Chris Jay Hoofnagle, UC Berkeley, School of Information, School of Law2019-04-16T21:59:35+00:00

Man at bottom, is not entirely guilty
since he did not begin history,
nor entirely innocent
since he continues it.
-Albert Camus

Privacy law is becoming a thicket. As it grows denser, will it satisfy the legitimate concerns that people have about the information economy? To visit my page, you had to engage in a common online ritual–agree to a “privacy policy” (If you don’t agree, but you stay, it still applies. That’s “best practice” nowadays). Did that performance make you feel better? And yet here you are.

These privacy rites are easily parodied because notice and consent relies on simplistic, circular theoretical bases: a mixture of market fundamentalism and rational choice theory. These rationales are convenient for lawyers and businesses but do little to protect people. Much of my work critiques these rationales.

The GDPR will begin to erode the empty proceduralism of the current system and impose more substantive safeguards. Yet, I predict that the GDPR still will not be enough. The GDPR will help us realize that “privacy” stands in for larger concerns about power and the ability of information industries to change the social contract.

The spectacle presents itself as a vast inaccessible reality that can never be questioned. Its sole message is: “What appears is good; what is good appears.”
-Guy Debord

I hold appointments as adjunct full professor at the University of California, Berkeley, School of Information (where I am resident) and the School of Law. For the past 12 years, I have taught at UC Berkeley Law (cybersecurity, computer crime law, privacy law, internet law, and seminars on machine learning, consumer law, and the Federal Trade Commission).

Speaking of the FTC, I wrote a book about the agency, Federal Trade Commission Privacy Law and Policy (Cambridge University Press 2016). It is as much an institutional history of the FTC as an exploration of privacy.

I am a faculty director of the Berkeley Center for Law & Technology and an elected member of the American Law Institute.

My current projects focus on the effects of the second quantum revolution, and on cybersecurity. Recent works include explorations of deterrence of financially-motivated computer crime, on the conflicts arising from EU–U.S. data transfers, and on principles of digital consumer protection.

Much of my work is done in collaboration with George Washington University Law School Professor Daniel J. Solove. We edit the SSRN Information Privacy Law eJournal; run the Privacy Law Scholars Conference, an academic paper workshop for privacy professors and practitioners; and an event for the private sector called the Privacy Law Salon.

I am a practicing lawyer with a focus on emerging technology companies and venture firms as of counsel to Gunderson Dettmer LLP. I participate in several computer crime working groups, such as the San Francisco Electronic Crimes Task Force, Europol’s Data Protection Experts Network, and National Academies of Sciences, Engineering, and Medicine’s new Intelligence Science and Technology Experts Group. I serve on boards for Palantir Technologies and cyber intelligence company 4iQ. My work is directly or indirectly supported by many technology companies, including Apple, Google, Microsoft, Palantir, and Nokia.

Here is my STATA Cheat Sheet.

2016–present Adjunct Full Professor
School of Information
University of California, Berkeley
2016–present Adjunct Full Professor
School of Law
University of California, Berkeley
2015–present Faculty Director
Berkeley Center for Law & Technology
University of California, Berkeley
2015–present Of Counsel
Gunderson Dettmer Stough Villeneuve Franklin & Hachigian, LLP
2009–2015 Lecturer in Residence
School of Law
University of California, Berkeley
2006–2009 Clinical Fellow
Samuelson Law, Technology & Public Policy Clinic
University of California, Berkeley
2005–2006 Non-Residential Fellow
Center for Internet and Society
Stanford Law School
2000–2005 Attorney
Electronic Privacy Information Center
J.D. University of Georgia School of Law, 2000
BA University of Georgia, 1996
2015–present Elected Member
American Law Institute
2005–present Member
California Bar
2001–present Member
Washington, DC Bar
2000–2005 Member (now inactive)
Maryland Bar
Academic Publishing (h-index = 21, i10 = 33)
In Progress Works Law and Policy for the Second Quantum Revolution (in progress). Abstract:

We are living in the “second quantum revolution.” Using theoretical insights from the first quantum revolution of the early 20th century, multidisciplinary teams have achieved fantastic advances in quantum metrology and sensing, in quantum communications, and in quantum computing.  Metrology and sensing will enable high-resolution imaging, with attendant effects on everything from medicine to battlespace conflicts through enhanced sonar and radar. Quantum communications raise the specter of networks invulnerable to spying, and the fundamentals of such networks are already in place, with some technologies available commercially. Quantum computing, as many have observed, will degrade and in some cases render useless, the encryption that everyday commerce relies upon. But it will likely also enable simulation of complex systems and contribute to advances in machine learning.

The affordances and limitations of quantum technologies will shape who can access and use these innovations. Furthermore, quantum technologies will arrive at different times and thus create surprising path dependencies. For instance, many hold out quantum computing as a doomsday technology for privacy, yet, some doubt that general purpose quantum computers necessary for the privacy apocalypse can even be built. Even if built, only nation states and large companies will have access to the technology, and these technical and economic constraints will shape both how quantum computers might be misused and how regulation might work.

Excitement surrounding quantum computing should not cause us to overlook the advances in metrology, sensing, and communications that are already here and likely to be miniaturized and commercialized in ways quantum computers will not be for the foreseeable future. Indeed, in the short term, quantum may contribute to advances in communications integrity, confidentiality, and authenticity.

There is no legal literature on the consequences of quantum technologies broadly and only a thin exploration of it in the ethics literature. Thus, this article starts a policy conversation on the high-level issues raised by quantum technologies. Quantum technologies will create strategic concerns for national security and for the intelligence community. Already China and Europe have made large investments into quantum communications technologies in explicit attempts to create surveillance-detecting and surveillance-invulnerable networks, no doubt motivated by revelations of the National Security Agency’s spying power. Quantum metrology and sensing raises similar strategic concerns, from the uncloaking of submarine movements and thus unsettling the balance of power reached through the nuclear triad to development of electronic-warfare resistant weapons. Combined these developments might mean that the golden age of signals intelligence may be yielding to a golden age of measurement and signature intelligence.

Responsive policy options could take many forms, from export control efforts and industrial policy to aggressive immigration policy aimed at attracting and retaining the best minds of the field. Steps can also be taken now to avoid meltdowns in confidentiality, integrity, and authenticity of data made possible if a general-purpose quantum computer is achieved. For instance, it is important to advance password complexity and to find more secure ways to sign software and digital certificates, because these technologies will be both made vulnerable by quantum computing, and be the kinds of attacks of most interest to entities likely to develop quantum computers.

The internet revolution arrived with no coherent legal regime or strategy. We need not be unprepared for the quantum revolution. As quantum technologies reach deployment readiness, we can make fundamental decisions on how policy should complement or inhibit them.  At the highest level, we should promote quantum in the many ways it could contribute to human flourishing. These include medical diagnostics, advances in materials science and design, and drug discovery. But it would be naïve to overlook how quickly governments are adopting these technologies for military purposes, and in doing so, perhaps even creating a quantum “taboo.” Thus, realists need to contemplate how quantum will affect nation-state conflict, whether and how quantum technologies should be commercialized, and what steps can be taken today to prevent quantum from being a destabilizing technology.

The Tethered Economy, 87(4) Geo. Wash. L. Rev. ___ (Forthcoming 2019), with Aniket Kesari and Aaron Perzanowski. Keynote address at Amsterdam Privacy Conference 2018.
EdTech: Promise and Peril (author’s draft), TLPC: Privacy and Education in a Social Environment, Jun. 10, 2016, Istanbul, Turkey
Published Works
Books & Book Chapters
FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law (David Gray and Stephen Henderson, eds)(Cambridge University Press August 2017)(invited contribution)(author’s first draft) Abstract: The Federal Trade Commission (FTC) is the United States’ chief consumer protection agency. Through its mandate to prevent unfair and deceptive trade practices, it both regulates surveillance and creates cybersecurity law. This chapter details how the FTC regulates private- sector surveillance and elucidates several emergent properties of the agency’s activities. First, private- sector surveillance shapes individuals’ reasonable expectations of privacy , and thus regulation of the private- sector has effects on the government as surveillant. The FTC’s activities not only serve dignity interests in preventing commercial inference in one’s life, they also affect citizens’ civil liberties posture with the state. Second, surveillance can make companies directly liable (for intrusive web monitoring, for tracking people off- line, and for installing malware) or indirectly liable (for creating insecure systems, for using deception to investigate, and for mediating the surveillance of others) under the FTC Act. Third, the FTC’s actions substitute for private actions, because the class action is burdened in novel ways. Fourth, the FTC’s actions increase the quality of consent necessary to engage in surveillance, and in so doing, the FTC has made some kinds of surveillance practically impossible to implement legally. Finally, the FTC’s actions make companies more responsible for their surveillance technologies in several ways – by making software vendors liable for users’ activities, by imposing substantive security duties, and by narrowing Internet intermediary immunity.
The FTC’s Inner Privacy Struggle, in Cambridge Handbook of Consumer Privacy (Evan Selinger, Jules Polonetsky, & Omer Tene, eds)(Cambridge University Press 2017)(author’s draft).
Federal Trade Commission Privacy Law and Policy (Cambridge University Press 2016).
-Reviewed in ICON: Bilyana Petkova, Book Review: Federal Trade Commission Privacy Law and Policy, 14(3) Int J Constitutional Law 781–783 (2016)
-Reviewed in EDPLR: Ferretti, F., & Mantelero, A., Book Review, 2(2) European Data Protection Law Review 278–283 (2016)
-Reviewed in ABA Antitrust Source: Aaron J. Burstein, Putting Privacy into Context: A Review of Chris Hoofnagle’s Federal Trade Commission Privacy Law and Policy, 16(5) The Antitrust Source (Apr. 2107)
-Reviewed in the JEL: Kai-Lung Hui, Federal Trade Commission Privacy Law and Policy, 55(2) Journal of Economic Literature 660 (Jun. 2017) JEL 2017–0237.
-Reviewed in World Competition: Spencer Weber Waller, Book Review, 40(4) World Competition 658 (2017).
-Short Extract: KidVid in Context
Online Pharmacies and Technology Crime, in The Handbook of Technology, Crime and Justice (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2016)(invited contribution)(available upon request)(Palantir Technologies provided link analysis tools for this paper)
Post Privacy’s Paternalism, in Informationsfreiheit Und Informationsrecht: Jahrbuch, 2011
Putting Identity Theft on Ice: Freezing Credit Reports To Prevent Lending to Impostors, in Securing Privacy in the Internet Age (Chander, Radin, Gelman, eds.) (Stanford University Press 2008).
Privacy Self-Regulation: A Decade of Disappointment, in Jane K. Winn, Consumer Protection in the Age of the Information Economy (Ashgate Pub Co. 2006).
The EFOIA Amendments of 1996, in Litigation Under the Federal Open Government Laws (Harry A. Hammitt, David L. Sobel and Mark S. Zaid, eds) (2002).
Consumer Privacy in the E-Commerce Marketplace 2002, in Practicing Law Institute Third Annual Institute on Privacy Law (2002).
Journal Articles The European Union General Data Protection Regulation (GDPR): What It Is And What It Means, Information and Communications Technology Law 1 (Feb. 2019), with Bart van der Sloot and Frederik Zuiderveen Borgesius.
Facebook and Google Are the New Data Brokers, Cornell Tech. Digital Life Initiative, Dec. 21, 2018 (local pdf).
Facebook in the Spotlight: Dataism vs. Personal Autonomy, JURIST – ACADEMIC COMMENTARY, Apr. 20, 2018.
Deterring Cybercrime: The Focus on the Intermediaries, 32(3) Berkeley Technology Law Journal 1039 (2017)(with Damon McCoy, Amanda Maya and Aniket Kesari)(available upon request)(blog precis (pdf)). Abstract: Cybercrime is often presented as an intractable problem because it can be committed by users under a cloak of anonymity and committed from jurisdictions without effective rule of law. Intermediaries are presented as being broadly immune for their users’ actions. This Article explains that these frames obscure the reality of deterring financially-motivated cybercrime: such cybercrime shares characteristics of ordinary businesses. Like ordinary businesses, cybercrime is an activity of scale, not a jackpot activity such as robbing a bank. Criminals need to optimize their processes, make many sales, and critically, rely on many different intermediaries for everything from marketing, to web hosting, to delivery of products. Reliance on intermediary service providers gives enforcers the opportunity to disrupt these networks. In this article, we focus on three mechanisms that are used to compel intermediaries to take action to combat financially-motivated cybercrime. First, we detail the use of Rule 65 of the Federal Rules of Civil Procedure and its allowance for broad forms of injunctive relief. Then, we examine Domain Name Service take-down procedures that use the U.S. government’s ability to target infringing websites and make them inaccessible. Finally, we look at self-regulating procedures that intermediaries established to allow IP owners and governments to block user activity.
Privacy and Adult Websites, Workshop on Technology and Consumer Protection (ConPro ’17), May 2017, San Jose, CA, with Ibrahim Altaweel and Maximilian Hils.
What We Buy When We “Buy Now,” 165 Univ. of Penn. L. Rev.  315 (2017)(with Aaron Perzanowski).
-Reviewed in Jotwell: Robert Hillman, What Does “Buy Now” Really Mean?, Jotwell (October 10, 2016) (reviewing Aaron Perzanowski & Chris Jay Hoofnagle, What We Buy When We Buy Now, 165 U. Pa. L. Rev. (forthcoming 2017)
US Regulatory Values and Privacy Consequences: Implications for the European Citizen, 2(2) European Data Protection Law Review (2016)(author proof)(peer reviewed)
Assessing the Federal Trade Commission’s Privacy Assessments, 14(2) IEEE Security & Privacy 58–64 (Mar/Apr. 2016)(peer reviewed)
Web Privacy Census, Technology Science (2015), with Ibrahim Altaweel and Nathaniel Good (peer reviewed)(Palantir Technologies provided link analysis tools for this paper)
Native Advertising and Endorsement: Schema, Source-Based Misleadingness, and Omission of Material Facts, Technology Science (2015), with Eduard Meleshinsky (peer reviewed)(pdf version)
Alan Westin’s Privacy Homo Economicus, 49 Wake Forest Law Review 261 (2014), with Jennifer M. Urban.
‘Free’: Accounting for the Cost of the Internet’s Most Popular Price, with Professor Jan Whittington, in 61 UCLA L. Rev.  606 (2014).
-Reviewed in Paul Ohm, Free for the Taking (Or Why Libertarians Are Wrong About Markets for Privacy) Jotwell, May 26, 2014
-Selected for “Privacy Paper for Policy Makers,” a volume of peer-selected papers on policy-relevant privacy research, September 2014.
Mobile Payments: Consumer Benefits & New Privacy Concerns, European Financial Review, Feb. 20, 2013, with Professor Jennifer M. Urban and Su Li.
Unpacking Privacy’s Price, in 90 North Carolina Law Review 1327 (2012), with Professor Jan Whittington.
Behavioral Advertising: The Offer You Cannot Refuse, 6 Harvard Law & Policy Review 273 (2012), with Ashkan Soltani & Nathaniel Good).
-Received the 2014 CPDP Multidisciplinary Privacy Award.
Internalizing Identity Theft, 13 UCLA L. & Tech. R. 1 (2009).
Beyond Google and Evil: How Policy Makers, Journalists and Consumers Should Talk Differently About Google and Privacy, First Monday, Vol. 14, No. 4-6, April 2009.
Toward a Market for Bank Safety, 21 Loy. Consumer L. Rev. 101 (Fall 2008).
Identity Theft: Making the Unknown Knowns Known, 21 Harv. J. of L. & Tech. 97 (Fall 2007).
The Federal Trade Commission and Consumer Privacy In the Coming Decade, 3 I/S J. of Law & Policy 723 (2007), with U-Penn. Annenberg Professor Joseph Turow, and UC-Berkeley Law Professor Deirdre K. Mulligan; Nathaniel Good, and Jens Grossklags.
A Model Regime of Privacy Protection, 2006 U. Illinois L. Rev. 357, with George Washington School of Law Professor Daniel J. Solove.
Big Brother’s Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, 29 N.C. J. OF Int’l L. & Comm. Reg. 595 (Summer 2004).
Reflections on the UNC JOLT Symposium: The Privacy Self-Regulation Race to the Bottom, 5 N. C. J. of L. & Tech. 213 (2004).
Digital Rights Management: Many Technical Controls on Digital Content Distribution Can Create A Surveillance Society,  5 Columbia U. Sci. & Tech. L. Rev. 6 (2003).
Matters of Public Concern and the Public University Professor, 27 J. OF College & Univ. L. 669 (2001)(peer reviewed).
Conference Papers The Privacy Pragmatic as Privacy Vulnerable, Symposium on Usable Privacy and Security (SOUPS 2014) Workshop on Privacy Personas and Segmentation (PPS), July 9-11, 2014, Menlo Park, CA, with Professor Jennifer M. Urban.
How the Fair Credit Reporting Act Regulates Big Data, Future of Privacy Forum Workshop on Big Data and Privacy: Making Ends Meet (2013)
Privacy and Modern Advertising: Most US Internet Users Want ‘Do Not Track’ to Stop Collection of Data about their Online Activities, Amsterdam Privacy Conference (APC 2012), with Professor Jennifer M. Urban and Su Li.
Online Privacy: Towards Informational Self-Determination on the Internet, Dagstuhl Manifesto (Nov. 2011), with Professors Simone Fischer-Hübner, Kai Rannenberg, Michael Waidner, Ioannis Krontiris, and Michael Marhöfer.
Flash Cookies and Privacy, CODEX Privacy 2010 (March 2010), with Ashkan Soltani, Shannon Canty, Quentin Mayo, and Lauren Thomas.
An Economic Map of Cybercrime Telecommunications Policy Research Conference (2009), with Alvaro A. Cárdenas, Svetlana Radosavac, Jens Grossklags, & John Chuang).
Reports The Origin of Fair Information Practices: Archive of the Meetings of the Secretary’s Advisory Committee on Automated Personal Data Systems (SACAPDS)(2014).
Privacy and Advertising Mail (2012), with Professor Jennifer M. Urban and Su Li.
Mobile Phones and Privacy (2012), with Professor Jennifer M. Urban and Su Li.
Mobile Payments: Consumer Benefits & New Privacy Concerns (2012) with Professor Jennifer M. Urban & Su Li.
Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning (2011), with Ashkan Soltani, Nathan Good, Dietrich J. Wambach & Mika D. Ayenson.
Comparative Study of Different Approaches to New Privacy Challenges, in particular, in the light of technological developments. USA Country Report, for the European Commission Directorate-General Justice, Freedom and Security Report (2010).
How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies? (2010), with Jennifer King, Su Li, and U-Penn. Annenberg Professor Joseph Turow.
-Selected for “Privacy Paper for Policy Makers,” a volume of peer-selected papers on policy-relevant privacy research, September 2010.
Americans Reject Tailored Advertising and Three Activities that Enable It (2009),with U-Penn. Annenberg Professor Joseph Turow, Jennifer King, Michael Hennessy, and Amy Bleakley.
Exploring Information Sharing through California’s ‘Shine the Light’ Law (2009), with Lauren Thomas.
What Californians Understand about Privacy Online (2008), with Jennifer King.
What Californians Understand About Privacy Offline (2008), with Jennifer King.
A Supermajority of Californians Supports Limits on Law Enforcement Access to Cell Phone Location Information (2008), with Jennifer King.
Consumer Information Sharing: Where the Sun Still Don’t Shine (2007), with Jennifer King.
Opeds FTC’s Early Consumer Protection Challenges Endure, Law360, Mar. 7, 2016.
Businesses are invading your privacy, The Hill, Jan. 6, 2016
The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists, Slate, Sept. 2, 2014
Exit, Voice, and the Privacy Paradox, Medium, Aug. 4, 2014
Can Advertisers Learn that No Means No?, 10 Privacy & Security Law Report 1398, (Sept. 26, 2011), with Ashkan Soltani, Nathan Good, Dietrich J. Wambach & Mika D. Ayenson.
Mobile Payments: The Challenge of Protecting Consumers and Innovation, 10 Privacy & Security Law Report 212 (Feb. 7, 2011), with Elizabeth Eraker and Colin Hector), reprinted in 75 United States Law Week 2095 (Mar. 15, 2011).
Amicus Briefs Amicus brief in LabMD, Inc. v. Federal Trade Commission, No 16-16270 (11th Cir 2017)(with information privacy professors and LCHB counsel Nicholas R. Diamand and Laura B. Heiman).
Amicus brief in Spokeo, Inc. v. Robins, No 13-1339 (SCT 2015)(with Professors Julie Cohen, Lauren Willis, and Paul Ohm).
Amicus brief in FTC v. Wyndham Hotels & Resorts, LLC, et al., 14-3514 (3rd Cir. 2014)(with Professor Catherine Crump).
Amicus brief in Federal Trade Commission v. Wyndham Worldwide Corp., et al., 13-cv-01887-ES-SCM (D.N.J. May 28, 2013)(with Public Citizen Litigation Group).
Authored successful petition to the Federal Communications Commission urging the agency to enhance privacy protections for telephone records in light of “pretexting;” the FCC unanimously granted this petition and adopted opt-in rules for third party sharing of phone records.  These rules were upheld in NCTA v. FCC (D.C. Cir. 2009)
Kehoe v. Fidelity Federal Bank and Trust, No. 04-13306 (11th Cir. Aug. 31, 2004)
ABA v. Lockyer, No. 05-16560 (9th. Cir. Sept. 8, 2004)
Remsburg v. Docusearch (“Amy Boyer” case), 149 N.H. 148 (N.H. 2003)
Sponsored Research
2012–2017 Investigator (Professor Vern Paxson, principal investigator) National Science Foundation Social and Economic Factors in Computer Crime
2012–2015 Principal Investigator (with Dean of Engineering Professor Shankar Sastry), National Science Foundation Research Experience for Undergraduates Site
2005–2015 Investigator (Professor Deirdre K. Mulligan, principal investigator) National Science Foundation Team for Research in Ubiquitous Secure Computing
2014 Investigator, Center for Long Term Cybersecurity
2013 Principal Investigator, Consumer Knowledge Assessment Study (human subjects study concerning consumer protection and deceptive marketing techniques)
2012 National Consumer Survey Research 2012, supported by Nokia
2010 Consumer Privacy Complaint Tool Development, supported by the Rose Foundation for Communities and the Environment
2007 The FACTA Access Study, supported by NSF-TRUST and the California Consumer Protection Foundation
2007 National Consumer Survey Research, supported by the Rose Foundation for Communities and the Environment
2007 The SB 27 “Shine the Light” Study, supported by the California Consumer Protection Foundation
Industry/Government Relations
2018–present Advisor, 4iQ
2016–present Fellow, Center for Democracy & Technology
2016–present Advisor, K–8 Study Group, Foolproof Foundation
2016–present Member, National Academies of Sciences, Engineering, and Medicine’s Intelligence Science and Technology Experts Group (ISTEG)
2014–present President, Digital Trust Foundation
2013–present Member, San Francisco Electronic Crimes Task Force
2012–present Member, Future of Privacy Foundation’s Advisory Council
2011–present Advisor, Palantir Technologies
2011–2013 Advisor, LifeLock Council for Identity Protection
2011–2012 Advisory Board Member, Without My Consent
2010–2012 Director, Catalog Choice
2009 Member, TRUSTe Advisory Council
2008–2011 Microsoft Consumer Dialogue
2008 US Expert to the European Commission, Comparative Study on Different Approaches to Privacy Challenges (JLS/2008/C4/011) (Author of USA Country Report)
Academic Activities
2015–Present Editorial Board
Technology Science
2006–Present Co-Chair
Annual Privacy Law Scholars Conference
May 2017 Program Committee, PLSC-Europe (Tilburg)
Jan. 2017 Program Committee, Computers, Privacy and Data Protection (Brussels)
2014–2016 Editorial Board, Bureau of National Affairs, Privacy Law & Security Report
Nov. 2015 Co-Chair (with Professor Helen Nissenbaum) Symposium on Responsible Open Data
Oct. 2015 Chair, Privacy Law Scholars Conference Europe, University of Amsterdam
Apr. 2015 Chair, BCLT Symposium on “Open Data”
Apr. 2015 Programming committee member, TILTing Perspectives, Tilburg University, Tilburg, the Netherlands
Jan. 2015 Programming committee member, Conference on Privacy and Data Protection (Brussels)
Feb. 2014 Co-Chair, San Francisco Electronic Crimes Task Force Quarterly Meeting
Feb. 2014 Co-Chair, Comparative Perspectives on Online Tracking, Brussels, Belgium
Jan. 2014 Programming committee member, Conference on Privacy and Data Protection (Brussels)
Oct. 2012 Programming committee member, Amsterdam Privacy Conference 2012 (APC2012)
May 2012 Co-Chair, Web Privacy Measurement, Berkeley
Oct. 2011 Chair, Effective Consumer Privacy Enforcement
Jun. 2011 Co-Chair, European Online Behavioral Advertising Workshop, Brussels, Belgium
May 2011 Programming committee member, Media Law Resource Center “Legal Frontiers in Digital Media,” Stanford
Feb. 2011 Co-Chair, Dagstuhl Perspectives Workshop on Online Privacy (no. 11061), Dagstuhl, Germany
2011 Chair, Privacy Scholars Speaker Series, three events focusing upon employee privacy, human computer interaction, and technology practice before the Federal Trade Commission
Mar. 2010 Programming committee member, CODEX: Privacy 2010, Stanford University
Spring 2010 Co-Chair (with UW Law Professor Anita Ramasastry, University of Washington School of Law), E-Commerce and Consumer Protection
Mar. 2009 Co-Chair (with UW Law Professor Anita Ramasastry), Security Breach Notification Seven Years Later, BCLT/BTLJ 13th Annual Symposium
Apr. 2008 The Law and Business of Online Advertising, UC-Berkeley, Apr. 18, 2008
Mar. 2008 American Law Institute-American Bar Association, Privacy Law: Developments, Planning, and Litigation, Washington, DC
Fall 2016 Privacy Law for Technologists
Spring 2016 Problem Based Learning, Education Technology (EdTech): Law, Policy, and Design
Summer 2017, Summer 2015, Summer 2014 University of Amsterdam IViR Summer Course on Privacy Law and Policy
Fall 2015, Fall 2014, Fall 2013, Fall 2012, Fall 2011, Fall 2010, Fall 2009, Fall 2008, Fall 2007 Law and Technology Writing Workshop
Fall 2015, Fall 2014, Fall 2013, Fall 2012, Fall 2011, Spring 2011, Computer Crime Law
Spring 2015, Spring 2010 Advanced Topics in Privacy: Federal Trade Commission and Privacy
Fall 2014, Spring 2014, Fall 2013, Fall 1010, Fall 2009 Samuelson Law, Technology & Public Policy Clinic
Spring 2013 Cyberlaw
Spring 2012, Spring 2009 Information Privacy Law
Dissertation Committees / Advising
May 2016 Arianne Vanessa Josephine T. Jimenez, Towards A Data Protection Soft Law Framework for the ASEAN Region, UC Berkeley
Dec. 2010 Nicole van der Meulen, “Fertile Grounds: The Facilitation of Financial Identity Theft in the United States and the Netherlands,” Tilburg University (Netherlands)
2009 Joshua Gomez, Travis Pinnick, and Ashkan Soltani, KnowPrivacy Report
2016 MIMS Admissions Committee, School of Information
2016 Cybersecurity Curriculum Committee, School of Information
2016 Committee on Protection of Human Subjects (CPHS-2) (Berkeley’s IRB.)
2014 Member, Committee to select a Chief Privacy Officer
2014 Member, Campus Privacy & Technology Committee
Congressional Testimony
Hearing on Exploring The Offline And Online Collection And Use Of Consumer Information, Before the House Energy and Commerce Subcommittees on Commerce, Trade, and Consumer Protection and Communications, Technology, and the Internet, 111 Cong. 1st Sess. (2009).
Hearing on Identity Theft: Innovative Solutions for an Evolving Problem, Before the Senate Committee on the Judiciary Subcommittee on Terrorism, Technology and Homeland Security, 110 Cong. 1st Sess. (2007).
Hearing on Protecting the Privacy of Consumers’ Social Security Numbers, Before the House Commerce Subcom. on Commerce, Trade, and Consumer Protection, 108th Cong. 2d Sess. (2004).
Hearing on Enhancing Social Security Number Privacy, Before the House Ways and Means Subcomm. on Social Security, 108th Cong. 2d Sess. (2004).
Hearing on Use and Misuse of the Social Security Number, Before the House Ways and Means Subcomm. on Social Security, 108th Cong. (2003).
Hearing on H.R. 2622, the Fair and Accurate Credit Transactions Act of 2003, Before the House Financial Services Committee, 108th Cong. (2003).
Preserving the Integrity of Social Security Numbers and Preventing Their Misuse by Terrorists and Identity Thieves: Joint Hearing Before the House Ways and Means Subcomm. on Social Security and the House Judiciary Subcomm. on Immigration, Border Security and Claims, 107th Cong. (2002).
Selected Presentations
EdTech: Promise and Peril, Keynote Address, TLPC: Privacy and Education in a Social Environment, Jun. 10, 2016, Istanbul, Turkey
Data and Society, Low-SES and Privacy Workshop, New York City, May 2016.
Plenary opening panel, Amsterdam Privacy Conference 2015
Colorado Clinical Translational Science Institute (CCTSI) at UCAMC, Oct. 2014
Information Influx, IVIR 25th Anniversary, Amsterdam, The Netherlands, July 2014
Age and Privacy Attitudes, 32nd International Conference of Data Protection and Privacy Commissioners, Jerusalem, Israel (plenary panel) October 2010.
Data Security and Data Privacy in the Payment System, Brooklyn Law School, March 19, 2010.
Exploring Privacy Roundtable 3, Federal Trade Commission, Washington, DC, March 17, 2010.
Exploring Privacy Roundtable 2, Federal Trade Commission, Berkeley, CA, January 28, 2010.
Exploring Privacy Roundtable 1, Federal Trade Commission, Washington, DC, December 7, 2009.
NSF Future Internet Architecture Summit, Arlington, VA, October 12-15, 2009.
Information Technology and Ethical Implications for Privacy and Civil Liberties, University of Pittsburgh, October 10, 2009.
A Workshop on Federal Privacy Legislation, New York University School of Law, October 2, 2009.
“Beyond Google and Evil,” IPOL Events Series, University of Michigan, March 27, 2009.
Identity Theft, Cybercrime Studies Center at John Jay College of Criminal Justice, City University of New York (CUNY), Oct. 20, 2008.
Enforcement, Compliance, and Remedies in the Information Society, Center on Law and Information Policy, Fordham University, May 29-30, 2008.
Legal Frontiers in Digital Media, Media Law Resource Center, Stanford, CA, May 15-16, 2008.
Federal Trade Commission, Security in Numbers, Washington, DC, Dec. 10, 2007 (bookend presentations).
Keynote Speaker, IAPP Privacy Academy 2007, San Francisco, CA, Oct. 22, 2007.
Federal Trade Commission, Tech-Ade, Washington, DC, Nov. 6, 2006.
Regulating Search, Yale Law School Information Society Project, Dec. 3, 2005.
New Threats to Freedom and Privacy Online, The 12th Annual J. Herbert Hollomon Memorial Symposium, Massachusetts Institute of Technology, May 6, 2003.
Technical Skills
STATA, Python, Palantir Gotham, Palantir Contour, Tableau.
Press Attention
A search for the terms “Hoofnagle” and “privacy” results in over 1,000 hits in the LexisNexis All News database and over 300 hits in the national television transcripts database. My work regularly appears in the New York Times, Wall Street Journal, and Washington Post, on NPR, and on major television networks.  In 2007, my article on identity theft was profiled by the New York Times.
Results from 2009 information privacy survey results republished in, Julia Angwin, How Much Should People Worry About the Loss of Online Privacy, The Wall Street Journal, Nov. 15, 2011.
I shall tell you a great secret, my friend.
Do not wait for the last judgment.
It takes place every day.
-Albert Camus


In 2007, my brother Mark and I started a website which we used to define and explain a phenomenon we called “Denialism.” This grew in reaction to what we were seeing on the political scene–a systematic use of public relations tactics to manipulate scientific and regulatory debates by unprincipled, dangerous political movements, such as the anti-vaccine and 9/11 Truther crowds.

Also in 2007, I detailed the free market policy cliché of denialists in a paper titled The Denialists’ Deck of Cards. In these efforts, we took our father’s advice (channeling Pushkin): never argue with fools. We instead try to show the tactics of denialists without directly engaging them. 

Denialism is now described in the academic literature; in 2009, Michael Specter wrote a book on Denialism; in 2015, Maastricht University held a conference on denialism and human rights.

The rhetorical techniques of denialism–conspiracy theories, cherry-picking data, fake experts, moving goalposts, and logical fallacies–work. The key is not to engage them, but to teach others how to recognize misleading forms of argumentation. Debating denialists gives them an audience, and supports the “there’s two sides to this story” narrative.  

In my free time, I enjoy reading, running, and all things tech.

Portrait by Ayrthon Sadikrama

This site does not reflect the views of the University of California and should not be attributed to the University.

Hosted by the OCF

Hosted by the OCF


Chris Jay Hoofnagle

Adjunct full professor of information and law
102 South Hall
Berkeley, CA 94720
GPG | Keybase

Spring 2019 Teaching

Upcoming events – 2019

Previous events – Fall 2018

  • Jul. 2–6 U. Amsterdam Summer Course
  • Aug. 9 DEFCON
  • Sept. 6–7 BCLT AI Workshop
  • Sept. 13–14 Privacy Law Salon Roundtable
  • Oct. 5 Amsterdam Privacy Conference Keynote on The Tethered Economy
  • Oct. 27 ECAI Keynote on The Tethered Economy
  • Nov. 21 U. Amsterdam Research Agenda in AI/ML
  • Dec. 3 GULC Data & Political Economy Workshop
  • Dec. 6 SF City Lunch & Learn: Technology Regulation Approaches & Strategies

Hosted by the OCF