Monday , September 23 2019
Home / Jennifer Huddleston

Jennifer Huddleston

Articles by Jennifer Huddleston

Antitrust and the Debate over Data Privacy

11 days ago

Chairman Cicilline, Ranking Member Sensenbrenner, and distinguished members of the Subcommittee on Antitrust, Commercial, and Administrative Law.
My name is Jennifer Huddleston and I am a research fellow at the Mercatus Center at George Mason University. My research focuses primarily on the intersection of law and technology, including issues related to data privacy and antitrust. Therefore, I welcome the opportunity to submit a statement regarding the potential need for and effect of a government intervention, via antitrust, into various digital spaces; and what the potential consequences of such an intervention might be, particularly with regards to privacy concerns.
In this statement for the record, I will focus on three key points:
The dynamic nature of the technology industry makes it

Read More »

The State of State Data Laws, Part 3: Biometric Privacy Laws and Facial Recognition Bans

August 7, 2019

Today, you can clock into an office with your fingerprints or unlock your phone with just your face. As such potential applications biometric technologies expand, so do the concerns about how they can be abused, particularly when it comes to privacy.
While federal policy is still at the discussion stage about placing limits on biometric technologies like facial recognition, some state and local governments have already passed rules for biometric data or applications, and others are considering it. Illinois, Washington, and Texas all have existing laws governing privacy rights for biometric information and its use by private entities. Other states, such as Montana, have considered creating similar legislation in the most recent legislative term.
Biometric information is often thought of as

Read More »

The State of State Data Laws, Part 2: Consumer Data Privacy Legislation

August 6, 2019

Many states are not waiting for the federal government to take action on data privacy. California was the first to take matters into its own hands by passing the California Consumer Privacy Act (CCPA), which is set to go into effect in January 2020 and will become enforceable later that year. In their 2019 legislative sessions, Nevada and Maine also passed consumer data privacy legislation, and numerous other states have considered similar laws.
The first piece in this series discussed how states have created a patchwork of data breach notification laws as a next best alternative to a federal solution. However, another emerging patchwork of broader CCPA-like data regulations would introduce more problems and disruptions. Such an approach could fail to solve actual problems and instead

Read More »

The State of State Data Laws, Part 1: Data Breach Notification Laws

July 31, 2019

A few weeks ago, Equifax settled with federal and state regulators to pay up to $700 million in damages and penalties from the 2017 data breach involving the personal information of millions of Americans.
This is far from the only time data security and privacy have been in the news. Just this week, Capital One announced a major breach that exposed the data of 106 million customers and applicants. From privacy for social media and search to security for government organization and infrastructure, it seems hardly a week goes by without a data-related scandal.
While Congressional lawmakers debate possible federal legislation on data privacy and security, some states are pursuing their own new policy actions.  Lacking a federal law, the current patchwork of state laws has both benefits and

Read More »

Security, Privacy, and Innovation in the Future of Telemedicine

July 18, 2019

Good morning, Chairman Angelo Puppolo, Vice Chair Aaron Vega, Ranking Minority Member Marc Lombardo, and distinguished members of the Committee on Technology and Intergovernmental Affairs.
My name is Jennifer Huddleston, and I am a research fellow at the Mercatus Center at George Mason University, where my research focuses primarily on the intersection of law and technology. This includes issues surrounding data security and data privacy. Thank you for this opportunity to discuss such policy matters in relation to telemedicine.
Within this context I would like to focus on three key points:

Telemedicine and other technological innovations expand the debate over protected health information (PHI) privacy and security and may require an examination of existing laws to reflect the reality

Read More »

Kisor and the Future of Agency Deference

June 27, 2019

Yesterday, the Supreme Court in Kisor v. Wilkie declined to overrule the doctrine of Auer deference in a narrow 5-4 decision. Still, the decision and concurring opinions clarify the limits of agency deference. What does the decision to retain Auer mean for the future of administrative law and its effect on technology policy?
Under Auer deference, courts typically accept agencies’ interpretations of their own regulations unless they were plainly erroneous. Yet this allows agencies to interpret their rules in such a way that leaves little legal recourse for affected parties.
The Supreme Court’s opinion, delivered by Justice Elena Kagan, does clarify that Auer deference should not always be invoked, that “the possibility of deference can arise only if a regulation is genuinely ambiguous,” and

Read More »

The Importance of Balancing Privacy with Innovation, Consumer Benefits, and Other Rights in the FTC’s Approach to Consumer Data Privacy

May 31, 2019

I welcome the opportunity to submit comments regarding the Federal Trade Commission’s (FTC’s) requests and recent hearings on 21st century consumer privacy and the accompanying questions on the topic. In my view, this topic and specifically the FTC’s approach to addressing privacy concerns must balance any risks of harm with the benefits of innovation and data usage that many consumers also experience. Furthermore, privacy does not exist in a vacuum and the potential impact of favoring privacy over other rights such as freedom of speech must also be carefully considered. The questions asked by the FTC and the accompanying hearings indicate the agency desires to find an appropriate balance on these issues that will continue to enable future innovation.
While the FTC asks many important

Read More »

What GDPR's First Year Says about Data Privacy Regulation

May 29, 2019

Almost a year ago, the European Union’s General Data Protection Regulation (GDPR) went into effect. In that year, the United States has been engaging in its own debate about what, if anything, should be done to bolster our data privacy protections. While some have suggested that the United States implement its own GDPR — a comprehensive reform to more tightly regulate the collection, use, and retention of data — we have the advantage of looking at the early consequences of Europe’s policy.
As debates about potential federal data privacy legislation continue, what can the first year of the GDPR teach us about what such a regime may do in America?
First, the cost of compliance with complicated data regulations is not cheap, and as a result, some companies may choose to leave the market

Read More »

Four Questions to Consider When Debating Potential Data Privacy Policy

April 25, 2019

Over the past year, debates about what, if anything, policymakers should do to protect data privacy have become increasingly fervent. Tech scandals and legislation like the European Union’s General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have drawn attention from policymakers and the media, and it’s easy to get caught up in the feeling that something must be done. Still, it is important to examine the potential implications of privacy rules before crafting a response to a perceived crisis.
I recently analyzed several federal data privacy proposals from the last year and have also discussed the concerning potential impact of state data privacy proposals. These proposals are typically well-intentioned, and policymakers believe they are responding to

Read More »

Has the “Auer” Glass Run out for Judicial Deference?

April 10, 2019

Recently, I’ve discussed different facets of the Kisor v. Wilkie Supreme Court case at The Federalist and Law 360. There is a real possibility for significant changes to the judicial deference that courts give administrative agencies during this SCOTUS term.
Two weeks ago the Court heard oral arguments in Kisor.  While it is often difficult to predict precisely what the Court will do in any given case, oral arguments can give insight into what the justices are thinking, and what the potential ruling might look like. In Kisor, the arguments indicate that the last hour may have come for Auer deference, the underlying issue at the heart of the case.
While the case may seem to be simply about an agency decision regarding veterans’ benefits on its face, the Supreme Court is actually addressing

Read More »

Innovation Helps Women Make History

April 5, 2019

Jennifer Huddleston writes on the positive effect that innovation has on advances in women’s rights and women’s contributions to the economy.
Read it at Inside Sources.

Read More »

How Technological Progress Leads to Women’s Progress

April 4, 2019

As I discussed in a recent op-ed in Inside Sources, technology is a force for economic growth and human progress. Few truly recognize just how much women have benefited from these advances. Technology not only decreases the burden of once-laborious household tasks, it also drives social progress and opportunities for women.
We have come a long way since the days of knee-jerk techno-panics against bicycles that I discuss in that piece. While we still may fear new technology, we have also embraced the freedom it gives us. The internet has been such a success because of policy decisions that enshrined the freedom to innovate online into law.
This means free speech and free expression are the default for women with access to technology. There are fewer barriers to finding their voice and

Read More »

The Importance of Avoiding Unintended Consequences When Defining Harm for Data Security and Data Privacy

March 26, 2019

Good afternoon, Chairman Krishnamoorthi, Ranking Member Cloud, and distinguished members of the Subcommittee on Economic and Consumer Policy.
My name is Jennifer Huddleston and I am a research fellow at the Mercatus Center at George Mason University. My research focuses primarily on the intersection of law and technology as well as issues surrounding data security and data privacy. Thank you for the opportunity to discuss some of the important issues surrounding data security and the role and ability of agencies to protect consumer information. This is an important policy conversation in light of the historic Equifax breach that occurred in 2017 as well as continuing conversations around data breaches and data privacy, and it is important that Americans consider the possible unintended

Read More »