SSRN Cybersecurity, Data Privacy and eDiscovery eJournal Article Spotlight

The Center-sponsored SSRN eJournal is up and running, and we’ve already filled several distributions.  I’m going to periodically highlight articles from the eJournal that I find interesting and think would appeal to both academics and practitioners in these fields.  The first up is Professor Andrew Keane Woods, Against Data Exceptionalism, forthcoming in the Stanford Law Review, Vol. 68, April 2016.

One of the great regulatory challenges of the Internet era — indeed, one of today’s most pressing privacy questions — is how to define the limits of government access to personal data stored in the cloud. This is particularly true today because the cloud has gone global, raising a number of questions about the proper reach of one state’s authority over cloud-based data. The prevailing response to these questions by scholars, practitioners, and major Internet companies like Google and Facebook has been to argue that data is different. Data is “un-territorial,” they argue, and therefore incompatible with existing territorial notions of jurisdiction. This Article challenges this view.

The Article argues that the jurisdictional challenges presented by the global cloud are not conceptually as novel as they seem. Despite the technological wizardry of modern life, the “cloud” is actually a network of storage drives bolted to a particular territory, and there is a substantial body of case law suggesting that courts think of data as a physical object. Moreover, even if the cloud were a free-floating ether, data can be thought of as an intangible asset, like money or debt, which flows easily across borders; courts have been adjudicating jurisdictional disputes over intangible assets for centuries. These precedents suggest a number of distinct legitimate grounds for states to assert jurisdiction over data — not a single test, as major Internet service providers have claimed.

After showing that these jurisdictional problems are not unprecedented, the Article turns more practical. Drawing from these precedents, the Article outlines steps that courts, Congress, and the President can take to alleviate jurisdictional conflicts over the cloud. As the recent Microsoft Ireland case works its way through the courts, the President negotiates a treaty with the United Kingdom regarding cross-border access to the cloud, and Congress rewrites the Electronic Communications Privacy Act, finding a grounded approach to addressing this problem — one rooted in longstanding jurisdictional and conflicts principles — has never been more critical.

By |2016-03-18T19:49:35+00:00March 18th, 2016|Tags: , , , |0 Comments

About the Author:

Brian Ray
Professor Brian Ray has extensive experience in eDiscovery, information governance and data privacy. He and Candice Hoke created and serve as Co-Directors of the Center for Cybersecurity and Data Privacy at Cleveland-Marshall College of Law, where they are Professors of Law. Brian co-founded, with Tim Opsitnick of Jurinnov, the Cleveland eDiscovery Roundtable, an informal group of lawyers, judges and academics that meets monthly to discuss issues surrounding electronic discovery, cybersecurity and data privacy issues. Professor Ray is a member of the Sedona Conference's International Electronic Information Management, Discovery and Disclosure and Data Security and Privacy Liability Working Groups. Professor Ray also is an expert in international and comparative law. His book, Engaging with Social Rights: Participation, Procedure and Democracy in South Africa's Second-Wave (forthcoming Cambridge 2016) provides a comprehensive analysis of the South African Constitutional Court's social rights decisions. He has served as a Fulbright Scholar in South Africa and has published extensively on the law of human rights.

Leave A Comment