Zachary Schapiro

Abstract: Consumers overwhelmingly believe that companies do not do enough to protect their personal data. As Congress considers federal data protection legislation, it must ensure that any proposed legislation comports with the First Amendment. In 2011, in Sorrell v. IMS Health Inc., the U.S. Supreme Court determined that a Vermont law prohibiting the use of physician-prescribing records for marketing purposes violated the First Amendment. At the heart of Sorrell is that shared data, unlike a… Show more

Abstract: Consumers overwhelmingly believe that companies do not do enough to protect their personal data. As Congress considers federal data protection legislation, it must ensure that any proposed legislation comports with the First Amendment. In 2011, in Sorrell v. IMS Health Inc., the U.S. Supreme Court determined that a Vermont law prohibiting the use of physician-prescribing records for marketing purposes violated the First Amendment. At the heart of Sorrell is that shared data, unlike a traditional commodity like oil, conveys information and is thus First Amendment-protected speech. Since Sorrell, the use and retention of data, specifically personal data, has exploded and is only expected to increase. Nevertheless, the United States currently lacks comprehensive federal data protection legislation. To fill this legislative gap, state legislatures have begun to pass data protection laws. These laws apply either to specific types of data—such as biometric information or Internet service provider customer information—or simply all consumer data. As state and federal legislative efforts advance, lawmakers must consider the lessons from Sorrell to ensure that new legislation protects consumer privacy interests without infringing on data holders’ protected speech. This Note argues that most data protection legislation will likely survive First Amendment scrutiny under Sorrell because the legislation establishes baseline personal data privacy rights while still generally allowing businesses to use personal data so long as they are transparent. Show less

Abstract: Computers have become a ubiquitous part of everyday life—used in the office and the home for a wide array of features. Prior to using a computer, people must agree to various software and website terms of use. Additionally, employers typically adopt computer use policies which prohibit use of a company computer for personal matters. Many people, either knowingly or unknowingly, violate these terms and policies. Is violating these policies and agreements criminal? Circuit courts… Show more

Abstract: Computers have become a ubiquitous part of everyday life—used in the office and the home for a wide array of features. Prior to using a computer, people must agree to various software and website terms of use. Additionally, employers typically adopt computer use policies which prohibit use of a company computer for personal matters. Many people, either knowingly or unknowingly, violate these terms and policies. Is violating these policies and agreements criminal? Circuit courts disagree on the answer. In some jurisdictions, simple violations of a website’s terms of use or a company’s computer policies could result in criminal liability under the Computer Fraud and Abuse Act (CFAA) where individuals have limited permission to use a computer or website and they exceed the scope of their permission. In other jurisdictions, courts have interpreted the Act narrowly such that one can only violate it by accessing unauthorized files and information. In 2019, in United States v. Van Buren, the Eleventh Circuit recognized the conflicting interpretations of the CFAA as it upheld a defendant’s conviction under a broad interpretation of the statute. The defendant petitioned for certiorari, and, in April 2020, the Supreme Court granted it to settle this statutory ambiguity. Now that certiorari has been granted, the rule of lenity requires the Court adopt the narrower interpretation of the CFAA so that private parties do not determine criminal behaviors. Show less