PUBLICATIONS

Breached!: Why Data Security Law Fails and How to Improve It 

(Oxford University Press, 2022).  (with Daniel J. Solove).

Privacy’s Blueprint: The Battle to Control the Design of New Technologies 

(Harvard University Press, 2018) (Chapter 1: Why Design is Everything)

• “Against AI Half Measures.” 77 Florida Law Review (forthcoming 2025) (symposium with Ryan Durrie, Jordan Francis and Neil Richards). 
• “The Great Scrape: The Clash Between Scraping and Privacy.” 113 California Law Review (forthcoming 2025) (with Daniel Solove).
• “Privacy as Contract?” 39 Harvard Journal of Law and Technology (forthcoming 2025) (with Daniel J. Solove).
• “The Hypocrisies of Data Governance.” 27 Yale Journal of Law and Technology (forthcoming 2025) (Athina Markopoulou and Zubair Shafiq). 
• “Normalizing Facial Recognition and the End of Obscurity.” 2025/01 European Review of Digital Administration and the Law (forthcoming 2025) (with Evan Selinger).
• “Privacy’s Autonomy Thicket: Disentangling Choice, Consent, and Control.” 1 George Washington Journal of Law and Technology (forthcoming 2025) (symposium with Jordan Francis and Neil Richards). 
• “Dark Pattern as Disloyal Design.” 99 Indiana Law Journal (forthcoming 2025) (symposium with Johanna Gunawan and Neil Richards). 
• “Kafka in the Age of AI and the Futility of Privacy as Control.” 104 Boston University Law Review 1021 (2024) (with Daniel Solove).
• “Against Engagement.” 104 Boston University Law Review 1151 (2024) (symposium with Neil Richards). 
• “Two AI Truths and a Lie.” 26 Yale Journal of Law & Technology 595 (2024).
• “Privacy Nicks: How the Law Normalizes Surveillance.” 101 Washington University Law Review 717 (2024) (with Evan Selinger and Johanna Gunawan)
• “A Concrete Proposal for Data Loyalty.” 32 Harvard Journal of Law and Technology 1135 (2023) (symposium with Neil Richards and Jordan Francis). 
• “A Scientific Approach to Tech Accountability.” 32 Harvard Journal of Law Technology 1135 (2023) (symposium with Neil Richards and Jordan Francis).
• “The Surprising Virtues of Data Loyalty,” 71 Emory Law Journal  (2022) (with Neil Richards).
• "Legislating Data Loyalty,"   97 Notre Dame Law Review Reflection 356. (2022) (With Neil Richards).
• “What is Privacy? That’s the Wrong Question,” 88 The University of Chicago Law Review  (2021).
• “A Duty of Loyalty for Privacy Law,” 99 Washington University Law Review (2021) (with Neil Richards).
• “COVID-19  and the Technology Trust Gap,” 51 Seton Hall Law Review 1505 (2021) (with Johanna Gunawan, David Coffnes, and Christo Wilson).
• “An Education Theory of Fault for Autonomous Systems,” 2 Notre Dame Journal on Emerging Technologies 33 (2021) (with Cindy Grimm and Bill Smart).
• “A Comparative Study of Dark Patterns Across Web and Mobile Modalities,” ACM Conference on Computer Supported Cooperative Work (CSCW ’21) (with Johanna Gunawan, Amogh Pradeep, David Coffnes and Christo Wilson).
• “Towards an Understanding of Dark Patterns Privacy Harms,” CHI Workshop “What Can CHI Do About Dark Patterns?,” 2021 ACM CHI Conference (co-author) (publication in proceedings).
• “A Relational Turn for Data Protection?,” 4 European Data Protection Law Review 1 (2020).
• “BIPA: The Most Important Biometric Privacy Law in the US?,” 96 Regulating Biometrics: Global Approaches and Urgent Questions (AI NOW 2020).
• “Privacy's Constitutional Moment and the Limits of Data Protection,” 61 Boston College Law Review 1687 (2020) (with Neil Richards).
• “The Inconsentability of Facial Surveillance,” 66 Loyola Law Review 101 (2019) (with Evan Selinger).
• “The Upsides of Deep Fakes,” 78 Maryland Law Review 960 (2019) (with Jessica Silbey).
• “The Pathologies of Digital Consent,” 96 Washington University Law Review 1461 (2019) (with Neil Richards).
• “The Public Information Fallacy,” 98 Boston University Law Review (2019).
• “The Case Against Idealising Control,” 4 European Data Protection Law Review 423 (2019).
• “Body Cameras and the Path to Redeem Privacy Law,” 96 North Carolina Law Review 1257 (2018).
• “The Indispensable, Inadequate Fair Information Practices,” 76 Maryland Law Review 952 (2017).
• “Privacy’s Trust Gap,” 126 Yale Law Journal 1180 (2017) (with Neil Richards).
• “Trusting Big Data Research” 65 DePaul Law Review 579 (2017) (with Neil Richards).
• “Taking Trust Seriously in Privacy Law,” 19 Stanford Technology Law Review  431 (2016) (with Neil Richards).
• “Anonymization and Risk,” 90 Washington Law Review 703 (2016) (with Ira Rubinstein).
• “The Internet of Heirlooms and Disposable Things,” 17 North Carolina Journal of Law and Technology 581 (2016) (with Evan Selinger).
• “Inefficiently Automated Law Enforcement,” 2015 Michigan State Law Review 1763 (2016) (with Gregory Conti, Lisa Shay and Jon Nelson).
• “Unfair and Deceptive Robots,” 74 Maryland Law Review 785 (2015).
• “The Scope and Potential of FTC Data Protection,” 83 George Washington Law Review 2230 (2015) (with Daniel J. Solove).
• “Surveillance as Loss of Obscurity,” 72 Washington and Lee Law Review 1343 (2015) (with Evan Selinger).
• “The FTC and the New Common Law of Privacy,” 114 Columbia Law Review 583 (2014) (with Daniel J. Solove).
• “Reviving Implied Confidentiality,” 89 Indiana Law Journal 763 (2014).
• “The Value of Modest Privacy Protections in a Hyper Social World,” 12 Colorado Technology Law Journal 332 (2014).
• “Social Data,” 74 Ohio State Law Journal 995 (2013).
• “Obscurity by Design,”  88 Washington Law Review 385 (2013) (with Fred Stutzman).
• “The Fight to Frame Privacy,” 111 Michigan Law Review 1021 (2013) (book review).
• “The Case for Online Obscurity,” 101 California Law Review 1 (2013) (with Fred Stutzman).
• “Big Data in Small Hands,” 66 Stanford Law Review Online 81 (2013) (with Evan Selinger).
• “Chain-Link Confidentiality,” 46 Georgia Law Review 657 (2012) (symposium).
• “Website Design as Contract,” 60 American University Law Review 1635 (2011).
• “Promises and Privacy: Promissory Estoppel and Confidential Disclosure in Online Communities,” 82 Temple Law Review 891 (2009).

• "We’re so close to getting data loyalty right," IAPP (2022) (With Neil Richards).
• "We Still Haven’t Learned the Major Lesson of the 2013 Target Hack," Slate (2022) (with Daniel Solove).
• "Data Vu: Why Breaches Involve the Same Stories Again and Again," Scientific American (2022) (with Daniel Solove).
• “Banning Trump from Twitter and Facebook isn’t nearly enough,” Los Angeles Times (2021) (with Ryan Calo).
• “Getting the First Amendment Wrong,” Boston Globe (2021) (with Neil Richards).
• “The dangers of tech-driven solutions to COVID-19,” Brookings (2020) (with Julie Cohen and Laura Moy).
• “Coronavirus tracing apps are coming. Here’s how they could reshape surveillance as we know it,” Los Angeles Times (2020).
• “Don’t use face recognition to fight COVID: We need disease surveillance, not a surveillance state,” New York Daily News (2020) (with Evan Selinger).
• “Masks and our face-recognition future: How coronavirus (slightly) clouds the picture painted by tech firms,” New York Daily News (2020) (with Evan Selinger).
• “Why Europe's GDPR Magic Will Never Work in the US,” WIRED (2020) (with Neil Richards).
• “What Happens When Employers Can Read Your Facial Expressions?,” The New York Times (2019) (with Evan Selinger).
• “There's a Lot to Like About the Senate Privacy Bill, If It's Not Watered Down,” The Hill (2019) (with Neil Richards).
• “The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress,”Lawfare (August 9, 2019).
• “Why You Can No Longer Get Lost in the Crowd,” The New York Times (April 17, 2019).
• “Facial Recognition Is the Perfect Tool for Oppression,” Medium (August 2, 2018).
• “Click by click, drowning in data, we Internet ‘users’ are being used,” Boston Globe (2018).
• “Privacy and the Dark Side of Control,” The Institute of Art and Ideas (2017).