If you’re serious about privacy issues, then you likely already know that Daniel J. Solove is one of the true giants in privacy law. But just in case you don’t know already: Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School, the author of numerous books and articles on privacy, and the founder of TeachPrivacy, a privacy and cybersecurity training company. For more than one decade, those of us in the privacy community have benefitted from Dan’s scholarship and his boundless enthusiasm for organizing academic and professional opportunities to promote greater awareness of privacy issues.
Next month, Dan and Professor Paul Schwartz of University of California Berkeley School of Law will be co-chairing a privacy and security forum in Washington, D.C. I cleverly took this opportunity to ask Dan if he’d be willing to take a bit of a look back at where we’ve been and forward to where he sees privacy law and enforcement going under the Trump administration. He kindly agreed. I also took the opportunity to ask a few privacy scholars to comment on Dan’s influence on the field. They, too, kindly agreed.
Professor Ryan Calo Comments on Solove’s Influence:
A person who has not read most or all of Dan’s work is not a serious student of privacy law. And yet, in one of my very first articles, I found myself critiquing Dan’s famous taxonomy of privacy. Dan had several options in the face of such an impudent critique by a newbie. He could have ignored me or squashed me like a bug. Instead, Dan invited me into the community and even excerpted my article in his textbook. Ten years later, I continue to use Dan as my model for community building and mentoring.
The following interview with Professor Solove was conducted via e-mail:
PWR: What first got you interested in privacy law?
DJS: I became interested in privacy law in law school in the mid-1990s. Around that time, the Internet started to take off, and I thought that there were a lot of interesting issues worth exploring in this area. I also thought that the Internet was here to stay and wasn’t a passing fad. At the time, there was a growing body of scholarship on cyberlaw broadly, as well as on IP and free speech online. There wasn’t much written on privacy, and so I thought the topic was worth taking a look at. As I read more, the subject really fascinated me. Privacy involves so many different areas of law, and it is tremendously important and quite complex, nuanced, and contextual. This was exactly the sort of topic that was worth spending some time with.
I originally didn’t plan to focus so heavily on privacy, as I thought I’d tackle other cyberlaw issues. But the privacy rabbit hole is quite deep, and I’ve never had a need to step out of Wonderland.
PWR: Rabbit hole, indeed. The breadth and variety of your books and articles reflects how much there is to explore. But let’s turn to the education sector for a moment. You and I have had many discussions about FERPA, its intersection with HIPAA, and privacy and data security issues in the education sector. You have tried – for years – to increase awareness in the education sector. Do you think any real progress has been made in the education sector?
DJS: There has been a little bit of progress, but not much. When I began exploring these issues, it didn’t seem as though many people cared. K-12 schools were so dreadfully behind other industries on privacy – it was as if they were stuck in the Privacy Stone Age. Higher education was also quite behind – in the Privacy Early Middle Ages. I saw little hope of anything changing. Then, some prominent education privacy issues sparked some media attention. The rise and fall of inBloom began to stir up parental concerns about education privacy, and legislatures started to take note and propose and pass laws.
Education privacy still remains far behind where it should be, but at least some light has been shined on it. I still don’t see a really serious concerted effort to bring education privacy in line with the maturity of other industries, but at least there’s a little attention to the issue now.
PWR: Recent survey results continue to paint a grim picture for the education sector, so yes, we have a long way to go.
PWR: With Woodrow Hartzog, who is now at Northeastern University School of Law, you have co-authored a number of articles about the Federal Trade Commission and its privacy and data security enforcement actions. Do you think the FTC’s data security enforcement program will have less support under the Trump administration?
DJS: Yes, definitely. The Trump Administration doesn’t seem very interested in consumer privacy or security, and hasn’t bothered even to appoint commissioners to fill the 3 vacancies out of 5 seats. The FTC will continue on, though I presume that in this climate, it will proceed rather cautiously so not as to anger the Administration.
Professor Woodrow Hartzog Comments on Solove’s Influence:
It wasn’t just Dan’s work that was a beacon for me. Dan became a mentor for me when I was a student at George Washington Law School. In 2004 I was studying to become an intellectual property attorney at GW Law, but I had room in my schedule to take a course in Information Privacy Law, which was being taught by a young visiting scholar from Seton Hall named Daniel Solove. Dan’s class was a revelation. Anyone that knows Dan’s work or has seen him talk knows how well he can clarify what’s at stake and highlight the various tensions in privacy law and policy. A few years later, when I expressed an interest in becoming a professor, he became my biggest supporter. He listened to my research ideas and regularly provided feedback. He introduced me to the Privacy Law Scholars Conference and the amazing community it has fostered. And this is to say nothing of the influence Dan’s work has had on me and the rest of the privacy community. His theories are the starting points for so many young scholars. His collaborations with other scholars are also considered foundational. I can’t imagine anyone in our community getting too far without being exposed to Dan’s ideas and influence. Dan’s contributions and mentorship were profoundly important to me as a privacy scholar. There are many others who would likely say the same thing.
What’s more remarkable is how much impact Dan has had in such a short amount of time. I’ll never forget a conversation I had with a young student who just met Dan for the first time and remarked, “Wow. Given all that I’ve read from him, I thought he would be much older.”
I’ve got a running theory that Dan just doesn’t sleep.
PWR: So while we’re talking about the FTC, this might be a good time to point out that state attorneys general also have authority to enforce privacy and data security to protect consumers, as Danielle Citron has explored in her scholarly work. Do you think state attorneys general will become more activist to compensate if FTC backs off on enforcement, or do you see the state attorneys general falling into lockstep with the Trump Administration?
DJS: I definitely don’t see state AGs following Trump’s lead. If anything, I see them as viewing this as an opportunity for demonstrating greater leadership.
PWR: I hope you’re right.
Professor Danielle Citron Comments on Professor Solove’s Influence:
Dan’s scholarship has shaped how academics, courts, politicians, and the public think about privacy. Much as Samuel Warren and Louis Brandeis mapped the importance of privacy in the face of changing technologies for their time, Dan has done the same (and then some) for ours. And even more than that (and that is damn impressive) Dan has helped create a true interdisciplinary community of scholars, practitioners, and advocates. Dan is a mensch, a mentor and a nurturer of other’s work whose guidance has been instrumental to so many careers including mine.
PWR: We’ve talked a bit about the education sector and we’ve talked about anticipating that the FTC will be enforcing less under the present administration. Do you think the same will be true in the healthcare sector? Should we expect to see less HIPAA and HITECH enforcement actions by HHS/OCR because of the Trump administration’s pro-business bias and/or cuts in federal agencies’ budgets?
DJS: I think we will see less, but as with the FTC too, it might take a while for this to happen, as they are still working through their pipeline. But once the pipeline runs out, I can’t imagine how we won’t see a drop off. The drop off will likely occur because of understaffing and lack of resources, plus perhaps a concern by staff that aggressive enforcement would spark unwanted attention by the Administration.
PWR: I fear you’re correct, even though OCR’s Roger Severino recently said he’s looking for a “big juicy case” to use to send an enforcement message.
PWR: Let’s turn to one of my favorite topics – PLSC. With Chris Hoofnagle of University of California – Berkeley, you organize and co-chair an annual Privacy Law Scholars Conference. Invitations to the conference have become one of the most sought-after invitations in the privacy law community. Have you gotten any feedback from federal agencies or judges as to how the scholarship is influencing their policy-making or decisions?
DJS: The best feedback is that practitioners, including regulators and judges, are very eager to attend the event. We cannot accommodate them all. In other fields, practitioners don’t seem to read academic work that much. In privacy, practitioners attend a conference where we workshop about 70-80 academic papers, and where participants are required to read at least 8 papers and be prepared to discuss them. That practitioners will take several days out of their schedule and eagerly go to this event is a testament to the fact that they are very interested in the scholarship. I have definitely seen many instances where scholarship has influenced policymaking – judicial, legislative, agency enforcement, and internal corporate policy.
PWR: In addition to PLSC, you have also organized numerous other privacy and security forums – including the upcoming one October 4- 6 in Washington, D.C. What’s the most exciting part about these forums for you?
DJS: I learn a lot and bring interesting people together. That’s the goal of all my events. This October 4-6, my event, co-organized with Professor Paul Schwartz, will have nearly 100 sessions and 250+ speakers. The event is called the Privacy+Security Forum. It’s an annual event in its third year. We aim to better integrate privacy and security, to break down the silos. And, we aim to have an event that brings together the leading experts from every perspective – corporate CPOs, law firm attorneys, security professionals, government regulators, academics, technologists, higher ed compliance, and others. We aim to have sessions that are useful for seasoned practitioners – with more interactivity and practical takeaways.
PWR: Having attended PLSC and a previous Privacy & Security forum in the past, I’m really looking forward to this upcoming forum, even though we’re both predicting some rough years ahead for privacy enforcement. So my last question for now: if I were to lend you my magic wand and you could make one – but only one – privacy wish come true, what would it be?
DJS: That’s such a hard question because there are so many areas of privacy law. It’s hard to come up with just one. I’d like to make the 4th Amendment Third Party Doctrine disappear. I’d like to reform ECPA (it’s 30 years old and is totally obsolete). I’d like to reform FERPA (it’s 40 years old and lacks effectiveness). I’d like to see a CPO at every school, whether K-12 or higher ed. I want courts to come to a better conception of privacy, as well as of privacy harm and data security harm. I’d like the FTC to have more power and resources. And HHS for that matter too. I want the EU to strongly enforce the GDPR next year and really put a scare into companies not taking it seriously enough. I could go on and on.
There are too many things that need to be done to isolate just one wish. Can’t I at least get three wishes? It’s industry standard, you know . . .
PWR: Ha! My one wish would be that all members of Congress and the judiciary would read – and understand – your articles and books.
Thanks so much for the interview, Professor Solove, and I hope more PogoWasRight readers will register for the forum October 4 – 6 in D.C. A great line-up and ice cream every day? Now how can you beat that, right?