Albert Gidari is the Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers. He negotiated the first-ever "privacy by design" consent decree with the Federal Trade Commission on behalf of Google, which required the establishment of a comprehensive privacy program including third party compliance audits. Mr. Gidari is a recognized expert on electronic surveillance law; and, long an advocate for greater transparency in government demands for user data, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received. Mr. Gidari earned an LLM from University of Washington School of Law, his law degree from George Mason University School of Law, and his undergraduate degree from Tulane University.
Hi Res Photo of Albert Gidari
Last month, the Supreme Court of California may have decided the future of the public's access to "smart city" data without knowing it. In ACLU v Los Angeles Police Department, the court accepted that raw data collected by Los Angeles police and sheriff departments, using automated licence plate readers (ALPRs), constituted a public record subject to disclosure under California's Public Records Act (CPRA) absent an exemption. The court held that the catch-all disclosure exemption in the CPRA applied, which requires balancing the public interest in preventing disclosure where certain harms can be identified against the public interest served by disclosure such as furthering the public's understanding of the privacy risks of the ALPR program.
If your cell phone is on, your location is known, tracked and recorded, whether you are in your home or in public. As you move around, your location history is created and stored by the carrier, numerous applications on the device, and potentially even the manufacturer of the device or operating system provider. Your consent to capture this information, whether rough location or very granular, may be tacit, inherent in the application’s usage, or freely given when you activate, install or operate the device.
The House Judiciary Committee held a hearing yesterday on cross-border data requests, featuring testimony from the Department of Justice, the U.K. government, Google, the Center for Democracy and Technology, state law enforcement, and Professor Andrew Woods. Everyone recognizes the problem: law enforcement outside the U.S. can’t get data for their legitimate investigations from U.S.
No one wants to live in a “dumb” city. But I question whether anyone ought to want to live in a really smart city either. I’d prefer to just live in a smarter city -- one that puts my privacy and security first before rolling out ubiquitous sensors and broad-scale data collection in the name of some larger public good.
I have been writing for some time about the huge discrepancy between the number of wiretaps reported annually by the Administrative Office (AO) of the US Courts and the numbers reported by phone companies and online service providers in their transparency reports. It never occurred to me that the AO might be at fault for some of the apparent under-reporting of wiretaps.
"Albert Gidari, director of privacy for Stanford University Law School’s Center for Internet and Society in California, thoroughly disagrees with his colleagues on the east coast. He told Quartz (in an email, of course) that the Massachusetts decision was “nonsense” and that this question didn’t even really need resolving.
"What measures can authorities undertake in order to avoid cases like the recent Equifax leaks? Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the CFPB play a larger role in regulation and enforcement of bureaus?
""If Facebook has no reason to think that it should retain the data (subpoena, court order), then it can make choices about what appears on its platform," said Danielle Citron, a professor of law at the University of Maryland, where she teaches and writes about information privacy.
"“I've worked with this statute for 20 years and I learn something new every time I look at it,” Albert Gidari, the Director of Privacy at the Stanford Center for Internet and Society who has previously represented Google and Facebook on ECPA issues. “It's exceedingly complex.”"
"Albert Gidari, director of the Privacy Center for Internet & Society at Stanford Law School, told the Northern California Record the court made the right call, but noted, “Yes, the California Supreme Court balanced the public's right to disclosure with privacy concerns. But it is ironic in another sense. If the license plate data is so sensitive, why does the government get to collect it in the first place and view it any time without legal process?”"
The Center for Internet and Society (CIS) is a public interest technology law and policy program at Stanford Law School and a part of Law, Science and Technology Program at Stanford Law School. CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry.
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
After a lengthy legislative process, the GDPR is finally ready. As the most significant overhaul of data privacy laws in Europe in twenty years, it will have a profound impact on Silicon Valley technology companies offering online services in Europe. The recently announced Privacy Shield will affect most US organisations that receive personal information from Europe.