The George Washington University Law School
2000 H Street, NW | Washington, DC 20052
Phone: (202) 994-9514 | Fax: (202) 994-9817 | Email




(Yale University Press 2011)

In response to increasing government surveillance, many people say they have “nothing to hide.”  They argue that people “must sacrifice privacy for security.” In Nothing to Hide, Professor Solove shows why these arguments are flawed and how they have skewed law and policy to favor security at the expense of privacy.



(Harvard University Press 2008)

Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.



(Yale University Press 2007)

The Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cyber mobs, and other current trends, The Future of Reputation shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Unless we establish a balance among privacy, free speech, and anonymity, we may discover that the freedom of the Internet makes us less free.

Winner of the 2007 Donald McGannon Award for Social and Ethical Relevance in Communications Policy Research



(NYU Press 2004)

This book examines the threat to privacy caused by the gathering of personal information in gigantic computer databases. Massive quantities of data about individuals are being used to make important decisions in their lives, and the government is increasingly tapping into companies' databases to monitor and profile people. The Digital Person examines why these developments are problematic and why the law has thus far failed to respond adequately. The book proposes a framework for effective regulation of data collection and use.





(Aspen 5th ed, 2015) (with Paul M. Schwartz)

This book surveys the field of information privacy law, with excerpts from the leading cases and scholarship. It covers privacy issues involving the media, health and genetic privacy, law enforcement, freedom of association, anonymity, identification, computers, records, cyberspace, home, school, workplace, and international privacy.



(IAPP 2d ed, 2013) (with Paul M. Schwartz)

This short guide provides an overview of information privacy law in a clear and succinct manner. Filled with charts and lists, this book summarizes the important federal and state statutes as well as the key cases.



(Aspen 2015) (with Paul M. Schwartz)

This short paperback, developed from the casebook, Information Privacy Law, contains key cases and materials focusing on privacy issues related to consumer privacy and data security. Topics covered include Big Data, financial privacy, FCRA, GLBA, FTC privacy and security regulation, identity theft, online behavioral advertising, First Amendment limitations on privacy regulation, data breaches, data breach notification statutes, privacy of video watching and media consumptions, CFAA, enforcement of privacy policies, marketing use of data, and more.



(Aspen 2015) (with Paul M. Schwartz)

This short paperback, developed from the casebook, Information Privacy Law, contains key cases and materials focusing on privacy issues related to government surveillance and national security. Topics covered include the Fourth Amendment, Third Party Doctrine, metadata, sensory enhancement technology, video surveillance, audio surveillance, location tracking and GPS, electronic surveillance law, computer searches, ECPA, CALEA, USA-PATRIOT Act, FISA, foreign intelligence, and NSA surveillance.



(Aspen 2d ed 2015) (with Paul M. Schwatz)

This book is designed for use in entertainment law, media law, journalism, advanced torts, First Amendment, and other courses and seminars that want in-depth coverage of privacy and media issues. Among other things, it covers the privacy torts, the defamation torts, balancing free speech and privacy, paparazzi, and philosophical perspectives on privacy.


(Aspen, 3d ed 2012) (with Paul M. Schwartz)

This book is designed for use in cyberlaw, law and technology, privacy law, and information law courses and seminars. Among other things, it covers electronic surveillance, computer searches, USA-Patriot Act, privacy and access to public records, data mining, identity theft, consumer privacy, and financial privacy.



(Aspen 2009) (with Paul M. Schwatz)

This book includes the up-to-date complete text of about 40 statutes, regulations, and other materials. Includes: APEC Privacy Framework, CCPA, California Breach Notification Statute , California’s SB1, COPPA, CALEA, CFAA, CAN-SPAM, CIIA, DPPA, ECPA, EU Data Protection Directive, FCRA, FERPA, FISA, FOIA, FTC Act, GLB Act, HIPAA, OECD Privacy Guidelines, Privacy Act, PPA, Real ID Act, RFPA, Safe Harbor Arrangement, TCPA, VPPA, and much more.




  • The FTC and the New Common Law of Privacy (with Woodrow Hartzog)
    114 Columbia Law Review (forthcoming 2014)

    Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices.  In this article, we contend that the FTC’s privacy jurisprudence is the functional equivalent to a body of common law, and we examine it as such. A common view of the FTC’s privacy jurisprudence is that it is thin, merely focusing on enforcing privacy promises.  In contrast, a deeper look at the principles that emerge from FTC privacy “common law” demonstrates that the FTC’s privacy jurisprudence is quite thick.   The FTC has codified certain norms and best practices and has developed some baseline privacy protections. Standards have become so specific they resemble rules.  We contend that the foundations exist to develop this “common law” into a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, that extends far beyond privacy policies, and that involves a full suite of substantive rules that exist independently from a company’s privacy representations.

  • Reconciling Personal Information in the United States and European Union
    102 California Law Review (forthcoming 2014) (with Paul M. Schwartz)

    The existence of personal information — commonly referred to as “personally identifiable information” (PII) — is the trigger for when privacy laws apply. PII is defined quite differently in U.S. and EU privacy law. The U.S. approach involves multiple and inconsistent definitions of PII that are often quite narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it threatens the stability of existing policy mechanisms for permitting international data flows. In this Essay, we argue that there is a way to bridge these differences regarding PII. We contend that a tiered approach to the concept of PII (which we call “PII 2.0”) represents a superior way of defining PII than the current approaches in the United States and European Union. We also argue that PII 2.0 is consistent with the different underlying philosophies of the U.S. and EU privacy law regimes.

  • Privacy Self-Management and the Consent Dilemma
    126 Harvard Law Review 1880 (2013)

    The "privacy self-management model" is the current regulatory approach for protecting privacy -- the law provides people with a set of rights to enable them to decide for themselves about how to weigh the costs and benefits of the collection, use, or disclosure of their data. This essay demonstrates how this model fails to serve as adequate protection of privacy. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data, assumptions that underpin and legitimize the privacy self-management model. Moreover, the model suffers from structural problems such as the problem of scale -- the fact that there are too many companies collecting and using data for a person to be able to manage privacy with every one -- and the problem of aggregation -- the fact that privacy harms often consist of an aggregation of disparate pieces of data, and there is no way for people to assess whether revealing any piece of information will sometime later on, when combined with other data, reveal something sensitive or cause harm. Privacy law and policy must confront a confounding dilemma with consent.  Currently, consent to the collection, use, and disclosure of personal data is often not meaningful, but the most apparent solution -- paternalistic measures -- even more directly denies people the freedom to make consensual choices about their data.

  • The PII Problem: Privacy and a New Concept of Personally Identifiable Information
    86 New York University Law Review 1814 (2011) (with Paul M. Schwartz)

    Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that the very concept of PII can be highly malleable.

    Because PII defines the scope of so much privacy regulation, the concept of PII must be rethought. In this Article, we argue that PII cannot be abandoned; the concept is essential as a way to define regulatory boundaries. Instead, we propose a new conception of PII, one that will be far more effective than current approaches.

  • Fourth Amendment Pragmatism
    51 Boston College Law Review 1511 (2010)
    This essay argues that the Fourth Amendment reasonable expectation of privacy test should be abandoned. Instead of engaging in a fruitless game of determining whether privacy is invaded, the United States Supreme Court should adopt a more pragmatic approach to the Fourth Amendment and directly face the issue of how to regulate government information gathering.
  • Prosser's Privacy Law: A Mixed Legacy
    98 California Law Review 1887 (2010) (with Neil M. Richards)
    This article examines the complex ways in which William Prosser shaped the development of the American law of tort privacy. Although Prosser certainly gave tort privacy an order and legitimacy that it had previously lacked, he also stunted its development in ways that limited its ability to adapt to the problems of the Information Age. His skepticism about privacy, as well as his view that tort privacy lacked conceptual coherence, led him to categorize the law into a set of four narrow categories and strip it of any guiding concept to shape its future development. Prosser’s legacy for tort privacy law is thus a mixed one: He greatly increased the law’s stature at the cost of making it less able to adapt to new circumstances in the future. If tort privacy is to remain vital in the future, it must move beyond Prosser’s conception.
  • Rethinking Free Speech and Civil Liability
    109 Columbia Law Review 1650 (2009) (with Neil M. Richards)
    This article examines the two starkly opposing rules governing civil liability that implicates free speech. Since New York Times v. Sullivan, the First Amendment requires heightened protection against tort liability for speech, such as defamation and invasion of privacy. But in other contexts involving civil liability for speech, the First Amendment provides virtually no protection. According to Cohen v. Cowles, there is no First Amendment scrutiny for speech restricted by promissory estoppel and contract. The First Amendment rarely requires scrutiny when property rules limit speech. In many contexts, especially the law of confidentiality, both the Sullivan and Cohen rules could potentially apply. Formal distinctions between types of law will not resolve this conflict, since tort, contract, and property overlap significantly. This article aims to develop a coherent theory and approach for resolving how the First Amendment should regulate civil liability implicating free speech, something that existing doctrine and theory have thus far failed to do.
  • Data Mining and the Security-Liberty Debate
    74 University of Chicago Law Review 343 (2008)
    This essay examines some common difficulties in the way that liberty is balanced against security in the context of data mining. For data mining, assessments of the liberty interest are limited by narrow understandings of privacy that neglect to account for many privacy problems. Courts and commentators defer to the government’s assertions about the effectiveness of the security interest. As a result, the balancing concludes with a victory in favor of the security interest. But important dimensions of data mining’s security benefits require more scrutiny, and the privacy concerns are significantly greater than currently acknowledged.
  • "I've Got Nothing to Hide" and Other Misunderstandings of Privacy
    44 San Diego Law Review 745 (2007)
    According to the "nothing to hide" argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The "nothing to hide" argument is quite prevalent. This short essay takes on the "nothing to hide" argument and exposes its faulty underpinnings.
  • Privacy's Other Path: Recovering the Law of Confidentiality
    96 Georgetown Law Journal 123 (2007) (with Neil M. Richards)
    This article argues that contrary to the familiar legend that Samuel Warren and Louis Brandeis invented the right to privacy in 1890, they instead took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren and Brandeis (and later William Prosser) turned away from the law of confidentiality to create a new conception of privacy based on the individual’s “inviolate personality.” English law, however, rejected Warren and Brandeis’s conception of privacy and developed a conception of privacy as confidentiality. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. The article explores how and why privacy law developed so differently in America and England.
  • The First Amendment as Criminal Procedure
    84 New York University Law Review 112 (2007)
      To be reprinted in The First Amendment Handbook 2007-08 (Rodney Smolla ed.)
    This article explores the relationship between the First Amendment and criminal procedure. These two domains of constitutional law have long existed as separate worlds, rarely interacting with each other. But many instances of government information gathering can implicate First Amendment interests such as freedom of speech, association, and religion. The article argues there are doctrinal, historical, and normative justifications to develop “First Amendment criminal procedure.” It sets forth an approach to determine when certain instances of government information gathering fall within the regulatory domain of the First Amendment and what level of protection the First Amendment should provide.
  • A Taxonomy of Privacy
    154 U. Pennsylvania Law Review 477 (2006)
    Privacy, in the words of one commentator, suffers from "an embarrassment of meanings." Abstract incantations of the importance of "privacy" do not fare well when pitted against more concretely-stated countervailing interests. This article develops a much-needed taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.
  • The Multistate Bar Exam as a Theory of Law
    104 Michigan Law Review 1403 (2006)
    What if the Bar Exam were read as a work of jurisprudence? What is its theory of law? How does the Bar Exam compare to works of jurisprudence by H.L.A. Hart, Ronald Dworkin, Karl Llewellyn, and others? This short tongue-in-cheek book review of the Bar Exam seeks to answer these questions.
  • A Tale of Two Bloggers: Free Speech and Privacy in the Blogosphere
    84 Washington University Law Review 1195 (2006)
    We have a rather romantic conception of bloggers, but the average blogger is a teenager writing an online diary, not a scholar or amateur journalist. We should think of the legal rules regulating the blogosphere with a more realistic conception of bloggers. We need to address the problems created when blogging places gossip online, making gossip less localized and forgettable and more permanent and widespread.
  • A Model Regime of Privacy Protection
    2006 U. Illinois Law Review 357 (2006) (with Chris Hoofnagle)
    Privacy protection in the United States has often been criticized, but critics have too infrequently suggested specific proposals for reform. This essay endeavors to serve as a model for privacy legislation, patterned in part after various model codes and restatements. It aims to make concrete proposals to fill in the existing gaps and flaws in United States privacy law. The essay addresses comments and criticism from academics, policymakers, journalists, and experts as well as from the industries and businesses that will be regulated under the Regime.
  • Fourth Amendment Codification and Professor Kerr's Misguided Call for Judicial Deference
    74 Fordham Law Review 747 (2005)
    This essay critiques Professor Orin Kerr’s provocative article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004). Professor Kerr argues that “courts should place a thumb on the scale in favor of judicial caution when technology is in flux, and should consider allowing legislatures to provide the primary rules governing law enforcement investigations involving new technologies.” I argue that Kerr is wrong in urging for a deferential judicial approach to the Fourth Amendment.
  • Melville's Billy Budd and Security in Times of Crisis
    26 Cardozo Law Review 2443 (2005)
    During times of crisis, our leaders have made profound sacrifices in the name of security, ones that we later realized need not have been made. After September 11th, this tragic history repeated itself. These events give Herman Melville’s Billy Budd renewed relevance to our times. Billy Budd is a moving depiction of a profound sacrifice made in the name of security. This essay diverges from conventional readings that view Billy Budd as critiquing the rule of law. Instead, Billy Budd supplies us with a radical and unsettling set of insights about why our leaders often fail to do justice in times of crisis. The novella suggests that by manipulating procedure under the guise of law, Captain Vere gives the appearance of following the rule of law, when, in fact, he is not. This is particularly illuminating, as the Supreme Court in Hamdi v. Rumsfeld has held that normal procedures required by the Due Process Clause can be modified and watered-down for "enemy combatants."
  • Reconstructing Electronic Surveillance Law
    72 George Washington Law Review 1264 (2004)
    This article argues that electronic surveillance law (the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act) suffers from significant problems that predate the USA-Patriot Act. The USA-Patriot Act indeed worsened some of these problems, but surveillance law had lost its way long before. Surveillance law is thus in need of a radical reconstruction. After exploring specific difficulties with the scope, standards, and enforcement mechanisms of the statutes, the article examines the more deeply-rooted and systematic problems. It recommends ways in which surveillance law should be reconstructed to address these problems.
  • The Virtues of Knowing Less: Justifying Privacy Protections Against Disclosure
    53 Duke Law Journal 967 (2003)
    The article develops justifications for protections against the disclosure of private information. An extensive body of scholarship (e.g., Eugene Volokh, Richard Posner, Diane Zimmerman) has attacked such protections as anathema to the Information Age, where the free flow of information is championed as a fundamental value. The article responds to two general critiques of disclosure protections: (1) that they inhibit freedom of speech, and (2) that they restrict information useful for judging others. It develops a theory for how to distinguish between public and private concerns, one that draws an analogy to the law of evidence.
  • Can Pragmatism Be Radical? Richard Posner and Legal Pragmatism
    113 Yale Law Journal 687 (2003) (with Michael Sullivan)
    This review of Posner’s Law, Pragmatism and Democracy puts Posner’s account of pragmatism to the pragmatic test by examining its implications. Posner views ideals as useless and philosophical theorizing as empty. Lacking any meaningful approach for scrutinizing social goals, however, pragmatism devolves into an efficiency exercise -- finding the appropriate means to achieve our given ends. Posner’s account has little to say about the selection of ends. Accordingly, his attack on abstract ideals becomes, in effect, an endorsement of such ideals, since it leaves unreconstructed the dominant moral ideals of present society. In contrast, this review sketches a thicker account of pragmatism, one that better integrates theory and practice and provides more meaningful guidance about the choice of ends. The review also critiques Posner’s theory of democracy.
  • Identity Theft, Privacy, and the Architecture of Vulnerability
    54 Hastings Law Journal 1227 (2003)
    Traditionally, privacy violations have been understood as invasive actions by particular wrongdoers who cause direct injury to victims. This article contends the traditional model does not adequately account for many of the privacy problems arising today -- especially identity theft. These privacy problems are systemic in nature and cannot adequately be remedied by individual rights and remedies alone. The article contends that privacy problems such as identity theft are created by "architectures of vulnerability," which make people vulnerable to significant harm and helpless to do anything about it. Identity theft can only be curtailed by reforming business practices that do not provide adequate security to personal information.
  • Digital Dossiers and the Dissipation of Fourth Amendment Privacy
    75 Southern California Law Review 1083 (2002)
    This article examines the increasing information flow from the private sector to the government, especially in light of the response to September 11, 2001. This government information gathering takes place outside the bounds of the Fourth Amendment, since the Supreme Court held that the Fourth Amendment does not apply to records held by third parties. Law enforcement officials can, with little restriction or judicial oversight, assemble what amounts to a digital dossier about a person by obtaining the personal details aggregated by various banks, businesses, websites, employers, ISPs, and other entities. This article proposes a legal framework for regulating law enforcement access to personal information held by third parties.
  • Conceptualizing Privacy
    90 California Law Review 1087 (2002)
    This article develops a new approach for conceptualizing privacy. Existing theories of privacy seek to isolate one or more common "essential" characteristics of privacy. Expounding upon Ludwig Wittgenstein's notion of "family resemblance," this article contends that privacy is better understood as drawing from a common pool of similar characteristics. Rather than search for an overarching concept, the article advances a pragmatic approach to conceptualizing privacy. We should explore what it means for something to be private contextually by looking at particular practices. The article illustrates these points by looking historically at certain matters Western societies have long understood as private - the family, the body, and the home.
  • Access and Aggregation: Public Records, Privacy, and the Constitution
    86 Minnesota Law Review 1137 (2002)
    This article develops a theory to reconcile the tension between transparency and privacy in the context of public records. The ready availability of public records enables a growing number of private sector organizations to assemble detailed dossiers about people, which are used in a number of disturbing ways that are not consistent with the purposes of freedom of information laws. To combat this problem, commercial access and use restrictions must be imposed on public record systems, and a federal baseline of protection must be established. The article contends that limiting the use and accessibility of public records does not run afoul of the First Amendment.
  • Privacy and Power: Computer Databases and Metaphors for Information Privacy
    53 Stanford Law Review 1393 (2001)
    Journalists, politicians, jurists, and legal academics often describe the privacy problem created by the collection and use of personal information through computer databases and the Internet with the metaphor of Big Brother - the totalitarian government portrayed in George Orwell's Nineteen Eighty-Four. However, the problem with databases is often not that we are placed under surveillance and inhibited from engaging in our daily activities. This article suggests that the problem should be analogized to Franz Kafka's The Trial. Conceptualizing the problem with the Kafka metaphor has profound implications for the law of information privacy as well as which legal approaches are taken to solve the problem.
  • The Darkest Domain: Deference, Judicial Review, and the Bill of Rights
    84 Iowa Law Review 1393 (1999)
    This article engages in a broad and conceptual analysis of judicial deference in cases involving constitutional rights. Deference has a strong conceptual backbone rooted in the long-accepted principle that the judiciary must avoid doing what was done in Lochner – the substitution of judicial judgment for that of the policymaker or legislature. The article argues that deference is a misguided attempt to carry out this principle in practice, an attempt based on an impoverished conception of how the judiciary and government institutions evaluate factual and empirical evidence.
  • Postures of Judging: An Exploration of Judicial Decisionmaking
    9 Cardozo Studies in Law & Literature 173 (1997)
    This article critiques Ronald Dworkin's jurisprudence by drawing insights from Fyodor Dostoyevsky's The Brothers Karamazov. Dworkin contends that principles provide an answer to the question of fit: how judges reconcile general legal rules with particular situations. In contrast, the article argues that answering the question of fit requires examining the "posture" of a judge — a judge’s physical and temporal position in relation to the cases she adjudicates, a position which affects the level of generality with which a judge perceives the facts of a case and directly influences a judge’s toleration of imprecision in fit between general propositions and concrete cases. Postures provide a descriptive account of aspects of our legal experience that Dworkin’s principled jurisprudence cannot explain. Dostoyevsky's novel illustrates how a multiplicity of similar yet distinct postures are shaped and how they relate to each other.
  • Faith Profaned: The Religious Freedom Restoration Act and Religion in the Prisons
    106 Yale Law Journal 459 (1996)
    This note examines the Religious Freedom Restoration Act (RFRA) of 1993 and its impact on the free exercise of religion in prisons. Prior to RFRA, prisoners' free exercise rights were only protected with minimal scrutiny. RFRA raised the level of scrutiny to strict scrutiny, which is the highest form of constitutional protection. Nevertheless, cases decided under RFRA's more protective standard still by and large came out the same way. This note analyzes why. The central problem was the application of deference by the courts, which overrode even the highest constitutional scrutiny. The note argues that such deference is improper, as it nullifies the courts' ability to engage in meaningful judicial review.
  • Fictions About Fictions
    105 Yale Law Journal 1439 (1996)
    This note reviews L.H. LaRue's Constitutional Law as Fiction.



  • Radical Pragmatism
    in The Cambridge Companion to Pragmatism (Alan Malacowski ed.  2013) (with Michael Sullivan)

  • Speech, Privacy, and Reputation on the Internet
    in The Offensive Internet: Speech, Privacy, and Reputation (Martha Nussbaum & Saul Levmore, eds. Harvard University Press 2011)
    This book chapter develops ideas set forth in Professor Solove's book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, and responds to critics of Solove's proposals..
  • Bedeuten soziale Netzwerke das Ende der Privatsphäre?
    Public Life: Digitale Intimität, die Privatsphäre und das Netz (Hrsg. von der Heinrich-Böll-Stiftung ed. 2011)
  • The New Vulnerability: Data Security and Personal Information
    in Securing Privacy in the Internet Age (Chander, Radin, & Gellman eds., Stanford University Press 2008)
    This book chapter argues that abuses of personal information are caused by the failure to regulate the way companies manage personal information. The law fails to focus on the causes of information abuses; instead, it becomes involved when information misuses such as identity theft actually occur, not earlier on in the process. If the law addressed information leaks and insecurity, it would more effectively curtail abuses.
  • A Brief History of Information Privacy Law
    in Proskauer on Privacy (Christopher Wolf, ed. 2006)
    This book chapter provides a brief account of how and why information privacy law developed over the past few centuries.
  • The Digital Person and the Future of Privacy
    in Privacy and Identity: The Promise and Perils of a Technological Age (Katherine Strandburg, ed., Kluwer Academic Press, 2005)
    This book chapter examines the privacy implications of the rise of digital dossiers of personal information.
  • The Origins and Growth of Information Privacy Law
    -- 748 PLI/PAT Fourth Annual Institute on Privacy Law 29 (2003)
    -- 828 PLI/PAT Sixth Annual Institute on Privacy Law 83 (2005) (updated version)
    This book chapter provides a brief overview of the history of the development of information privacy law. In particular, it explores the way that the law has emerged in response to changes in technology that have increased the collection, dissemination, and use of personal information.