•  
  •  
 

Abstract

The unregulated collection, processing, and sale of consumer data has led to a plethora of social and legal issues. As regulators attempt to catch up with the “move fast and break things” ethos of tech innovation, “de-identified” or “anonymized” data has remained broadly unprotected. However, computer science literature shows us that “de-identified” data is a legal fiction. This Article examines the source of the de-identification fiction, analyzes the definitions in new state laws which attempt to close the loophole, tracks potential harms, and proposes a legislative solution which aims to ameliorate some of the legal fictions’ negative impacts. Part I examines the disparate judicial treatment of “identified” and “de-identified” data to uncover the legal fiction’s formation and contours. Part II discusses the narrow definitions of “de-identified data” proffered by new state laws and explains how they largely fail to address the justiciability issues posed by large-scale data breach litigation, instead entrenching the “de-identification” legal fiction. Part III discusses the tension between the statutory and judicial conceptions of de-identified data and the goals of data protection law. Part IV proposes a rethinking of the ways we segment data for the purposes of legal protection, shifting from an “identifiable”/”unidentifiable” approach to a mosaic-like approach that balances data sensitivity with potential privacy loss.

Download

Included in

Law Commons

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.