182  NOTES

           33.  The Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3401–3402.
           34.  Department of Health and Human Services, “Summary of the HIPAA Privacy
              Rule,” , http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/.
           35.  The Video Privacy Protection Act of 1988, 18 U.S.C. § 2710.
           36.  Gina Stevens, “Privacy Protections for Personal Information Online,” Congres-
              sional Research Service (April 6, 2011).
           37.  Orin S. Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Michigan
              Law Review 3 (December 2012), 333.
           38.  Matthew D. Lawless, “The Third Party Doctrine Redux: Internet Search
              Records and the Case for a ‘Crazy Quilt’ of Fourth Amendment Protection,”
              UCLA Journal of Law & Technology 2 (2007): 1.
           39.  Orin Kerr and Greg Nojeim, “The Data Question: Should the Third-Party
              Records Doctrine Be Revisited?” ABA Journal (August 1, 2012), http://
              www.abajournal.com/magazine/article/the_data_question_should_
              the_third-party_records_doctrine_be_revisited/.
           40.  Daniel Cooper, “Consent in EU Data Protection Law,”  European Privacy
              Association, http://www.europeanprivacyassociation.eu/public/download/
              EPA%20Editorial_%20Consent%20in%20EU%20Data%20Protection%20
              Law.pdf (accessed April 7, 2013).
           41. European Commission, Why Do We Need an EU Data Protection Reform?,
              http://ec.europa.eu/justice/data-protection/document/review2012/fact-
              sheets/1_en.pdf (accessed April 7, 2013).
           42.  “New Draft European Data Protection Regime,” Law Patent Group, http://
              mlawgroup.de/news/publications/detail.php?we_objectID=227 (accessed March 6,
              2015).
           43.  Erica Newland, “CDT Comments on EU Data Protection Directive,” Center
              for Democracy and Technology (January 20, 2011), https://www.cdt.org/blogs/
              erica-newland/cdt-comments-eu-data-protection-directive.
           44.  “Data protection reform: Frequently asked questions,” Europa (January 25,
              2012) http://europa.eu/rapid/press-release_MEMO-12-41_en.htm?locale=fr.
           45.  In the wake of Jones, Professor Susan Freiwald identified four factors that the
              courts use to extend Fourth Amendment protection to new surveillance tech-
              nologies that “make sense.” These include whether the target is unaware of the
              surveillance; it covers items that the people consider private; it is continuous;
              and it is indiscriminate (covers more information than is necessary for estab-
              lishing guilt). Susan Freiwald, “The Four Factor Test,” The Selected Works of
              Susan Freiwald, http://works.bepress.com/susan_freiwald/11.
           46.  People often trust assurances that their sensitive information (names and
              social security number) can be deleted when their data is collected in large
              databases. In fact, scientists have shown that individuals can be easily “deano-
              nymized.” Paul Ohm writes that this misunderstanding has given the public
              a false sense of security and has led to inadequate privacy protections, laws,
              and regulations. See Peter Ohm, “Broken Promises of Privacy: Responding
              to the Surprising Failure of Anonymization,” UCLA Law Review 57 (2010):
              1701. See also Marcia Stepanek, “Weblining,” BusinessWeek (April 3, 2000),