Last week I was in San Francisco attending a privacy conference co-hosted by Berkeley Law and Peking University Law School. Having attended many privacy events, I still felt fresh this time seeing so many privacy scholars, experts and professionals from China, US and Europe together sitting in the same room to discuss their regional perspectives about privacy and cybersecurity, and I absorbed...
I once wrote a paper about data brokers during my third year at GW Law. From my research on that paper, I heard of the data brokerage industry for the first time and was surprised at how powerful it was (and still is). Data brokers hold massive volume of personal information about millions of people and sell their data services to a wide variety of clients including government agencies. In...
I recently wrote for New America an annual review of the legislative and regulatory developments in China regarding personal information protections, online content regulations, and government scrutiny on cyber-related products and services. Here is the link.
A recent UK decision on online ad-tracking consent attracts my attention as it targets a novel attempt by the Washington Post towards GDPR compliance, which seemingly puts a price tag on privacy rights for users to avoid online tracking when enjoying the service. I find this decision is not convincing and could cause a tough dilemma for business compliance. According to The Register, the...
China is moving fast building up its data regulation regime. In June of 2017, China’s Cybersecurity Law came into force, the first national-level and cross-sector legislation in China to protect personal information. Since 2017, China also has launched a pragmatic guidance Information Security Technology – Personal Information Security Specification (“Specification”) and the...
Last week I spent a few days at Harvard Kennedy School for the Public Interest Tech Summit, where I joined dozens of tech fellows and scholars from various backgrounds to explore and discuss around the concept of “public interest technology.” If you are interested, you can click here to watch the video recording of the opening session. A couple of ideas and inspirations I would like...
Both China and the European Union take “consent” an important element in protecting personal information. Under the GDPR, consent is one required legal base – among others – to process personal information. China’s Cybersecurity Law, which is currently the overarching law in this field in China, requires network operators to obtain user consent before collecting and using their personal...
For a long time, the Supreme Court has been criticized as tech-phobic and old-school, not keeping pace with technology evolvement. But through Carpenter v. United States, a recent Supreme Court decision regarding the cell-site location information (CSLI) search, I saw a tech-savvy bench vigorously trying to adapt the old Constitutional Law to the ever-evolving technologies. In case the background...
We should not — and don’t need to — trade privacy off in order to be more secure. In his book Nothing to Hide: The False Tradeoff between Privacy and Security, Professor Daniel Solove explains why and how to achieve this by revealing the fallacies underlying many pro-national security arguments, including the mistaken views about privacy protection and its costs and benefits. This book was...
