LEMON SQUEEZY
Keeping personal data secret, respecting individual boundaries, and controlling access to personal information describes this concept.
What is privacy?
Under the GDPR and many U.S. privacy laws, this fundamental right allows individuals to see what personal data a company holds about them.
What is the Right to Access?
Daniel Solove’s article refutes this common assertion by arguing that privacy is far more nuanced than mere secrecy.
What is “I’ve got nothing to hide”?
Prof. Woodrow Hartzog recommends we do this with facial recognition technology.
What is ban it (or throw it into the sun)?
SCCs
What are Standard Contractual Clauses?
GDPR Article 13 requires organizations to provide this to data subjects at or before the time data are collected.
What is a privacy notice (or notice of data collection)?
Enshrined in GDPR Article 17 and reflected in state laws like the CCPA, it lets individuals request removal of their personal information from an organization’s databases.
What is the Right to Deletion (or “Right to Erasure”)?
The My Health My Data Act in Washington extends privacy protections to consumer health data that typically wouldn’t be covered by this well-known federal law.
What is HIPAA (Health Insurance Portability and Accountability Act)?
Prof. Helen Nissenbaum’s contextual integrity examines these expectations, which vary depending on roles, activities, and social settings.
What are norms of information flow (or context-specific privacy norms)?
PCI DSS
What is Payment Card Industry Data Security Standard?
The concept that creators and deployers of AI should actively mitigate harm by embedding fairness, accountability, and transparency.
What is responsible AI?
Known as the “Right to Rectification” in the GDPR, it empowers individuals to correct inaccuracies in their personal data.
What is the Right to Correction?
The phenomenon in which an AI model does very well with its training examples but poorly on new, unseen data.
What is overfitting?
In “The Scale and the Reactor,” Prof. Ryan Calo emphasizes that technology’s impacts cannot be evaluated without simultaneously considering this broader environment.
What is the social or political context?
ADPPA
What was the American Data Privacy and Protection Act?
This section of the 1996 Communications Decency Act grants platforms immunity from liability for user-generated content.
What is Section 230?
This right, recognized under GDPR Article 18, lets individuals demand that an organization limit its use of their personal data in specific circumstances.
What is the Right to Restrict Processing?
This phrase, from Gitelman and Jackson, reminds us that data are never truly neutral or unmediated.
What is “Raw data is an oxymoron”?
Bowker and Star’s research shows how these systems embed power and shape access to resources, revealing the politics of labeling and categorizing.
What are classification systems?
CPNI
What is Customer Proprietary Network Information?
The current chair of the Federal Trade Commission.
Who is Andrew Ferguson?
The GDPR grants individuals the ability to receive their personal data in a structured, machine-readable format and move it to another provider.
What is the Right to Data Portability?
The winner of the Technology Law & Public Policy Clinic's Drag vs. AI Event?
Who is Ms. Algorithmia?
Critics call out AI for resurrecting this debunked practice—claiming to detect personal traits from one’s face.
What is physiognomy or phrenology?
CIRCIA
What is the Cyber Incident Reporting for Critical Infrastructure Act of 2022?