Table of Contents
Introduction: The Cost of a Monolithic View & The Epiphany of the Prism
Early in my career as a legal professional, I learned a lesson that has shaped my entire approach to the law.
It was a costly lesson, paid for by a promising tech startup I was advising.
They had developed a brilliant machine-learning algorithm, a true trade secret they guarded fiercely.
At the same time, to train this algorithm, they were processing vast amounts of user data scraped from the Web. They treated all of it as just “information”—a single, monolithic asset.
My advice, rooted in this same monolithic view, focused heavily on protecting their intellectual property.
We failed to adequately distinguish the algorithm itself from the user data it was consuming.
The result was a disaster.
A regulator hit them with a crippling fine for violating data privacy laws, and in the ensuing legal discovery process, key aspects of their proprietary algorithm were exposed, effectively destroying the trade secret they had worked so hard to protect.
They lost their liability shield and their most valuable asset in one fell swoop.
That failure stemmed from a profound and dangerous confusion: treating all “information” as if it were the same thing.
In a world where data is simultaneously a company’s most valuable asset and its greatest liability, navigating the law with a one-dimensional map is a recipe for disaster.
I felt lost in a “patchwork” of seemingly contradictory rules, where an action required to protect one type of information directly violated the rules for another.1
The turning point came not from a legal textbook, but from an analogy.
I began to see the law not as a flat map, but as a prism.
When the single, white light of “information” passes through this legal prism, it doesn’t stay as one thing.
It refracts into a brilliant spectrum of distinct legal concepts, each with its own unique properties, rules, and consequences.
“Personal data” is not the same as a “trade secret,” which is not the same as a “public record” under a freedom of information request.
This new paradigm—the Prism of Legal Information—provided the clarity and structure that had been missing.
It revealed that the law doesn’t have one definition of information; it has many, and understanding the unique characteristics of each is the key to navigating this complex world.
This report will guide you through that spectrum.
By examining each major “color” of legal information refracted by the prism, we will build a comprehensive, multi-dimensional understanding that can transform confusion into strategic advantage.
Part I: The Spectrum of Privacy — Information as an Extension of the Self
The first and perhaps most intensely scrutinized color refracted by our legal prism is information that is intrinsically linked to a person.
In this part of the spectrum, information is not a mere commodity but an extension of individual identity and dignity.
The way this light is refracted, however, differs dramatically on opposite sides of the Atlantic, revealing a deep philosophical divide that has profound practical consequences for global commerce and individual rights.
The EU Refraction: “Personal Data” as a Fundamental Human Right
In the European Union, the General Data Protection Regulation (GDPR) is built on a foundational philosophy that data protection is a fundamental human right, enshrined in the EU Charter of Fundamental Rights.3
This is not merely a consumer protection issue; it is a matter of human dignity.5
This principle leads to an exceptionally broad and protective definition of what constitutes “personal data.”
Article 4(1) of the GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’)”.8
Each component of this definition is intentionally expansive:
- “Any information” is interpreted as broadly as possible. It covers not only objective facts like a name or home address but also subjective information such as opinions, performance reviews, or estimates of creditworthiness.9
- “Relating to” means the information does not have to be about the person in a biographical sense. If it can be linked to them, it qualifies. Case law from the European Court of Justice has confirmed that an employee’s work time recordings, a candidate’s written exam answers, and even an IP address are all personal data because they can be related to an individual.9
- “Identifiable” is the crucial element. A person is considered identifiable if they can be singled out, either directly or indirectly. This can be through obvious identifiers like a name or an ID card number, but also through online identifiers like a cookie ID or the advertising identifier on a phone.8 This includes pseudonymised data, which remains personal data because it can be re-identified using a separate “key.” For data to be truly anonymous and fall outside the GDPR’s scope, the anonymization must be irreversible.8
Once information is classified as “personal data,” a strict set of duties is triggered.
Article 5 of the GDPR lays out seven core principles for processing, including lawfulness, purpose limitation (data can only be used for the specific purpose for which it was collected), data minimization, accuracy, and accountability.8
Furthermore, Article 9 provides heightened protection for “special categories” of data, such as information revealing racial origin, political opinions, health status, genetic data, or biometric data, which are subject to even stricter processing conditions.9
The real-world consequences of this rights-based approach are stark, as seen in major enforcement actions.
The CMS Enforcement Tracker shows multi-million and even billion-euro fines for non-compliance.13
Meta was fined a record €1.2 billion for unlawfully transferring personal data to the United States, a direct consequence of the clash between the EU’s fundamental rights framework and US surveillance laws.13
The Italian Data Protection Authority fined a company for conducting “return to work” interviews that processed employee health data without a sufficient legal basis, a clear violation of purpose limitation and the rules for sensitive data.13
These cases demonstrate that in the EU, personal data is not just a business asset; it is a legally protected extension of the individual.
The US Refraction: A Patchwork of “Personal Information”
In contrast to the EU’s comprehensive approach, the United States has a “patchwork” of laws.1
There is no single federal privacy law.
Instead, there are sector-specific federal laws, like the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA), alongside a growing number of comprehensive state-level laws.6
This approach has historically treated privacy more as a consumer protection issue than a fundamental right, viewing personal information as an asset that individuals can trade in exchange for services.5
The most influential of the state laws is the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
It is the closest US equivalent to the GDPR.
The CCPA’s definition is similarly broad: “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”.1
The inclusion of “household” is a uniquely American feature.
The law explicitly lists examples such as IP addresses, browsing history, geolocation data, and even “inferences” drawn from other data to create a consumer profile.1
Like the GDPR, the CPRA also introduced a category for “Sensitive Personal Information” (SPI), including social security numbers, precise geolocation, racial origin, and the contents of private communications, giving consumers the right to limit its use.1
This philosophical divergence between the EU’s “fundamental right” and the US’s “consumer right” is the root cause of the persistent conflicts over transatlantic data transfers.
European courts have repeatedly invalidated data transfer agreements like Safe Harbor and the Privacy Shield (Schrems I & II) because they found that US government surveillance laws did not provide EU citizens with protections and legal redress “essentially equivalent” to their fundamental rights.19
The conflict is not technical but ideological; the EU cannot accept a system that treats an inalienable right as a commodity subject to broad government access without equivalent judicial oversight.
Despite its different philosophical starting point, enforcement in the US is becoming increasingly sophisticated.
- The $1.55 million settlement with Healthline Media is a landmark case. The California Attorney General targeted Healthline not for a data hack, but for sharing sensitive health information with third-party advertisers like Google and Meta via tracking pixels without proper notice or consent. This was a violation of the CCPA’s purpose limitation principles, demonstrating a shift toward more GDPR-like enforcement.20
- The case of Shah v. Capital One established another critical precedent. A court ruled that the use of common website tracking tools could constitute an “unauthorized disclosure” of personal information under the CCPA, even without a traditional data breach.21
- Similarly, the In Re Ring Litigation alleged that the smart doorbell company shared user PII, including IP addresses and sensor data, with marketing companies without providing the required notice or opt-out mechanisms.22
These cases reveal a significant trend: US privacy litigation is expanding the definition of a “data breach” from a security failure (a hacker stealing a database) to a privacy failure (the intentional but unauthorized sharing of data for commercial purposes).
This shift directly challenges the business model of the ad-tech industry and reframes routine online tracking as a major legal liability.
Table 1: Comparative Analysis of “Personal Information/Data” Definitions (US vs. EU)
| Feature | GDPR (EU) | CCPA/CPRA (California/US) |
| Core Philosophy | Fundamental Human Right 3 | Consumer Right / Household Protection 5 |
| Core Definition | “Any information relating to an identified or identifiable natural person” 8 | “Information that… could reasonably be linked… with a particular consumer or household” 1 |
| Scope | Natural Persons (living individuals) 9 | Consumers (California residents) & Households 1 |
| Key Examples | Name, IP Address, Cookie ID, Location Data, Subjective Opinions, Inferences 8 | Name, IP Address, Browsing History, Geolocation, Inferences, Commercial Information 1 |
| “Sensitive Data” | Yes (“Special Categories” under Art. 9) 9 | Yes (“Sensitive Personal Information” with right to limit use) 1 |
| Publicly Available Info | Can still be personal data depending on context 2 | Explicitly excluded from the definition 1 |
| Data of Deceased | Not covered 9 | Not explicitly covered (but “household” may imply some persistence) |
| Legal Basis | Six lawful bases required for any processing (e.g., consent, contract, legitimate interest) 12 | Primarily a notice and opt-out model (e.g., “Do Not Sell/Share My Personal Information”) 18 |
Part II: The Spectrum of Value — Information as Intellectual Property
Shifting our view through the prism, we encounter a different band of light: information defined and protected not as a liability or an extension of the self, but as a precious commercial asset.
This is the realm of intellectual property (IP), where the legal framework’s primary goal is to incentivize innovation and creativity by granting creators limited rights over their valuable information.
Here, the central strategic question is not about privacy, but about the tension between secrecy and disclosure as the optimal path to protecting value.
Trade Secrets: Information Valuable for Its Secrecy
A trade secret is a unique and powerful form of intellectual property where legal protection derives not from government registration, but from the owner’s active efforts to keep the information confidential.25
Its value is directly and inextricably tied to its secrecy.
The legal test for what constitutes a trade secret, as defined under the Uniform Trade Secrets Act (UTSA) and the federal Defend Trade Secrets Act (DTSA), has three core components 27:
- Information: The scope is extremely broad, encompassing formulas (the classic example being the Coca-Cola formula), manufacturing processes, business strategies, customer lists, software source code, and even “negative information” such as the results of failed experiments that save a company from repeating costly mistakes.25
- Independent Economic Value: The information must provide a competitive advantage precisely because it is not generally known or readily ascertainable by competitors.26
- Reasonable Efforts to Maintain Secrecy: This is the most heavily litigated element. The owner cannot simply declare something a trade secret; they must actively protect it. This includes implementing measures like non-disclosure agreements (NDAs) with employees and partners, using physical and digital access controls (e.g., locked rooms, passwords, encryption), conducting employee training on confidentiality, and marking sensitive documents as “Confidential”.26
The legal wrong associated with trade secrets is “misappropriation.” This is broader than simple theft and includes the wrongful acquisition (e.g., industrial espionage, hacking), use, or disclosure of the secret.27
Critically, it can also include receiving or using information when you knew or
should have known it was improperly obtained, such as from an employee who breached their NDA.30
This protection, however, has a clear boundary.
The law does not protect against legal discovery.
Reverse engineering a publicly available product or independently developing the same information is a perfectly legitimate and complete defense to a misappropriation claim.26
The law only protects against wrongful acquisition, not against fair competition or parallel innovation.
The financial stakes in trade secret litigation are immense.
In the landmark case of DuPont v.
Kolon Industries, a jury awarded DuPont approximately $920 million after finding that Kolon had misappropriated trade secrets related to the high-strength Kevlar fiber, underscoring the massive value this form of IP can represent.29
In a more modern context,
Christou v.
Beatport, LLC established that even a curated list of friends and fans on a MySpace profile could qualify as a protectable trade secret customer list, demonstrating the law’s adaptability to new forms of digital assets.29
Copyright & Patent: Information as Publicly Declared Creations
In sharp contrast to the secrecy-based protection of trade secrets, the legal regimes of copyright and patent law protect information by requiring the creator to publicly declare their creation.
In exchange for this disclosure, the government grants a temporary, but powerful, monopoly over the information.
- Copyright protects the specific expression of an idea, not the underlying idea itself. To be protected, the information must be an “original work of authorship fixed in a tangible medium of expression”.25 This includes a vast range of creative works like books, articles, photographs, musical compositions, and computer software code. The right is automatic upon creation; registration with the U.S. Copyright Office is not required for protection but is necessary to file a lawsuit and can provide additional benefits.31
- Patent law protects the functional idea itself—a new invention, a unique process, or an ornamental design. The information must meet the high standards of being novel, useful, and non-obvious.25 To obtain a patent, an inventor must file a detailed application with the U.S. Patent and Trademark Office (USPTO) that publicly discloses exactly how the invention works. In exchange for this full public disclosure, the patent owner receives a powerful 20-year right to exclude all others from making, using, or selling the invention.32
These different regimes reveal a fundamental strategic choice for any business or innovator.
To protect a valuable piece of information, one must decide whether to pursue a strategy of secrecy (trade secret) or a strategy of disclosure (patent or copyright).
Choosing to patent an algorithm means revealing its inner workings to the world in exchange for a 20-year monopoly, after which it enters the public domain.
Choosing to protect it as a trade secret could offer perpetual protection, but carries the constant risk that a competitor might legally reverse engineer it or develop it independently tomorrow.
This is not merely a legal classification; it is a core business strategy decision with profound consequences for competition, innovation, and long-term value.
Table 2: The Four Regimes of Information in Intellectual Property
| Feature | Trade Secret | Copyright | Patent | Trademark |
| What is Protected? | Confidential information with economic value (e.g., formulas, processes, customer lists) 25 | Original expression of an idea fixed in a tangible medium (e.g., books, software code, music) 25 | A novel, useful, and non-obvious invention or process 25 | A source identifier (e.g., logo, name, slogan) that distinguishes goods/services 25 |
| Requirement | Must be secret and subject to reasonable protection efforts 26 | Originality and fixation in a tangible medium 31 | Novelty, utility, and non-obviousness 25 | Distinctiveness and use in commerce 25 |
| How to Get Protection | No registration required; protection arises from maintaining secrecy 25 | Automatic upon creation; registration provides additional benefits 31 | Government grant from the USPTO after rigorous examination 25 | Use in commerce or registration with the USPTO 25 |
| Duration of Protection | Potentially forever, as long as the information remains secret 26 | Life of the author + 70 years 31 | 20 years from the filing date 33 | Potentially forever, as long as the mark is used in commerce 25 |
| Core Legal Right | Right to sue for wrongful acquisition, use, or disclosure (misappropriation) 27 | Exclusive right to control copying, distribution, and creation of derivative works 31 | Right to exclude all others from making, using, or selling the invention 25 | Right to prevent use of similar marks that would cause consumer confusion 25 |
| Classic Example | The formula for Coca-Cola 25 | The text of the Harry Potter books 31 | The invention of a new pharmaceutical drug 25 | The Nike “swoosh” logo 25 |
Part III: The Spectrum of Governance — Information in the Public Square
The prism also refracts light into a spectrum governing the relationship between the citizen and the state.
This band of law is defined by a fundamental tension: the public’s right to access government information versus the government’s duty to protect certain information, including the privacy of its citizens.
This creates a dual-sided legal framework of transparency and secrecy.
The Citizen’s Right to Know: The Freedom of Information Act (FOIA)
The Freedom of Information Act (FOIA) establishes a powerful legal presumption: information held by the executive branch of the federal government is accessible to the public.34
Enacted in 1966, its purpose is to keep “citizens in the know about their government,” fostering transparency and accountability.34
The law grants “any person,” including journalists, corporations, and private citizens, the right to request records from federal agencies.34
The true power and complexity of FOIA, however, lie not in its mandate for disclosure but in its nine exemptions.
These exemptions are the specific circumstances under which an agency can legally withhold information, and they are where the definition of what is truly “public” is forged.34
Key exemptions include:
- Exemption 1: Information properly classified to protect national security.
- Exemption 4: Trade secrets and confidential commercial or financial information submitted to the government by a private entity.
- Exemption 5: Privileged inter-agency or intra-agency memoranda, protecting communications under doctrines like the deliberative process privilege and attorney-client privilege.
- Exemption 6: Personnel and medical files and similar files, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
- Exemption 7: Records or information compiled for law enforcement purposes, but only to the extent that production could cause specific harms, such as interfering with proceedings (7A), invading personal privacy (7C), or disclosing a confidential source (7D).
These exemptions demonstrate that a single government agency, when responding to a FOIA request, must act as a microcosm of the entire legal information prism.
In reviewing a single document, a FOIA officer may have to balance the public’s right to know against an individual’s right to privacy (Exemption 6), the commercial value of a company’s confidential data (Exemption 4), and the government’s need for candid internal debate (Exemption 5).
The exemptions are not just a static list; they represent a dynamic and constant balancing act between the competing legal values attached to different types of information.
The Citizen’s Right to Privacy: The Privacy Act of 1974
Acting as the inverse of FOIA, the Privacy Act of 1974 governs the federal government’s own conduct with respect to citizen information.37
It applies to information about individuals maintained in “systems of records” from which information is retrieved by an individual’s name or other personal identifier.37
The Act establishes a code of fair information practices for federal agencies, granting individuals the right to access and request amendment of their own records.16
Crucially, it prohibits the disclosure of a record about an individual without their written consent, subject to twelve statutory exceptions.37
This creates a protective legal bubble around the personal information that citizens entrust to the government, standing as a bulwark against unauthorized use or dissemination.
A Peculiar Refraction: “Information” in Criminal Procedure
To illustrate the sheer breadth of the term’s legal usage, it is worth noting a peculiar and highly technical definition that exists in criminal law.
In this context, an “information” is a formal charging document filed by a prosecutor that details the criminal accusations against a defendant.40
It serves a function similar to a grand jury indictment and is used in about half of the US states.40
The inclusion of this definition serves as a final, stark reminder that one can never assume a common understanding of the word “information” within the legal system; context is everything.
Table 3: FOIA Exemptions at a Glance
| Exemption # | Name | Purpose / What it Protects | Example |
| Exemption 1 | National Security | Protects information properly classified under an Executive Order. 34 | A classified CIA report on foreign intelligence operations. |
| Exemption 2 | Internal Agency Rules | Protects records related solely to an agency’s internal personnel rules and practices. 34 | An agency’s internal rules on employee parking or lunch breaks. |
| Exemption 3 | Information Exempted by Other Statutes | Protects information specifically prohibited from disclosure by another federal law. 34 | Tax return information, which is protected by the Internal Revenue Code. 42 |
| Exemption 4 | Trade Secrets & Confidential Commercial Information | Protects confidential business information submitted to the government. 34 | A pharmaceutical company’s proprietary drug formula submitted to the FDA. |
| Exemption 5 | Agency Memos & Privileged Communications | Protects internal government communications under privileges like attorney-client or deliberative process. 34 | A draft policy memo between agency officials discussing potential regulatory changes. |
| Exemption 6 | Personal Privacy | Protects personnel, medical, and similar files where disclosure would be a “clearly unwarranted invasion of personal privacy.” 34 | A federal employee’s medical records or home address. |
| Exemption 7 | Law Enforcement Records | Protects records compiled for law enforcement purposes if disclosure could cause specific harms (e.g., interfere with a case, invade privacy, disclose a source). 34 | An FBI agent’s notes from an ongoing investigation. |
| Exemption 8 | Financial Institutions | Protects records related to the regulation or supervision of financial institutions. 34 | A federal report on the examination of a bank. |
| Exemption 9 | Geological Information | Protects geological and geophysical information concerning wells. 34 | Data about the location and nature of oil wells. |
Part IV: The Fraying Edges of the Spectrum — Future Challenges
The established legal definitions of information, which form the clear colors of our prism, are now being subjected to immense pressure from new technologies and societal issues.
These forces are causing the edges of the spectrum to fray and blur, creating profound challenges for law, policy, and business.
The AI Distortion Field: When Machines Process and Create
Artificial Intelligence is creating a definitional crisis across the entire spectrum of information law.
The very term “AI” is legally ambiguous, with overly broad definitions in contracts and regulations threatening to impose massive compliance burdens on systems that pose little risk, while potentially failing to capture the unique dangers of more advanced models.43
AI is distorting the established legal categories in two critical ways:
- AI and Personal Data: The core privacy principle of “purpose limitation”—that data collected for one purpose cannot be used for another—is fundamentally challenged by AI. Large language models are trained on vast, diverse datasets, making it nearly impossible to claim they are used for a single, specified purpose. Regulators are scrambling to adapt. For example, Washington’s My Health My Data Act now defines “consumer health data” to explicitly include data that is “derived or extrapolated from nonhealth information… by any means, including algorithms or machine learning”.1 This is a direct attempt to capture the inferences and predictions about a person’s health that an AI might make, even from seemingly unrelated data.
- AI and Intellectual Property: The foundations of IP law, which are built on the concept of human creativity, are being shaken. Who is the “author” of a novel written by an AI? Who is the “inventor” of a new molecule designed by a machine learning system? Current law has no clear answers.44 Furthermore, the “black box” nature of some advanced AI makes it difficult to comply with legal requirements for transparency (a key principle of the GDPR) or to prove that a company’s trade secret wasn’t misappropriated and used in an AI’s training data.43
The Misinformation Paradox: Regulating Falsehoods in a Free Speech World
The regulation of “false information”—often categorized as misinformation (unintentional falsehoods) and disinformation (intentional falsehoods)—is one of the most contentious legal battlegrounds today.
It pits the desire to protect democratic processes and public health against the United States’ robust protections for free speech under the First Amendment.
The central challenge is that the U.S. Supreme Court has ruled that false speech, as a broad category, is constitutionally protected.
The rationale is that allowing the government to act as an arbiter of truth would create a dangerous “chilling effect,” causing people to self-censor even truthful speech out of fear of prosecution.45
Regulation is generally permissible only in narrow, traditionally unprotected categories like commercial fraud or defamation, where a false statement causes specific, demonstrable harm to a person’s reputation.45
At the heart of this debate is Section 230 of the Communications Decency Act.
This pivotal 1996 law provides broad immunity to online platforms—”interactive computer services”—from liability for content posted by their users.46
It was designed to solve two problems:
- It prevents platforms from being treated as the “publisher or speaker” of third-party content, which allows them to host trillions of user posts without being sued into oblivion for something a user said.47
- Its “Good Samaritan” provision also immunizes platforms for their good-faith decisions to remove obscene, harassing, or otherwise objectionable content, thereby encouraging content moderation without creating liability.46
Today, critics argue that Section 230 is being used to shield platforms from responsibility for the harm caused by the misinformation they algorithmically amplify.
The argument is that by using AI-driven algorithms to curate feeds and recommend content, platforms are doing more than passively hosting speech; they are actively participating in its distribution and should not be immune.50
However, the Supreme Court, in cases like
Gonzalez v.
Google, has so far declined to narrow Section 230’s scope, leaving its broad immunity intact and creating a legal and political stalemate.50
This situation creates a dangerous feedback loop.
AI provides the engine for creating and disseminating misinformation at an unprecedented scale.
The platforms’ business models, which use AI algorithms to maximize user engagement, often reward and amplify this same sensational and false content.50
And Section 230, a law designed for the nascent internet of the 1990s, provides a legal shield for the entire system.
The means of production (AI) and the means of distribution (platforms) are rapidly advancing, while the legal tools to address the resulting societal harm remain locked in the past.
Conclusion: A Unified Framework for a Multifaceted World
My journey from that costly early-career failure to a more nuanced understanding of the law has taught me that the greatest risk lies in oversimplification.
The “Prism of Legal Information” is more than just a useful analogy; it is a powerful diagnostic tool for any strategic professional operating in our information-driven economy.
It provides a framework for moving from a state of confusion and risk to one of clarity, confidence, and strategic advantage.
By applying this framework, we can develop a practical checklist to guide our actions whenever we encounter a piece of information that carries potential legal weight.
The process involves asking a series of critical questions:
- What “color” is this information? Is this an extension of a person, demanding privacy considerations (Personal Data)? Is it a valuable asset, demanding protection (Intellectual Property)? Is it part of a government record, demanding transparency (FOIA)? Or is it user-generated content on a platform, raising moderation questions (Section 230)?
- Which legal regime applies? Is this a GDPR issue in the EU, a CCPA issue in California, or a DTSA issue in federal court? The geography and context are paramount.
- Is it an asset or a liability? Does this information need to be guarded to protect its commercial value, or does it need to be carefully managed to mitigate legal and financial risk? Often, as with customer data, it is both.
- What are my core obligations? Based on the answers above, what is my primary duty? Is it to maintain Secrecy (trade secrets)? To ensure Transparency (GDPR, FOIA)? To provide a right of Deletion (CCPA/GDPR)? Or to allow Disclosure (FOIA)?
By learning to see the full spectrum refracted by the legal prism, we can stop treating “information” as a monolithic concept.
We can appreciate its multiple identities and navigate the complex, overlapping, and often conflicting rules that govern it.
The goal is not to have every answer memorized, but to possess the right framework for asking the right questions.
In doing so, we equip ourselves to make sound strategic decisions in a world where understanding the nature of information has never been more critical.
Works cited
- Data protection laws in the United States, accessed on August 10, 2025, https://www.dlapiperdataprotection.com/index.html?t=law&c=US
- What Is Personal Information Under Data Privacy Laws – Termly, accessed on August 10, 2025, https://termly.io/resources/articles/personal-information/
- Legal framework of EU data protection – European Commission, accessed on August 10, 2025, https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en
- Europe and cyberspace – Data protection | EHNE, accessed on August 10, 2025, https://ehne.fr/en/encyclopedia/themes/material-civilization/digital-europe/europe-and-cyberspace-%E2%80%93-data-protection
- A Comparative Analysis of the EU and U.S. Data Privacy Regimes and the Potential for Convergence – UC Law SF Scholarship Repository, accessed on August 10, 2025, https://repository.uclawsf.edu/cgi/viewcontent.cgi?article=1115&context=hastings_science_technology_law_journal
- 6 ways that U.S. and EU data privacy laws differ – Infosec, accessed on August 10, 2025, https://www.infosecinstitute.com/resources/management-compliance-auditing/6-ways-that-u-s-and-eu-data-privacy-laws-differ/
- Comparing Data Privacy Laws Between the EU and US – Datafisher, accessed on August 10, 2025, https://datafisher.com/news/comparing-data-privacy-laws-between-the-eu-and-us/
- Data protection explained – European Commission, accessed on August 10, 2025, https://commission.europa.eu/law/law-topic/data-protection/data-protection-explained_en
- Personal Data – General Data Protection Regulation (GDPR), accessed on August 10, 2025, https://gdpr-info.eu/issues/personal-data/
- Art. 4 GDPR – Definitions – General Data Protection Regulation (GDPR), accessed on August 10, 2025, https://gdpr-info.eu/art-4-gdpr/
- Chapter 5: Key definitions – Unlocking the EU General Data Protection Regulation, accessed on August 10, 2025, https://www.whitecase.com/insight-our-thinking/chapter-5-key-definitions-unlocking-eu-general-data-protection-regulation
- Processing personal data on the basis of legitimate interests under the GDPR: Practical Cases – The Future of Privacy Forum, accessed on August 10, 2025, https://fpf.org/wp-content/uploads/2018/04/20180413-Legitimate-Interest_FPF_Nymity-2018.pdf
- GDPR Enforcement Tracker – list of GDPR fines, accessed on August 10, 2025, https://www.enforcementtracker.com/
- The Disarray of U.S. Data Privacy and Protection Laws: History Repeats – FTI Technology, accessed on August 10, 2025, https://www.ftitechnology.com/resources/blog/the-disarray-of-us-data-privacy-and-protection-laws-history-repeats
- Learn The Differences Between EU and US Data Protection, accessed on August 10, 2025, https://degree.astate.edu/online-programs/business/masters-strategic-communications/technology-law-and-policy/eu-and-us-data-protection/
- Privacy and Human Rights: Comparing the United States to Europe – Cato Institute, accessed on August 10, 2025, https://www.cato.org/sites/cato.org/files/pubs/pdf/privacy-and-human-rights.pdf
- What Is “Personal Information” Under CCPA? – California Lawyers Association, accessed on August 10, 2025, https://calawyers.org/privacy-law/what-is-personal-information-under-the-california-consumer-privacy-act/
- California Consumer Privacy Act (CCPA) | State of California – Department of Justice – Office of the Attorney General, accessed on August 10, 2025, https://oag.ca.gov/privacy/ccpa
- EU-US Data Privacy Framework: A brief history | Blog – OneTrust, accessed on August 10, 2025, https://www.onetrust.com/blog/eu-us-data-privacy-framework-a-brief-history/
- California AG Reaches Landmark $1.55 Million CCPA Settlement …, accessed on August 10, 2025, https://www.cdflaborlaw.com/blog/california-ag-reaches-landmark-1.55-million-ccpa-settlement-with-healthline-over-alleged-privacy-violations
- Beyond data breaches: Court ruling signals broader CCPA liability for tracking technologies, accessed on August 10, 2025, https://iapp.org/news/a/beyond-data-breaches-court-ruling-signals-broader-ccpa-liability-for-tracking-technologies
- CCPA Case Tracker – O’Melveny, accessed on August 10, 2025, https://www.omm.com/insights/alerts-publications/ccpa-case-tracker/
- Art. 6 GDPR – Lawfulness of processing – General Data Protection Regulation (GDPR), accessed on August 10, 2025, https://gdpr-info.eu/art-6-gdpr/
- CCPA Enforcement: Key Cases and Compliance Measures – CookieYes, accessed on August 10, 2025, https://www.cookieyes.com/blog/ccpa-enforcement-case-examples/
- Intellectual Property Law | Georgetown Law, accessed on August 10, 2025, https://www.law.georgetown.edu/your-life-career/career-exploration-professional-development/for-jd-students/explore-legal-careers/practice-areas/intellectual-property-law/
- Trade Secret Law | Intellectual Property Law Center | Justia, accessed on August 10, 2025, https://www.justia.com/intellectual-property/trade-secrets/
- Trade Secret Defense 101: What to Know When Facing a Misappropriation Claim | Insights, accessed on August 10, 2025, https://www.venable.com/insights/publications/2025/05/trade-secret-defense-101-what-to-know-when-facing
- Trade secret litigation 101 – Thomson Reuters Legal Solutions, accessed on August 10, 2025, https://legal.thomsonreuters.com/blog/trade-secret-litigation-101/
- Trade secret – Wikipedia, accessed on August 10, 2025, https://en.wikipedia.org/wiki/Trade_secret
- Part V: Trade secrets in litigation – WIPO, accessed on August 10, 2025, https://www.wipo.int/web-publications/wipo-guide-to-trade-secrets-and-innovation/en/part-v-trade-secrets-in-litigation.html
- What is Copyright?, accessed on August 10, 2025, https://www.copyright.gov/what-is-copyright/
- What is Intellectual Property? – WIPO, accessed on August 10, 2025, https://www.wipo.int/en/web/about-ip
- intellectual property | Wex | US Law | LII / Legal Information Institute, accessed on August 10, 2025, https://www.law.cornell.edu/wex/intellectual_property
- Freedom of Information Act: Frequently Asked Questions … – FOIA.gov, accessed on August 10, 2025, https://www.foia.gov/faq.html
- Freedom of Information Act (United States) – Wikipedia, accessed on August 10, 2025, https://en.wikipedia.org/wiki/Freedom_of_Information_Act_(United_States)
- Freedom of Information Act (FOIA) – GSA, accessed on August 10, 2025, https://www.gsa.gov/reference/freedom-of-information-act-foia
- Privacy Act of 1974 – Department of Justice, accessed on August 10, 2025, https://www.justice.gov/opcl/privacy-act-1974
- Freedom of Information Act (FOIA) and The Privacy Act | National Archives, accessed on August 10, 2025, https://www.archives.gov/personnel-records-center/foia-info
- Data privacy laws in the United States (updated March 2025) – Didomi, accessed on August 10, 2025, https://www.didomi.io/blog/us-data-privacy-laws
- Information – FindLaw Dictionary of Legal Terms, accessed on August 10, 2025, https://dictionary.findlaw.com/definition/information.html
- Common Legal Words – Connecticut Judicial Branch, accessed on August 10, 2025, https://www.jud.ct.gov/legalterms.htm
- Department of Justice Guide to the Freedom of Information Act, accessed on August 10, 2025, https://www.justice.gov/oip/doj-guide-freedom-information-act-0
- Legal Definitions of AI: Considerations and Common Threads …, accessed on August 10, 2025, https://www.sourcingspeak.com/legal-definitions-ai/
- The Impact of Artificial Intelligence on Law Firms’ Business Models, accessed on August 10, 2025, https://clp.law.harvard.edu/knowledge-hub/insights/the-impact-of-artificial-intelligence-on-law-law-firms-business-models/
- False Speech and the First Amendment: Constitutional Limits on Regulating Misinformation, accessed on August 10, 2025, https://www.congress.gov/crs-product/IF12180
- Section 230: An Overview | Congress.gov, accessed on August 10, 2025, https://www.congress.gov/crs-product/R46751
- Section 230 | Electronic Frontier Foundation, accessed on August 10, 2025, https://www.eff.org/issues/cda230
- Section 230 – Wikipedia, accessed on August 10, 2025, https://en.wikipedia.org/wiki/Section_230
- Office of the Attorney General | DEPARTMENT OF JUSTICE’S REVIEW OF SECTION 230 OF THE COMMUNICATIONS DECENCY ACT OF 1996, accessed on August 10, 2025, https://www.justice.gov/archives/ag/department-justice-s-review-section-230-communications-decency-act-1996
- The Future of Section 230 | What Does It Mean For Consumers?, accessed on August 10, 2025, https://www.naag.org/attorney-general-journal/the-future-of-section-230-what-does-it-mean-for-consumers/
