GDPR

The Hidden Kraken: Submarine Internet Cables and Privacy Protections

devin.b.forbush Paper , , , , , , , , ,

PDF Link

The Hidden Kraken: Submarine Internet Cables and Privacy Protections

By Christopher Guay

  1. Introduction

Beyond the existential dread associated with the greatest depths of the oceans, there rests one of the most important components to our modern civilization. No, it’s not the eldritch horrors of the deep, it’s instead the backbone of the internet. Underwater sea cables represent over “95 percent” of international communications traffic.[1] Underwater sea cables are key to how our modern internet connects the world. These cables allow communications from one country to reach another. Instead of relying upon satellites or radio technology, there are physical fiberoptic lines which connect landmasses of the world. That is why someone in the United States can access a British or German website without any major difficulty. At its core,  submarine internet cables allow enormous amounts of commerce and communications to occur almost instantaneously.[2] Ultimately, the regulatory structure in the United States offers both significant benefits and significant dangers on the issue of information privacy.

There are two major issues related to submarine internet cables, one being related to government use of data and the other having to do with corporate use of data. On the first issue, the United States has accessed and surveilled these submarine internet cables.[3] On the second issue, in the United States, there does not appear to be any regulations stopping submarine cable operators from monetizing the information that goes through their cables. This results from a lack of a comprehensive set of privacy regulations similar to the General Data Protection Regulation (GDPR) in the European Union[4] or California’s California Consumer Privacy Act (CCPA/CPRA).[5] The lack of comprehensive privacy regulations allow companies and the government to collect vast amounts of data.[6] Advertising is big business, with a lot of money involved.[7] The global digital advertising industry is estimated to have $438 billion in revenue in 2021.[8]

Continue reading

Privacy in Virtual and Augmented Reality

Aside devin.b.forbush Paper , , , , ,

Privacy in Virtual and Augmented Reality

Devin Forbush, Christopher Guay, & Maggie Shields

A. Introduction

            In this paper, we set out the basics of Augmented and Virtual Reality.  First, we discuss how the technology works and how data is collected.  Second, we analyze what privacy issues arise, and specifically comment on the gravity of privacy concerns that are not contemplated by current laws given the velocity and volume of data that is collected with this technology.  Third, the final section of this paper analyzes how to mitigate these privacy concerns and what regulation of this technology would ideally look like.  Through the past decade, the advent of augmented reality (AR), mixed reality (MR), and virtual reality (VR) has ushered in a new era of human-computer interactivity.  Although the functions of each reality platform vary, the “umbrella term” XR will be used interchangeably to address concerns covering all areas of these emerging technologies.[1]  The gaming community might have initially popularized XR, but now, broad industries and economic sectors seek to impose the new technologies in a variety of contexts: education, healthcare, workplace, and even fitness.[2]

B. Augmented and Virtual Reality Background

Augmented Reality is “an interface that layers digital content on a user’s visual plane.”[3]  It works by overlaying certain images and objects within the users’ current environment.[4]  AR uses a digital layering which superimposes images and objects into their real world environment.[5]  Software developers create AR smartphone applications or products to be worn by users, such as headsets or AR glasses.[6]  In contrast, Virtual Reality seeks to immerse users within an “interactive virtual environment.”[7]  VR seeks to transport the user into a completely new digital environment, or reality where users can interact with, move within, and behave as if they would within the real world.[8]  To enter VR, a user wears a head-mounted device (HMD) which displays a “three-dimensional computer-generated environment.”[9]  Within the environment created, the HMD uses a variety of sensors, cameras, and controls to track and provide sights, sounds, and haptic response to a user’s input.[10]  Mixed reality offers a combination of virtual reality and augmented reality.[11]  In function, mixed reality creates virtual objects superimposed in the real world, and behaves as if they were real objects.[12]

Continue reading

Say “Bonjour” to New Blanket Privacy Regulations?

editor Article , , , , , , , , ,

The FTC Considers Tightening the Leash on the Commercial Data Free-for-All and Loose Data Security Practices in an Effort to Advance Toward a Framework More Akin to the GDPR

By Hannah Grace Babinski, class of 2024

On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR) concerning possible rulemaking surrounding “commercial surveillance” and “lax data security practices”[1] and established a public forum date of September 8, 2022.[2] The FTC’s specific objective for issuing this ANPR is to obtain public input concerning “whether [the FTC] should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.”[3]

Continue reading