, crowding out other options and weakening privacy law from within. It proposes a way out of the path dependent rut we are in, using a law and political economy approach.
10:30 AM – 11:00 AM BREAK
11:00 AM – 12:00 PM 2nd Session
The Aftermath of Carpenter: An Empirical Study of Federal and State Fourth Amendment Decisions, 2018-2021 by Matthew Tokson, discussion by Bennett CapersThe Supreme Court recently established, in the landmark case Carpenter v. United States, that individuals can retain Fourth Amendment rights in information they disclose to a third party. This Article analyzes all 857 federal and state judgments citing Carpenter from its publication in June of 2018 through March 2021. Using this unique, hand-coded database, the Article illuminates both the present and potential future of Fourth Amendment law.
Bedazzle, Inscribe, Flaunt: Electronic Ankle Monitors and Intentional Information Disclosures as Resistance Practices by Lauren Kilgour, discussion by Jasmine McNealyIn this article, I describe and analyze the cultures of resistance that circulate in response to electronic ankle monitor design and use in the United States (US) criminal justice system. Specifically, I focus on the spectrum of aesthetic resistance practices carried out by wearers on social media, which seek to resist and critique the sociocultural meaning attached to ankle monitors versus resisting the mechanical function of the monitors.
A Constitutional Case for Peace in the “War on Cash” by Raul Carrillo, discussion by Kate WeisburdThis Article argues that the “War on Cash” assails our most democratic constitutional principles with respect to monetary provisioning and privacy therein. It joins the chorus of scholars arguing we deserve “privacy in public” — we deserve to participate in the broader economy and society without perpetual surveillance, to be “one in the crowd.” In terms of payments systems design, a democratic vision of privacy can be instantiated in the technology of digital cash.
Privacy Governance in Contact Tracing Apps: A Comparative International Study by Alex Rosenberger, Madelyn Sanfilippo, and Yan Shvartzshnaider, discussion by Madiha Zarah ChoksiThis paper empirically explores global and contextual privacy issues around 102 contact tracing apps in use in 72 around the world. We compare regulatory obligations, expectations, and practices, to examine how national norms and contexts impact privacy governance and practices.
The GDPR and the Free Flow of Personal Data: The Tale of Persistent Borders by Michalina Nadolna Peeters, discussion by Michael BirnhackThe EU General Data Protection Regulation (GDPR) aims to attain a consistent protection of personal data and free flow of personal data in the EU. This paper explores how theoretical tensions and broad leeway given to Member States in the GDPR result in the ‘persistence’ of borders understood as a legal event triggering the application of conflict-of-law rules.
Coca Cola Curses: Dangerous Hate Speech in a Postcolonial Context by Brittan Heller, discussion by Kirsty HughesHate speech, especially dangerous speech that incites violence, follows predictable patterns. This paper is the first to suggest that online hate speech may operate differently in a postcolonial context, based off fieldwork conducted by the author in Uganda, and proposes a new hallmark for dangerous speech — “calls for geographic exclusion.”
Making Data Private – and Excludable: A New Approach to Understanding the Role of Encryption in the Digital Political Economy by Brenden Kuerbis and Milton Mueller, discussion by Sebastian BenthallThis paper identifies a phenomenon called “data enclosure,” which is part of the competitive struggle over the economic value of data. The most interesting questions about the future of privacy arise from the degree to which data enclosures affect competition and succeed in providing better privacy protection.
The Surprising Virtues of Data Loyalty by Woodrow Hartzog and Neil Richards, discussion by Lauren ScholzDuties of data loyalty implementing ideas from privacy law scholarship are now under serious consideration by lawmakers in the US and Europe, but critics charge that such duties are unnecessary, unworkable, overly individualistic, and indeterminately vague. This paper takes those criticisms seriously, and its analysis of them reveals that duties of data loyalty have surprising virtues.
The Constitutionality of Data Privacy as Transparency Law by Margot Kaminski, discussion by Gautam HansPrivacy laws are also transparency laws. That is, most privacy laws either require or incentivize disclosure of the fact of surveillance, and many require disclosure of extensive details of surveillance practices. Yet while most privacy law experts take the centrality of these privacy transparencies for granted, understanding privacy laws as transparency laws changes the terms of the debate on the constitutionality of data privacy regulation under the First Amendment.
12:00 PM – 1:30 PM Lunchtime Break
1:00 PM – 1:30 PM Listening Session about current and future changes/goals of PLSC. Hosted by Ari Waldman
1:30 PM – 2:30 PM 3rd Session
A Partial Property Rights Theory of the Fourth Amendment: Getting to Privacy More Reasonably by Mailyn Fidler, discussion by Peter OrmerodExisting Fourth Amendment approaches are lacking. I argue that Fourth Amendment protections should be triggered when one has a “partial” property right: the right to exclude at least some person in at least some circumstance. This approach avoids the narrowness of a traditional property approach to the Fourth Amendment and provides a more conceptually grounded path to protecting privacy than the leading reasonable expectation approach.
Conceptualizing Privacy as a Civil Right by Tiffany Li, discussion by Thomas Kadri 
America’s Hidden National DNA Database by Natalie Ram, discussion by Barry FriedmanThis Article comprehensively maps whether, and under what circumstances, law enforcement is likely able to access residual newborn screening samples or their related data. Having surveyed these divergent policies, the Article argues that state legislatures should enact, or the federal government should require, a policy rejecting law enforcement use of these vital resources to develop investigative leads. Such a policy is most consonant with respect for persons, best able to maintain public trust in the important public health purposes of newborn screening programs, and most certain to survive constitutional scrutiny.
How the GDPR Champions Freedom of Expression and Information by Jef Ausloos, discussion by Margot KaminskiThis paper defends the counter-intuitive claim that the GDPR champions the right to freedom of expression and information in the face of platform power.
Making Artificial Intelligence Transparent: Privacy Fairness, and the Problem of Proxy Variables by Richard Warner and Robert Sloan, discussion by Emily McReynoldsAI-driven decisions reduce informational by drawing data from any area of your life to make decisions about any other area. We propose four fairness requirements to regulate the immensely computational and mathematical systems. The requirements incorporate the computer science notion of an explainable system.
Solving the Hiring Paradox: A Method to Address Bias in the Hiring Process Within the Law by Jad Salem, Swati Gupta, and Deven Desai, discussion by Pauline KimWith widespread use of automated methods in applicant screening, there is growing concern over fairness and growing need for legal analysis of relevant algorithmic techniques. In this paper, we provide a legal justification for a recently proposed algorithmic technique for bias mitigation in applicant screening.
Virtual Classrooms and Real Harms by Shaanan Cohney, Ross Teixeira, Anna Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Madelyn Sanfilippo, and Yan Shvartzshnaider, discussion by Angie RaymondIn the rapid shift to online learning, universities have acquired new risks of security vulnerabilities and privacy violations. We survey 49 U.S. educators and 10 U.S. administrators about their privacy and security concerns, analyze the privacy policies and security practices of 23 remote learning platforms, and examine 129 state laws that enhance student privacy. We provide recommendations for educators and policymakers.
Regulating Digital Contact Tracing for Communicable Diseases by Sarah Eskens and Natali Helberger, discussion by Jules PolonetskyContact tracing apps challenge fundamental rights and the way these apps were introduced raises questions about the democratic legitimacy of these apps. This paper analyses two questions: should contact tracing apps have a regulatory framework (yes) and what should be contained within such a regulatory framework (voluntariness, prevention of abuse, transparency, duration, interoperability, and the relationship with big tech)?
Surveying Surveillance: A National Study of Police Department Surveillance Technologies by Mariana Oliver and Matthew Kugler, discussion by Victoria SchwartzEvidence from an original, national survey of police departments shows how surveillance technologies are distributed across jurisdiction types. Cell phone location tracking is very common across small and large jurisdictions, while use of facial recognition is still lagging. We discuss implications for privacy and civil liberties.
How (Not) to Write a Privacy Law by Julie Cohen, discussion by Cam KerryMany of the shared features of proposed privacy legislation embody fundamentally backward-looking approaches that cannot hope to constrain the activities they attempt to address. In particular, such approached are heavily influenced by antiquated private law ideals privileging bottom-up governance via assertion of individual rights and retrospective, litigation-centered enforcement. Effective privacy governance requires a model organized around problems of design, networked flow, and scale; I identify some essential components of such a model.
2:30 PM – 3:00 PM BREAK
3:00 PM – 4:00 PM 4th Session
Katz as Originalism by Orin Kerr, discussion by I. India ThusiOriginalists and textualists often argue that the Katz “reasonable expectation of privacy” should be overturned because it has no grounding in constitutional text or history. But they’re wrong. Katz is fully consistent with the Fourth Amendment’s text, and it provides a plausible construction of its original public meaning.
Race-Aware Algorithms: Fairness, Nondiscrimination and Affirmative Action by Pauline Kim, discussion by Deborah HellmanMitigating or removing discriminatory bias from algorithms requires designers to be aware of characteristics like race and sex when building models. Contrary to the assumptions of some scholars, this Article argues that the law permits some forms of race-consciousness and therefore, whether a race-aware algorithm constitutes disparate treatment depends upon when and how race is taken into account in the model-building process.
The Cures Act API Rule: Implications for Health Information in terms of Access, Privacy, and Competitive Practices by Amanda Stanhaus and Denise Anthony, discussion by Charlotte TschiderAnalysis of Regulatory Rulemaking comments regarding The Cures Act API Rule indicates how self-interest in data access motivates the comment submissions. Most striking is the divergence amongst stakeholders in the portrayal of patients’ ability to self-manage their health information across disjointed privacy regimes. We find that stakeholders conflate patient data access with third-party data access, and we conclude by pointing toward some potential consequences for both individual privacy and anti-competitive organizational practices.
Narrowing Data Protection’s Enforcement Gap by Filippo Lancieri, discussion by Justin HemmingsData protection laws recurrently suffer from an enforcement gap. This article describes the three core building blocks of data protection regimes in the United States and Europe: market forces, tort liability and regulatory enforcement. It then identifies two key reasons—particularly deep information asymmetries between companies and consumers/regulators, and high levels of market power in many data markets—that enable companies to undermine legal compliance.
The Technologization of Insurance: An Empirical Analysis of Big Data and Artificial Intelligence’s Impact on Privacy and Cybersecurity by Shauhin Talesh and Bryan Cunningham, discussion by Katie ShiltonDrawing from sixty interviews of the cyber insurance field, a quantitative analysis of a “big data” set we obtained from a data provider, and observations at cyber insurance conferences, we explore the effects of what we refer to as the “technologization of insurance,” the process whereby technology influences and shapes the delivery of insurance.
The Legal Construction of Black Boxes: How Machine Learning Practice Informs Foreseeability by Andrew Selbst, Suresh Venkatasubramanian, and I. Elizabeth Kumar, discussion by Frank PasqualeWe challenge the idea AI is unknowable and therefore that AI harms are unforeseeable, arguing that when computer scientists draw abstraction boundaries, they are making claims as to a division of responsibilities between designers and users.
Identity by Committee by Scott Skinner-Thompson, discussion by Kendra AlbertVast bureaucracies now regulate students’ gender identities in public schools, limiting freedom and endangering privacy. These substantive & procedural obstacles to gender freedom are linked to medical and social models of understanding gender. This paper critiques these trends, while arguing that a focus on the expressive dimensions of gender may hold greater emancipatory potential.
Anticompetitive-by-Design: Preventing Dark Patterns in Data Sharing by Gabriel Nicholas, discussion by Mihir KshirsagarWhat technical design tactics do platforms use to make sure users can’t bring their data with them to competitors? This paper looks at three different “data sharing dark patterns” through mini case studies in three different sectors — agriculture, social media, and energy.
Democratic Algorithms by Hannah Bloch-Wehba, discussion by Neil RichardsThis paper examines how, together, social movements and tech workers are demanding democratic accountability for algorithmic governance. Drawing on theories of democratic participation in and outside of the workplace, the paper argues that these movements are advancing a new theory of accountability for algorithms that deserves to be taken seriously by policymakers and scholars.
Public Undersight by Christina Koningisor, discussion by Kathy StrandburgThis Article explores the growing array of bottom-up movements that have sprung up around the country in recent years to circumvent the formal transparency law regime and challenge the government’s monopoly on information from the outside. Activists now rely on public sources of information and extralegal monitoring to track where ICE conducts immigration raids, observe police activity in communities of color, monitor air pollution near industrial sites, and collect data on bail decisions. The Article explores the benefits and drawbacks of these efforts—arguing that these movements can help to remedy flaws in the formal transparency law regime and democratize public access to government, but that they may also introduce potential privacy harms and other risks.
4:00 PM – 6:00 PM Post-Proceedings

Day 2 – Friday June 4th, 2021

Day 2 – Friday, June 4th NOTE: All times are U.S. Eastern Time (ET)

9:45 AM – 10:45 AM 5th Session
Speaking Through Documentation: How Government Employees Resist Enforced Secrecy by Danah Boyd, discussion by Amy Kristin SandersTransparency and “good government” protocols are often seen as tools to increase trust and ensure accountability. Drawing on ethnographic fieldwork within the US Census Bureau, this paper describes various tactics that civil servants took to document and communicate their work, only to watch these enactments of transparency twisted to delegitimize their work.
Telling the Truth about Compelled Encryption and the Contents of the Mind by Aloni Cohen, Sarah Scheffler, and Mayank Varia, discussion by Bryan ChoiThis article examines two intertwined nuances of the foregone conclusion doctrine, which determines the government’s ability to compel acts of production in criminal proceedings under the Fifth Amendment.
  
Judging Offensiveness: A Rubric for Privacy Torts by Alissa Del Riego and Patricia Sanchez Abril, discussion by Scott Skinner-ThompsonThe analysis of offensiveness is a black hole in privacy tort jurisprudence. Informed by the idiosyncrasies of the concept as revealed in case law and philosophy, this Article proposes a systematized rubric to guide the analysis of offensiveness while avoiding error and bias.
Private Systems and Artificial Life by Sebastian Benthall, discussion by Peter SwireWe explore what the intellectual tradition of second order cybernetics (Margaret Mead, Fernando Flores, Humberto Maturana, Francisco Varela, Jospeh Goguen, Niklas Luhmann, Gunther Teubner) has to offer the design of privacy regulation and technologies.
The Vulnerable Data Subject: A Gendered Data Subject? by Gianclaudio Malgieri and Gloria González Fuster, discussion by Kristen ThomasenThis paper investigates the notion of the ‘vulnerable data subject’ from a gender perspective, to question whether gender should be regarded as factor of vulnerability at all, and, if yes, how.
Data Governance Through Data Intermediaries: Landscaping and Legal Implications by Heleen Janssen, Chris Reed, and Jatinder Singh, discussion by Danielle D’OnfroTechnologists and lawyers have different understandings about the meaning of control. Failure to understand this, and to recognise that both kinds of control need to be integrated into the intermediary’s governance, has led debates regarding control over data in intermediaries to be often unclear. Intermediaries will naturally focus on technical controls, but they should also pay close attention to legal and regulatory obligations as they are enshrined in IP laws, trade secret law and data protection law.
The Right to Data Access: A Million-Website Comparative Analysis of GDPR and CCPA Implementations by Ross Teixeria, Gunes Acar, and Jonathan Mayer, discussion by Jef Ausloos 
Bias Preservation in Machine Learning: The Legality of Fairness Metrics Under EU Non-Discrimination Law by Sandra Wachter, Brent Mittelstadt, and Chris Russell, discussion by Frederik Zuiderveen BorgesiusWe propose a new concept for fairness in AI and machine learning, ‘bias preservation’, derive a classification scheme that distinguishes between metrics on the basis of formal and substantive equality. We argue that only bias transforming metrics can be fully compliant with the aims of EU non-discrimination law.
Why We Should Regulate “Information About Persons” Rather than “Personally Identifiable Information” by Lisa Austin, David Lie, Nicolas Papernot, and Aleksander Nikolov, discussion by Siona ListokinWe argue that data protection law should impose a comprehensive privacy risk minimization obligation that applies to the processing of all “information about persons”, rather than PII, and also embrace new regulatory tools to ensure compliance with this obligation.
10:45 AM – 11:15 AM BREAK
11:15 AM – 12:15 PM 6th Session
The Great Regulatory Dodge by Salome Viljoen, Katherine Strandburg, and Helen Nissenbaum, discussion by Malavika JayaramThis Article considers how privacy law’s current regulatory paradigm enables digital technology companies to “dodge” sectoral privacy regulations with which other companies, offering similar services, must comply. It attributes the dodge to both gaps in the law as well as tactical maneuvering by companies seeking to avoid regulation.
A Critical Class Analysis of Data-Centric Technologies at the Intersection of Power and Law by Michele Gilman, discussion by Josh FairfieldThis paper applies critical class theory to the use of data-centric technologies. This approach identifies not only who is harmed by technologies, but also who benefits. It thus reveals how law upholds unequal power relations that data-centric technologies create and reinforce. The paper concludes by evaluating how various privacy law reforms might disrupt class divisions and advance economic equality.
Software as Credence Good: The Public Interest Argument for Reverse Engineering by Michael Specter and Andrew Sellars, discussion by Asaf lubin 
Criminal History Information, Clean Slate Reforms, and the American Way of Data Privacy by Sarah Lageson and Alessandro Corda, discussion by Bernard ChaoThis article analyzes privacy rights through the case of the unexpected, rapid shifts in criminal record policy in the United States; specifically automated criminal record expungement. We focus on: (a) the re-emergence of privacy concerns linked to rehabilitation and second chances through the management of criminal history data, (b) the logic of administrative fairness and accountability through algorithmic approaches, and (c) the emergence of an informational privacy rationale within broader criminal legal system reform.
Discredited Data by Ngozi Okidegbe, discussion by Megan StevensonThis Article contends that one reason pretrial algorithms produce biased results is that they are exclusively built and trained with data from carceral knowledge sources – the police, pretrial services agencies, and the court system.
Do Data Breach Notification Laws Reduce Medical Identity Theft? by Aniket Kesari, discussion by Annie BousteadEvery U.S. state now has a “data breach notification” law that mandates that certain organizations disclose data breaches to their data subjects. Using medical identity theft panel data collected from the Consumer Financial Protection Bureau (CFPB), this study implements an augmented synthetic control approach to analyze the effect of certain data breach notification standards on medical identity theft.
Deepfake Privacy Norms by Matthew Kugler and Carly Pace, discussion by Kirsten MartinThis Article presents two empirical studies of people’s attitudes about different types of deepfakes and relates the results to both current regulations as well as First Amendment doctrine.
Can an Algorithm be too Accurate? by Aileen Nielsen, discussion by Daniel SusserMuch research on algorithms has focused on ways to detect or prevent algorithmic misbehavior or mistake. However, there are harms and risks that arise when algorithms perform too too well rather than too poorly. This paper makes the case against “unduly accurate” algorithms and proposes a regulatory solution.
Privacy Harms by Danielle Citron and Daniel Solove, discussion by Ignacio CofoneThis article develops a typology of privacy harms, assesses the degree to which the law recognizes each type of harm, and argues that the law should, in many instances, better recognize various types of privacy harm.
12:15 PM – 1:15 PM Lunchtime Break
1:15 PM – 2:15 PM 7th Session
Punitive Surveillance by Kate Weisburd, discussion by Matthew ToksonDrawing on original research of over 250 public agency records, this paper exposes the diminishment, and often outright elimination, of Constitutional rights and dignity associated with GPS-equipped ankle monitors and other forms of electronic surveillance of people in the criminal legal system. This paper makes the case for significant limitations on the use of this technology.
Framing Data Privacy as a Civil Right: From Neoliberal Privacy to Privacy Justice by Jeeyun Sophia Baik, discussion by Denise AnthonyIn this paper, I detail why the civil rights frame of data privacy can be a strategic and effective approach to embody more just privacy protections for the marginalized. Compared to other framing, the civil right of data privacy can regulate the multi-layered ramifications of unwarranted corporate data practices.
Safety as Privacy by Michael Froomkin, Phillip Arencibia, and Zak Colangelo, discussion by Andrea MatwyshynWe examine the regulatory authority of six U.S. administrative agencies with safety or consumer protection missions in order to demonstrate that — largely contrary to their current stances — they have the power to issue rules that would substantially enhance the privacy of U.S. consumers and workers.
Mental Data Protection Regulation by Gianclaudio Malgieri and Marcello Ienca, discussion by Kiel Brennan-MarquezIn this article, we introduce the notion of ‘mental data’, which we define as any data that can be organized and processed to make inferences about the mental states of a person, including their cognitive, affective and conative states. Further, we analyze existing legal protections for mental data by considering (mostly in the EU GDPR) the lawfulness of their processing in light of different legal bases and purposes and assess possible risks to the rights and freedoms of individuals.
What do Privacy Surveys Actually Measure? Distinguishing Attitude, Preference, Concern, Expectation, Decision, and Behavior by Jessica Colnago, Lorrie Cranor, Alessandro Acquisti, and Kate Stanton, discussion by Matthew KuglerIn our paper we try to identify what privacy scales actually measure. We find that scales, and even individual statements, measure multiple constructs at the same time. We provide data-driven suggestions on how to build cleaner statements but highlight that a one-construct only privacy scale might not be feasible.
Nudging Humans by Brett Frischmann, discussion by HC RobinsonNudging, an ascendant social engineering agenda, permeates private and public institutions worldwide. It has crept into the design of human-computer interfaces and affects billions of individuals’ decisions daily. This essay develops two criticisms of nudging, one focused on nudge creep and another based on normative myopia.
Chilling Effects as Social Conformity: Normative and Doctoral Implications by Jon Penney, discussion by Ronnell Andersen Jones 
The Politics of Differential Privacy by Jayshree Sarathy, discussion by Steve BellovinWhile differential privacy offers rigorous guarantees for statistical disclosure limitation, its algorithmic formalisms do not account for social and contextual factors. Drawing on perspectives from science & technology studies, this work focuses on the entanglements between algorithmic privacy and institutional logics that govern privacy.
The Scale and the Reactor by Ryan Calo, discussion by Julie CohenLaw and technology scholarship should be aware of, and draw from, decades of science and technology studies (STS). The alternative is to get technology’s role in society wrong again and again. Yet the field must also take care not to abandon the normativity and pragmatism that makes law and technology unique, and which has the potential to help STS attend to its own critics and have a broader societal impact.
Auditing for Bias in Algorithms Delivering Job Ads by Basi Imana, Aleksandra Korolova, and John Heidemann, discussion by Jenine Hiller 
2:15 PM – 2:45 PM BREAK
2:45 PM – 3:45 PM 8th Session
The Challenge for Cities of Governing Spatial Data Privacy by Feiyang Sun and Jan Whittington, discussion by Ellen P. GoodmanThis paper applies the Governing the Knowledge Commons framework and provides an empirical case study of the privacy and info systems governance by the City of Seattle. It discusses how transaction cost economics theory can be complementary to the GKC framework and proposes research design of future empirical research.
Suspect Development Systems: Databasing Marginality and Enforcing Discipline by Rashida Richardson and Amba Kak, discussion by Margaret Hu and Kristin JohnsonThis article presents a categorical term and an analytical framework, Suspect Development Systems, which refers to information technologies used by government and private actors to manage vague or often immeasurable social risks based on presumed or real social conditions that subjects targeted individuals or groups to greater suspicion, differential treatment, and more punitive and exclusionary outcomes.  
False Flags: Rejecting Remote Proctoring Software and Other Surveillance Technologies in Higher Education by Lindsey Barrett, discussion by Elana ZeideRemote proctoring software is a needlessly punitive approach to academic assessments that violates students’ privacy, discriminates on the basis of race and disability, and calcifies inequities in higher education, harms that privacy and civil rights laws are failing to address. Universities should abandon these services, and learn from the ramifications of reflexive reliance on expensive technology that creates worse problems than the ones it purports to—and can’t—solve.
Europeanization of Policy Implementation? A qualitative comparative analysis (QCA) of Data Protection Authorities’ enforcement styles post-GDPR  by Ido Sivan-Sevilla, discussion by Jessica ColnagoThis study explores the divergence in EU data protection policy implementation. Whereas the literature mostly studies the formal rather than the practical aspects of implementation, I compare two measurements for practical enforcement: outputs-based versus discretion-based, revealing national divergence in enforcement styles post-GPDR, against “Eurolegalism” expectations.
Pursuing Usable and Useful Data Downloads Under GDPR/CCPA Access Rights via Co-Design by Blase Ur, Sophie Veys, Daniel Serrano, Madison Stamos, Margot Herman, Nathan Reitinger, and Michelle Mazurek, discussion by Joris van HobokenWe investigated the current state of data access rights by conducting focus groups in which participants explored and discussed their own data downloads for one of six major companies (Amazon, Facebook, Google, Spotify, YouTube, Uber). We report on participants’ reactions to the contents and format of their data downloads.
Juror Interpretations of Metadata and Content Information: Implications for the “Going Dark” Debate by Annie Boustead and Matthew Kugler, discussion by Rebecca WexlerHow will jurors interpret and value metadata as opposed to content information. We present the results of a series of survey experiments to address this question, finding that content information and metadata can be equally useful when they convey information that is logically equivalent but content information conveys additional meaning in circumstances where the defendant’s state of mind is critical and metadata can more convincingly establish a pattern of behavior.
Health Data Federalism by Craig Konnoth, discussion by Sharona HoffmanThis article shows how private entities are taking over health data regulation from states at the behest of the federal government. It recommends an approach that allows for a balance among states, the federal government, and private entities in regulating this space.
The Implications of the First Amendment for American Privacy Legislation by Ryan Harkins, discussion by Hannah Bloch-WehbaAs the debate over core aspects of privacy legislation marches on, a dormant yet combustible issue lies smoldering, whose existence has largely been overlooked in state capitols and on Capitol Hill: what of the First Amendment? Rather than exempting broad categories of information from privacy legislation entirely, policymakers should engage in a more granular analysis focused on the discovery of truth; our capacity to engage in self-government; and our self-fulfillment as autonomous, rational beings.
Exploring Privacy Law as a Victim of Legal Endogeneity: Using Institutional Theory to Understand Practitioner Agency within Institutions by Jillian Kwong, discussion by Ari WaldmanBuilding on established privacy on the ground scholarship, this article overlays insights about human agency from institutional theory to take a closer look at how privacy gets enacted and reproduced in practice. My goal is to compliment and extend Waldman’s (2020) argument that privacy law has become mere “symbols of compliance” by unraveling the theoretical tensions present in his conception of CPOs and privacy narrative. Using an analytical method known as elaborative coding, I apply themes from Bamberger & Mulligan (2011, 2015) and Waldman’s (2018) studies to a new corpus of interview data to see how their findings connect, align, and diverge in a new context.
3:45 PM – 4:00 PM Closing Remarks and Thank Yous