Curing Americans’ Kleptomania: An Empirical Study on the Effects of Music Streaming Services on Piracy in Undergraduate Students

By John G. Moustis Jr.* & Austin Root*

I. Introduction

Music piracy is widely considered to be the greatest problem faced by the music industry worldwide.[1]  According to a 2007 study conducted by the Institute ty Policy Innovation, Americans’ music pirating habits have caused:

• An annual reduction in the U.S. economy by $12.5 billion;
• The loss of 71,060 jobs in the sound recording industry and downstream retail;
• The loss of $2.7 billion in annual earnings by workers in the sound recording industry and downstream retail; and
• The loss of at least $422 million in state and federal tax revenue.[2]

Studies suggest new technologies like internet radio and interactive streaming services could significantly reduce piracy.[3]  Although this topic is at the center of many legal comments, little empirical research has been conducted to answer this question.

In response to this gap in the literature, the author conducted a survey on the music consumption habits of 252 college students.  The results demonstrate that while music piracy is still widespread on college campuses, streaming services have already begun to reduce the amount of music pirated per year.  If streaming is in fact responsible for this shift away from piracy, Congress would do well to implement a compulsory licensing system for music streaming webcasters.  Such a structure could help music distributors stabilize their business model and incentivize music consumers to use their services in place of alternative, illicit means.

After briefly discussing the modern tools of music pirates and the current state of digital music distribution technologies, this study presents empirical data showing that music piracy is alleviated by internet streaming services.  The methodology used for data collection follows, along with a statistical analysis.  The paper concludes with a discussion on the effects of internet technologies on music piracy and how enacting a compulsory licensing scheme would help streaming services to succeed, in turn lowering music piracy.

II. America’s Addiction to Music Piracy

A. What is Music Piracy?

While music piracy may be committed in a number of ways under copyright law, this study focuses on digital music piracy.  Digital music piracy is committed specifically through the copying, distributing, transmitting, or making available of copies of digital audio files.[4]  This may be done by uploading or downloading a copyrighted song from an unlicensed or unauthorized webpage, P2P network, or file-exchange server;[5] burning a CD, other than for archival use;[6] or converting a video hosted on a webpage into a digital audio file.[7]

B. The Extent of Music Piracy Today

Illegally downloading music is rampant throughout the United States today.  Forty percent of Americans aged eighteen and older have copied CDs or downloaded music files for free.[8]  Eighty-seven percent of students currently in college conduct some form of illegal copying, with each college student maintaining on average over 800 illegally downloaded songs.[9]

Torrent file trackers estimate that around 70 million people have been found across all formats of file-sharing programs on a daily basis,[10] while 30 million people engage specifically in torrent file-sharing every day.[11]  It is safe to conclude that music piracy is more prevalent in America than ever before.

Media piracy is most common among youth.  Specifically, undergraduate college students are the most active music pirates.[12]  However, while young people are the most active pirates, they are also more likely to adopt new technologies.[13]

III. Today’s Music Technologies

The physical size of consumers’ music libraries and listening devices has continuously shrunk over time.  From records and phonographs to ephemeral radio waves and pocket-sized stereos, it is now easier for people to access as much music as possible, at all times, wherever they are.

MP3s were the original solution to the demand for portable music until MP3 players and phones became integrated.  The age of the iPod was quickly brought to a close as the smart phone era was ushered in.[14]  However, the desire for smaller, slimmer smart phones, in addition to the presence of tens or hundreds of apps on a phone, reduced the amount of hard drive space available for music storage.  This drove the need for a music format that took up even less physical space.

People today are switching by the millions[15] to new music streaming services such as internet radio,[16] interactive streaming services,[17] and on-demand music videos.[18]  Via these distribution mediums, consumers are able to access all of the music they desire without having to store the music files directly on the device they are carrying.  We can see the high demand for music streaming today as the market continues to shift from CD and digital purchases, while streaming and internet radio revenues continue to increase.  In 2014, the number of paying streaming subscription users rose by 46 percent, while digital downloads decreased by eight percent.[19]  In the same year, the streaming service webcasters alone earned $1.6 billion.[20]  Streaming is gaining popularity at a rate that is even faster than the rate at which digital downloads overtook physical mediums.[21]

IV. The Uncertain Future of Interactive Music Streaming Services

Copyright law compartmentalizes streaming services into three distinct groups:[22] (i) interactive;[23] (ii) non-interactive, subscription;[24] and (iii) non-interactive, non-subscription.  In accordance with copyright law, streaming services that fall under categories (ii) and (iii) are subject to compulsory licensing, meaning those types of webcasters may stream a copyrighted sound recording so long as the webcaster pays the licensing fee set forth by the copyright royalty board.[25]  In contrast, category (i) services must negotiate directly with sound recording copyright owners to obtain digital performance licenses.[26]  These interactive services suffer from the increased transaction costs that come with having to deal with each copyright owner individually,[27] such as unpredictable price schemes.[28]  For example, in 2012 the interactive streaming company Spotify came to an agreement with record labels to pay the higher of $200 million or 75 percent of total revenues.[29]  It is expected that Spotify and other interactive streaming webcasters’ costs will continue to rise as their revenues continue to increase.[30]

The current licensing scheme for interactive streaming services has resulted in the concentration of certain artists’ music within some streaming services and not others.[31]  If sound recording copyright holders do not want their songs played via an interactive streaming service, they are not required by law to issue a license to the service.  Under the current scheme, for example, if a person purchases a subscription to Spotify, that person will not be able to listen to almost all works by mega-artists such as Taylor Swift, Jason Aldean, and Garth Brooks, who either pulled their music from Spotify or never made it available on Spotify to begin with.[32]  This current scheme forces consumers to use multiple channels or mediums to listen to their favorite songs. Many individuals turn to piracy as an alternative to this cumbersome process.

V. Previous Literature on Music Streaming Services and their Effects on Music Piracy

As new music consumption technologies began to develop, researchers shifted their focus towards the effects of these new services on music piracy.  So far, the results have been mixed.  One study asked respondents to self-report how much they pirated music before and after starting to use the Spotify streaming service.[33]  Seventy-five percent of subjects reported pirating music less after beginning to use the interactive streaming service.[34]  Other studies have shown that streaming and internet radio users are the demographic most likely to purchase physical or digital albums after hearing music via online mediums.[35]  However, one survey of college undergraduates found that those who use streaming services are more likely to engage in music piracy.[36]

Legal scholars have written a number of articles on this topic.  Some suggest that supporting interactive streaming service growth in the music industry by developing a compulsory licensing scheme for interactive webcasters can help combat diminishing revenues in the music industry.[37]  How exactly these schemes should look is widely debated. Most articles published by legal scholars on this topic are limited in scope to policy analyses and do not make use of empirical data.[38]

VI. The Present Study

This study hopes to build upon and inform previous legal comments through the use of empirical data. In the current study, the author attempts to expand on existing research by asking the following question:

What effects does the rapid popularization of music streaming services have on (a) the amount of students who pirate music and (b) the amount of music illegally downloaded?

In exploring the previous question the following hypotheses are proposed:

H1 – A student’s use of music streaming services does not affect whether that student pirates music.

H2 – A student’s use of music streaming services does affect the amount of music that student pirates.

VII. Experimental Design & Methodology

This study is based on a survey conducted in the fall of 2015 at the University of Illinois in Champaign, Illinois.  In total, 252 participants responded.  The participants’ ages range from 18 to 32 years old, with the mean age of the sample being approximately 20 years old.  Of the sample population 140 participants were male, 107 participants were female, and 5 gave no response.

The data were collected through a questionnaire distributed to the students near the end of classes they were currently attending.  The survey consisted of 11 questions.  The first part of the survey gathered general information concerning the music consumption habits of the respondent.  The second part collected asked the respondents about their use of streaming service account subscriptions and piracy habits.[39]  The third part of the survey measured the respondent’s knowledge of policy and punishment, along with perceptions of their peers’ piracy habits.  The last section gathered demographic information.

To capture the undergraduate students’ levels of participation in music piracy, the survey asked respondents to indicate approximately how many files they had illegally downloaded in the past year.  Potential responses included: not applicable (none); 1–10; 11–100; 101–1000; more than 1000 files.

The next variable measured how respondents consumed music.  Individual respondents were given a list of distributional mediums (e.g. CDs/Vinyl Records, Analog Radio, Satellite Radio, Internet Radio, Interactive Streaming Services, MP3s, and Other) and asked to mark all that apply.

The next variables were based off more specific data regarding the respondent’s use of internet radio and streaming service accounts.  To measure the students’ habits regarding the use of internet radio and streaming service accounts, the survey asked them to indicate whether they had ever purchased a streaming service account subscription.  These data allowed us to categorize individuals as account purchasers or those who just use internet radio and streaming services to consume music.

To analyze the data, the study used descriptive statistics, inferential statistics, and regression analyses.  First, the descriptive statistics of the sample population were analyzed.  Then each dependent variable was analyzed using inferential statistical techniques and regression analysis.

VIII. Results

The most common medium used by participants was Interactive Streaming Services (75.79 percent).  Digital MP3s (65.87 percent) and Internet Radio (63.10 percent) are the next most popular mediums.

Approximately 40.48 percent of the participants reported that they had purchased a streaming service subscription, meaning a majority of the participants (59.52 percent) either choose to use the free version of streaming services or not to use such mediums at all.  Of the participants who purchased streaming service subscriptions, 38.24 percent allowed others to use their account while 59.80 percent said that they do not.  Further, 42.46 percent of sample population indicated that other people allow them to borrow a streaming service subscription.

A vast majority of the respondents (82.94 percent) reported that they have pirated music.  Only 17.06 percent indicated that they have never engaged in the activity. Of those who have engaged in music piracy, most students (38.76 percent) pirated 11-100 files in the past year, 29.29 percent pirated 101-1000 files, 12.92 percent pirated 1-10 files, and 9.57 percent pirated more than 1000 files in the past year.  7.18 percent of the respondents who said they have pirated music reported they had pirated zero music files in the past year.  This indicates that they likely have stopped engaging in music piracy.

A. Pirates

The first dependent variable analyzed was undergraduate students’ tendency to be a music pirate.[40]  In order to discern which variables, if any, affect the probability that a person is a music pirate, a regression analysis was conducted.[41]  The analysis showed no correlation between using a streaming service and whether a person engages in music piracy.[42]

Table 1
Table 1

B. Amount of Music Pirated

To determine which variables, if any, affect the probability that a person illegally downloads a certain amount of music, a Pearson’s chi-square statistic was conducted.  According to that test, consuming MP3s, either legally or illegally,[43] affected the probability that a respondent pirated more music per year.  In contrast, purchasing a streaming service subscription[44] affected the probability that a respondent pirated less music per year.  Further, the analysis revealed that those who do not purchase a streaming service subscription pirated more music per year than subscribers.

Table 2
Table 2

The statistical significance of these results was again confirmed through a multiple regression analysis (see Table 3 below).[45]  Further, this regression analysis revealed a negative correlation between purchasing a streaming service or internet radio account and the rate of music piracy,[46] meaning that purchasing a streaming subscription was less likely to cause a respondent to pirate music in large quantities per year.

Table 3
Table 3

IX. Discussion

Students who have purchased a streaming service subscription illegally download fewer songs per year.  The inferential statistical analysis and regression analysis confirm this conclusion because there is a negative relationship between purchasing an account and the amount of music pirated.  Although the data tended to show that purchasing a streaming subscription is related to the amount of music a student pirates, the results do not enable the author to confirm the hypothesis that using a streaming service affects the amount of music a student pirates.[47]

Further, the inferential statistics tend to show that individuals who purchased a streaming account were less likely to continue illegally downloading music altogether.  Of the individuals surveyed, 4.27 percent of students who have pirated music in the past, but have not purchased a streaming subscription, no longer pirate music.  11.50 percent of people who have pirated music and have purchased a streaming subscription no longer pirate music.  Further, only 5.07 percent of students who said they consume MP3s no longer pirate music.  In contrast, 12.12 percent of students who do not consume MP3s no longer pirate music.  These statistics demonstrate that subscribers who pay for their streaming accounts are less likely to pirate music, and that those who are not dependent on MP3s are less likely to pirate music.  Therefore, as more consumers purchase streaming subscriptions, a significant number of individuals will reduce the number of songs they illegally download per year or will eliminate their pirating habits altogether.

However, streaming subscriptions, in their current form, are far from a panacea to music piracy.  88 percent of streaming subscribers still engage in music piracy.  The author hypothesizes that this is largely because the song choices within streaming webcasters’ libraries are limited.

Currently there is no effective solution to bring music listeners all of the songs that they want to listen to on one platform that is accessible by any device, anytime, anywhere.[48]  Because sound recording copyright owners are not compelled by law to license to streaming services, many major streaming services like Spotify lack comprehensive song libraries.  In a market where streaming services lack the most popular songs, consumers will be forced to use multiple streaming platforms or turn to alternative, often illicit, technologies.  Absent affordable licensing agreements, streaming services will never be able to provide the vast amount of content desired by consumers.

These failures of copyright law could be remedied with a new licensing scheme.  Many variations on a compulsory licensing system have been proposed to remedy the issues caused by the current scheme.[49]  One compelling system, crafted by James Richardson, suggests a three-part model which secures a minimum royalty rate to sound recording copyright owners, sets a maximum licensing fee for webcasters, and then taxes the licensing fees collected by content owners based on a webcaster’s net revenue.[50]  This system provides content owners with a guaranteed licensing fee, protects webcasters from excessive licensing rates, and incorporates a tax penalty, thereby incentivizing both parties to negotiate fairly.  Such a system acknowledges the rights of both content owners and distributors equally.

X. Conclusion

In conclusion, the results of survey data collected on undergraduate students’ music consumption habits tend to show that those who purchase music streaming service subscriptions are less likely to download large amounts of music illegally.  This evidence supports the conclusion that music streaming subscriptions can help to reduce music piracy.  For the moment, as streaming services becomes more popular, digital audio formats will continue to phase out, concurrently decreasing music piracy.  If music streaming services are not provided with adequate legal footing, however, they will continue to slip further into debt and eventually fold.[51]  This will leave consumers with few desirable, legal music platforms and rouse consumers to pirate more music.  If music creators and webcasters can come to a compromise with regard to a fair compulsory licensing scheme for interactive streaming services, webcasters will be able to provide more comprehensive services to music listeners, removing the temptation to pirate music.  Therefore, policymakers should introduce a scheme similar to Richardson’s three-part compulsory licensing model.


*John G. Moustis Jr. University of Illinois College of Law, J.D. candidate, class of 2016. Former intern for SESAC, a US performance rights organization. Current member of a touring cover band.

*Austin Root. University of Illinois College of Law, J.D. candidate, class of 2016. Avid music listener and infamous music pirate. Many thanks to Professors Jennifer K. Robbennolt and Robert M. Lawless for their help and guidance on empirical methods.

[1] See, e.g., Jason R. Ingram & Sameer Hinduja, Neutralizing Music Piracy: An Empirical Examination, 29 DEVIANT BEHAV. 334 (2008); Jyh-Shen Chiou et. al, The Antecedents of Music Piracy Attitudes and Intentions, 57 J. BUS. ETHICS 161 (2005); Neil S. Tyler, Music Piracy and Diminishing Revenues: How Compulsory Licensing for Interactive Webcasters Can Lead the Recording Industry Back to Prominence, 161 U. PA. L. REV. 2101 (2012); Karla Borja et. al, The Effect of Music Streaming Services on Music Piracy Among College Students, 45 COMPUTERS IN HUM. BEHAV. 69 (2015).

[2] Stephen E. Siwek, The True Cost of Sound Recording Piracy to the U.S. Economy, INST. FOR POL’Y INNOVATION (2007), available at (last visited Mar. 14, 2016).

[3] See, e.g., Borja, supra note 1; Tyler, supra note 1.

[4] 17 U.S.C. § 106. See also George E. Higgins et. al, Music Piracy and Neutralization: A Preliminary Trajectory Analysis from Short Term Longitudinal Data, 2 INT’L J. OF CYBER CRIMINOLOGY 324 (2008); Ingram, supra note 1.

[5] Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 919 (2005). See also In re: Aimster Copyright Litigation, 334 F.3d 643, 645 (7th Cir. 2003) (“If the music is copyrighted . . . swapping . . . infringes copyright.”); A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1014 (9th Cir. 2001) (“Napster users who download files containing copyrighted music violate plaintiffs’ reproduction rights.”).

[6] Resources and Learning: About Piracy, RIAA, (last visited Mar. 14, 2016).

[7] Id.


[9] Zhiyong Yang & Jingguo Wang, Differential Effects of Social Influence Sources on Self-Reported Music Piracy, 69 DECISION SUPPORT SYS. 70 (2015).

[10] Ray Delgado, Law Professors Examine Ethical Controversies of Peer-To-Peer File Sharing, STANFORD REPORT (Mar. 17, 2004),

[11] Ernesto Van der Sar, Top BitTorrent Trackers Serve 30 Million Peers Across 4.5 Million Torrents, TORRENT FREAK (July 6, 2013),

[12] Rajiv K. Sinha & Naomi Mandel, Preventing Digital Music Piracy: The Carrot or the Stick?, 72 J. MKTG. 1 (2008). See also Yang, supra note 9.

[13] Tiana Tucker, What Influences Young Adults’ Decision to Adopt New Technology, 2 ELON J. OF UNDERGRAD. RES. IN COMM. 147 (2011); PETER ZOLLO, GETTING WISER TO TEENS: MORE INSIGHTS INTO MARKETING TO TEENAGERS (2004).

[14] See Sean Hollister, The Age of the iPod is Over, THE VERGE (Jan. 27, 2014, 7:57 PM),


[16] E.g., Pandora, Slacker Radio, and iHeartRadio.

[17] E.g., Spotify, Apple Music, Google Play, Tidal, and Amazon Prime Music.

[18] E.g., Vevo.

[19] IFPI, supra note 15.

[20] Id.

[21] Charles Sykes, Album Sales Are Looking Up, USA TODAY, Jan. 5, 2012, at D3.

[22] Digital Performance Right in Sound Recordings Act of 1995, Pub. L. No. 104-39, 109 Stat. 336; Digital Millennium Copyright Act, Pub. L. No. 105-304, §§101-02, 112 Stat. 2860, 2861-63.

[23] These services are offered by webcasters like Spotify, Tidal, Rhapsody, Apple Music, Amazon Prime Music, and Google Play, among others.

[24] These services are offered by webcasters like Pandora, Slacker Radio, and iHeartRadio, among others.

[25] 17 U.S.C. § (c)(3)(A) (2012).

[26] 17 U.S.C. § 114(d)(3)(A) (2012).

[27] Tyler, supra note 1.

[28] James Richardson, Create a Compulsory Licensing Scheme for On-Demand Digital Media Platforms, 31 ENT. & SPORTS LAWYER 9 (2014), available at

[29] Eric Eldon, Spotify Is Having a Good 2012: Revenues Could Reach $500M As It Expands the Digital Music Market, TECH CRUNCH (Nov. 10, 2012),

[30] Richardson, supra note 28.

[31] See Steve Knopper, Taylor Swift Pulled Music from Spotify for ‘Superfan Who Wants to Invest,’ Says Rep, ROLLING STONE (Nov. 8, 2014),

[32] This fact can be observed by visiting and and searching for “Taylor Swift” within the websites. Observe how limited the song selection of Spotify is compared to that of Tidal.

[33] Mehmet Delikan, Changing Consumption Behavior of Net Generation and the Adoption of Streaming Music Services: Extending the Technology Acceptance Model to Account for Streaming Music Services (June 1, 2010) (unpublished master’s thesis, Jonkoping International Business School), available at

[34] Id.

[35] Kaitlin M. Pals, Facing the Music: Webcasting, Interactivity, and a Sensible Statutory Royalty Scheme for Sound Recording Transmissions, 36 J. CORP. L. 677, 692 (2011).

[36] Borja, supra note 1.

[37] Borja, supra note 1. See also John Eric Seay, Legislative Strategies for Enabling the Success of Online Music Purveyors, 17 UCLA ENT. L. R. 163 (2010).

[38] Tyler, supra note 1.

[39] In another paper the author discusses the how undergraduates’ knowledge of school and federal policies affect their propensity to pirate music. Those topics are not discussed in this paper. See John Moustis & Austin Root, Who Knows the Rules?: How Internet Technology and Perceptions of Policy Affect Music Piracy in Undergraduate Students (December 2015) (unpublished manuscript, University of Illinois College of Law).

[40] I.e., someone who currently pirates music.

[41] The independent variables accounted for were gender, streaming users, MP3 users, those who use others’ purchased streaming accounts and do not purchase their own, and overall knowledge level of government and university policies. The formula can be described as follows: Pirate = α + b1(Gender) + b2(Modern) + b3(Digital) + b4(UseNoPurch) + b5(OverPolicy) + ε.

[42] The analysis did reveal a correlation between being a music pirate and being male (p = 0.029) and also consuming MP3s (p = 0.035).

[43] p = 0.004

[44] p = 0.0018

[45] The variables accounted for were gender, MP3 users, those who purchased accounts, streaming users, and overall knowledge level of university and federal policies. The formula can be described as follows: PirateAmount = α + b1(Gender) + b2(Digital) + b3(PurchaseAccount) + b4(Modern) + b5(OverPolicy) + ε. There was a statistically significant relationship between gender and the level of participation in music piracy (p = 0.015). Also, we found that there is a positive relationship between consuming MP3s and the level of participation in music piracy (p = 0.010).

[46] p = 0.024

[47] H1: A student’s use of music streaming services does not affect whether that student pirates music (ACCEPT). H2: A student’s use of music streaming services does affect the amount of music pirated by that student (REJECT).

[48] Steve Knopper, Islands in the Stream: The 10 Biggest Holdouts in Digital Music, ROLLING STONE (Jan. 2, 2015),

[49] See, e.g., Richardson, supra note 28; Seay, supra note 37; Tyler, supra note 1.

[50] Richardson, supra note 28.

[51] See, e.g., Richardson, supra note 28; Seay, supra note 37; Tyler, supra note 1.

Search Engines under Attack: Examining the European Union’s Right to Be Forgotten (Part I)

By Tisunge (Sunga) Mkwezalamba*


Personal data provides a legitimate business interest to an online global market.  For instance, personal data is needed for basic functions of a website operation, such as registering, retrieving individualized preferences, or making payments.  The use of personal data also improves user experience.  By collecting and storing personal data, a website can recognize visitors and respond to their preferences.  Moreover, personal data generates revenue by offering opportunities to third parties using the personal data to increase their customer base.  Generally, this is done through direct marketing.  Data privacy rights (sometimes referred to as data protection regulation) are in place to protect personal data because individuals have no control of their data after it is collected.

The European Union (EU) affords its citizens some of the strongest data privacy rights in the world.  EU citizens enjoy privacy rights so strong that they have the option to have their data disappear from the Internet.  This disappearing power is known as the “right to be forgotten”.

This paper will argue that the EU’s interpretation of the right to be forgotten is bad policy and results in bad law that burdens search engines.  Part I introduces the pieces and functions of European Union (EU) data privacy law and some underlying policies.  This section also introduces pending data privacy legislation.  The pending data privacy legislation introduces a very broad and vague right to be forgotten, which can be interpreted through Google Spain v. González, the only case precedent interpreting the right.

Part II analyzes Google Spain v. González.[1]  In González, Mario Castejo González, a Spanish citizen, sued Google to have unfavorable personal data removed from search results pursuant to EU data privacy law.  The case began in Spanish high court, but the court referred questions to the Court of Justice of the European Union (CJEU) because it was unsure whether EU data privacy law applied to search engines that provide links to lawfully published personal data.  The CJEU held that it did, and ordered Google to remove all links to González’s unfavorable information from its search results.  In its analysis, the court defined the right to be forgotten so broadly that it now covers any personal information that an individual simply considers embarrassing.  The court also reasoned search engines, such as Google, are responsible for personal data wherever it was located on the server, regardless of how it was obtained.  As a result, this decision enlarged unforeseeable costs for search engines associated with enforcing the right to be forgotten.

Part III argues that the EU’s right to be forgotten is bad policy and bad law for four primary reasons.  First, the EU’s interpretation of the right to be forgotten does not remove access to the personal data that has been requested for removal.  Second, broadening the type of data that may be removed such as a history of bad debts is likely to lead to instability in capital markets where investments and extensions of credit are based on personal data, whether or not it is unfavorable.  In addition, removal of unfavorable personal data hurts the democratic process, which relies on such information when appointing individuals to high positions of society.  Third, as currently interpreted, the right compels large search engines to enforce the international right at their burden.  This is significant because search engines then have to create a judiciary to judge EU law where only one precedent stands and many variables exist when determining whether to remove personal data.  And lastly, the CJEU’s interpretation of the law disregards guaranteed freedoms, mainly the freedom of expression, for the right to be forgotten.

Part IV offers alternative policy and legal solutions for the EU’s interpretation of the right to be forgotten.  The first recommendation encourages online anonymity on the Internet, such as anonymous posting.  Anonymity would move information provided voluntarily outside of the EU’s definition of personal data since the definition requires that the information relate back to an individual in such a way that it identifies them.

The second recommendation discusses a draft of a right to be forgotten that would limit the right to individuals whom society and the law have a strong interest to forgive.  An example of such an individual is a minor.  This is important because a majority of requests to remove personal data is embarrassing in nature, and most individuals would prefer their past mistakes be forgiven.  However, forgiveness of past mistakes should not be afforded to every individual who is embarrassed by their past.

The concluding recommendation suggests that the EU should place the burden of determining when to afford the right to be forgotten on EU data authorities because the determination of most of the request requires a subjective test, which would lead to inconsistent application by search engines.

Part I: The European Union on Data Privacy Law

The EU provides its citizens some of the strongest data privacy and protection rights, particularly when compared with the United States.  In the EU, protection of personal data is a fundamental right to privacy provided by Article Eight of the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2]  On the other hand, in the US, the specific right to privacy protection is not a fundamental right guaranteed to citizens by the Constitution.  In addition, the strength of EU data privacy law is highlighted in the policy underlying its promotion of the movement of personal data in the online global market where the collection and use of personal data generates revenue opportunities through online activities such as target advertising.  In the EU, the movement of personal data in the online global market is promoted by ensuring that processors are secure and individuals are given access to their personal data to verify, change, or erase their information.  The rationale for promoting security and access rights is based on a belief that individuals will be more willing to offer their personal data to online operators if they are confident that their privacy is secure and they are afforded access to their personal data.  In the US, in contrast, the movement of personal data in the online global market is promoted by limiting the amount of government regulation on the online market.  Thus, American laws are less voluminous than EU data privacy laws and individuals rarely have access to their personal data.  The rationale for the American style of governance is based on the belief that overregulation of markets stifles economic growth.

EU Directives on Data Privacy

In the EU, data privacy rights and the protection of personal data are governed by Directive 95/46/EC[3] and e-Privacy Directive 2002/58/EC.[4]  Collectively, they outline how an individual or entity can legally collect personal data from EU residents, the obligations that exist when using and storing the personal data, and the rights individuals have to access their personal data after it has been collected.

a. Directive 95/46/EC

In 1995, the EU enacted Directive 95/46/EC, its first directive on the protection of individuals with regard to the privacy and protection of their personal data.[5]  Directive 95/46/EC set out to follow the Organization for Economic Co-operation and Development’s (OECD) seven principles on the protection of Transborder Flows of Personal Data.  These principles ensure individuals are given notice that their personal data is being collected and for what purpose it is collected; individuals consent before their personal data is collected; data is kept secure; and subjects are given access to their personal data under certain circumstances.[6]  The underlying principle for access rights is that data subject are in the best position to determine whether their personal data is being misused.  Thus, they should be given access to make such an evaluation.

EU data privacy law applies to an individual or legal body that determines the processing of personal data, also known as the data controller.[7]  Directive 95/46/EC defines personal data as any information that relates to a natural person, known as a “data subject.”[8]  Information relates to a data subject when it can be used to identify an individual, such as an identification number, or his or her economic, cultural, or social identity.[9]

Directive 95/46/EC applies to the automated processing of personal data and other processing of personal data that form a part of a filing system.[10]  Processing of personal data is a broad term, and is essentially “any operation performed . . . upon personal data” such as collecting, storing, altering, or erasing the personal data.[11]  A filing system is the function that controls how the personal data is stored and retrieved.[12]  A controller is the operator of the filing system.  Therefore, controllers determine the purposes for processing and must uphold the certain OECD principles adopted by Directive 95/46/EC such as data security and access rights.

Article 12(b) of Directive 95/46/EC states that controllers are to provide data subject access to “erasure” or “block” access to their personal data when “it does not comply with the provisions of the Directive, particularly because of the inaccurate or incomplete nature of the data.”  The González case discussed below narrates how the CJEU recently interpreted Directive 95/46/EC access rights to have personal data blocked or deleted into a right to be forgotten.  However, the court found that the Directive compelled search engines to delete any disfavoring personal data that has been lawfully collected, regardless of whether it is incorrect or incomplete in nature.

b. E-Privacy Directive 2002/58/EC

In 2002, the EU enacted E-Privacy Directive 2002/58/EC (“E-Privacy Directive”). E-Privacy Directive was later amended by Directive 2009/136/EC.[13]  The E-Privacy Directive was enacted to address developments in technology since the enactment of Directive 95/46/EC.  The directive provides similar coverage as Directive 95/46/EC by extending the OECD principles to the field of telecommunications.  Further, the rule acknowledges developments in the means by which controllers are able to collect and process personal data through outlining the rights and obligations with regard to the use of cookies, location data, spam, and spyware.[14]

c. The future of European Union Data Privacy Law: General Data Protection Regulation

Directive 95/46/EC and the E-Privacy Directive are expected to merge under a new EU data privacy regulation in December 2017.[15]  The proposed regulation is called the General Data Protection Regulation (GDPR).[16]

In accordance with the underlying policy for the promotion of the movement of personal data in the online global market, the new set of rules gives citizens more control over their personal data and aims to simplify the regulatory environment for businesses through unification of the current data privacy regime.[17]

Though the GDPR intends to simplify the regulatory environment for businesses while providing more control to its citizens, some provisions in the draft are already drawing a lot of attention by those who argue that the data privacy and protection laws of the EU are already constraining on the online global market.[18]  Those who take a position against strengthening EU data privacy laws believe in a free market system, free from government oversight.  This position is similar to the policy underlying the U.S. data privacy regulation discussed above.

For instance, GDPR will mandate that processors hire a data protection officer.[19]  Currently, the average salary for a data protection officer is $75,899.[20]  This rule will greatly impact small business that cannot afford the additional costs during their developmental stages.  In addition, the rule disregards the communication costs for controllers who will be subject to new compulsory notification and access rights for which each data subject must have access to information that they can read.[21]  The EU recognizes 24 different languages, any of which EU citizens are to have access to documents in.[22]  Ensuring that communications regarding personal data is given in any of the 24 forms creates several additional costs to controllers.

However, the most unique addition to the GDPR, and perhaps also one of the most troublesome, is Article 17’s right to be forgotten.  This provision was included to clarify the right of erasure in Article 12(b) of Directive 95/46/EC.[23]  As was previously mentioned, Article 12(b) of Directive 95/46/EC affords EU citizens a right to erasure, interpreted in González as a right to be forgotten, regardless of whether the personal data is inaccurate or incomplete in nature.

In its clarification, Article 17 of GDPR provides a definition of the right to be forgotten that is similar to the CJEU’s interpretation in González.  In González, the court held that the right to be forgotten should be afforded to data subjects when such removal is pursuant to the principles of Directive 95/46/EC.  Similarly, Article 17 states that the right to be forgotten may be exercised in several situations, including when the personal data is no longer necessary, when the data subject withdraws consent or objects, or when processing does not comply with the principles of GDPR.

Further, GDPR’s right to be forgotten includes an obligation to the controller to inform third parties who have obtained the personal data as a result of the controller’s publication or processing, or third parties whose personal data the controller has obtained as a result of the controller’s processing mechanisms.  This language is similar to the effect of the decision in González, which held that search engines were obligated to de-link access to personal data it obtained through its processing mechanics (the storing and filing of websites containing personal data) from third parties.

An analysis of the landmark case of Google v. Mario Costeja González illustrates how the EU’s interpretation of a right to be forgotten is improper and requires large search engine operators, such as Google, to decide when to enforce EU citizen’s privacy rights.


*Tisunge (Sunga) Mkwezalamba. University of Illinois College of Law, J.D. candidate, Class of 2016. Data privacy focus. Many thanks to Maxwell and Hilda Mkwezalamba.

[1] Case C-131/12, Google Spain v. González, 2014 EUR-Lex CELEX-LEXIS 317 (May 13, 2014).

[2] 2000 O.J. (C 364) 1, available at

[3] Council Directive 95/46, art. 25, 1995 (L 281) 31 (EC) [hereinafter “Directive 95/46/EC”], available at

[4] Directive 2002/58, 2002 O.J. (L 201) 37, available at

[5] Id.

[6] Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013), OECD, (Last visited Feb. 5, 2016). The seven principles are (1) Notice, (2) Purpose, (3) Consent, (4) Security, (5) Disclosure, (6) Access, and (7) Accountability. Data subjects should be given notice when their data is being collected; data should only be used for the purpose stated and not for any other purposes; data should not be disclosed without the data subject’s consent; collected data should be kept secure from any potential abuses; data subjects should be informed as to who is collecting their data; data subjects should be allowed to access their data and make corrections to any inaccurate data; data subjects should have a method available to them to hold data collectors accountable for not following the above principle. Id.

[7] Id. at art. 2(d).

[8] Id. at art. 2(a).

[9] Id.

[10] Directive 95/46/EC, supra note 3, at art. 2(c).

[11] Id. at art. 2(b).

[12] Id. at art. 2(b)(c).

[13] Directive 2002/58/EC, supra note 4.

[14] Id. See paragraph 53 discussing traffic data; paragraphs 65, 66, and 70 addressing spyware; paragraph 68 discussing spam; and paragraph 66 for cookies. See Article 2(a)(c) of Directive 95/46/EC for more information on location data.

[15] Hunton & Williams, Hunton Releases Guide to the Proposed EU General Data Protection Regulation, HUNTON PRIVACY BLOG, (May 5, 2015),

[16] Proposal for a Regulation Of The European Parliament And Of The Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012) [hereinafter GDPR], available at., (last visited Feb. 6, 2016).

[17] Id.

[18] Ardi Kolah, British Government Delays Progress on GDPR as EU Pressure Mounts, BRANDREPUBLIC (Jan. 10, 2015),; Jeremy Whitaker, The Cost of the EU Data Law, DIGITAL MARKETING MAG. (Aug. 10, 2015),

[19] GDPR, supra note 16, at art. 30.

[20] Data Security Analyst Salary, SALARY.COM, (last visited Feb. 5, 2016).

[21] GDPR, supra note 16, at art. 12.

[22] Official Languages of the EU, EUROPEAN COMM’N, (last visited Feb. 5, 2016).

[23] GDPR, supra note 16 at art. 17.

Outkicking Its Coverage: How DraftKings’s Aggressive Terms of Use May Leave It Vulnerable to Class Action

By Andrew Lewis*

Over the last 20 years, fantasy sports have evolved from a niche pastime involving a group of fans informally scoring competitions by hand to a multibillion dollar industry.  The institution of daily fantasy sports (DFS) is the most recent phenomenon involving fantasy sports.  One need only look at the money spent on advertising to recognize the prevalence of DFS. During the first nine months of 2015, industry leaders DraftKings and FanDuel spent more than $205 million on more than 60 thousand advertisements.[1]  As its popularity and bottom line have swelled, so too has the number of DFS’s legal issues.

In April 2015, DraftKings faced a false advertising claim based on its dubious “100% deposit bonus,” which required players to participate in a certain number of contests before recovering the bonus.[2]  Further, critics of DFS have voiced concerns over its status as a “game of chance” rather than a per se gambling operation subject to stringent prohibitions and regulations.[3]  In early November, New York Attorney General Eric Schneiderman sent a cease and desist letter to the two DFS companies on the grounds that their operations constituted “gambling.”[4]  In response, the companies filed suit against Schneiderman and requested a temporary restraining order.[5]  In light of the New York issues, FanDuel has paused operations in the state until the resolution of the suit.[6]  DraftKings, on the other hand, will continue its operations in New York.[7]  While these issues are certainly troubling for the DFS giants, a scandal garnering the attention of federal prosecutors is perhaps the industry’s biggest threat.

In the first week of October 2015, DraftKings and FanDuel faced allegations of impropriety, akin to an insider trading scandal.  The issue was bad publicity for the DFS giants to be sure, but without an analogous securities regulation framework, the legal ramifications of the episode were unclear.  In order to understand the nature of the scandal, one must first understand how DFS works and the strategy top players use to win the contests.

DFS is a game in which participants pay an entry fee in order to compete in daily or weekly competitions.  In a given competition, participants could compete against hundreds of other individuals for the allure of a cash prize for top performers.  DFS participants choose a different fantasy team for every competition.  Each player is assigned a dollar amount based on their expected performance, and teams must stay below a certain dollar “cap.”  The object of the game is to have the players with the best statistics on your team throughout the duration of the competition.  Thus, at its heart, DFS forces participants to make economic calculations based on the expected return on investment of the athletes: choose the best players, score the most points, win the most money.  Or so it would seem.

Some argue that a more sophisticated strategy is to attempt to take the road less traveled, and choose players that relatively few other league participants choose.[8]  DFS allows players to be chosen by multiple participants, so any number of teams could look remarkably similar.  The more similar teams look, the less variance there is among those teams’ scores, and the less likely that those participants win a top prize.  While Tom Brady might be projected to have a better week than Andy Dalton, for example, in the event Dalton outperforms Brady, Dalton owners gain an advantage over a significant portion of the market.  Meanwhile, if Brady outperforms Dalton, Brady owners only gain an advantage over a miniscule portion of the market.  To this end, the best players are those that are (1) expected to perform well, (2) are relatively cheap, and (3) are unpopular.[9]  While DFS participants can use their sports expertise and economic acumen to make wise choices based on the first two variables, they are left guessing on the relative popularity of a given player.  If a participant happened to have knowledge regarding a player’s popularity, it would give him a significant advantage over his competition. Enter the scandal.


On October 5, DraftKings and FanDuel each released statements regarding alleged impropriety in their games.  The allegations surrounded a DraftKings employee who inadvertently released DraftKings ownership statistics on a message board prior to the third week of NFL games.[10]  That information is not available until all lineups are final.  The same employee also happened to beat 229,882 other entrants in a FanDuel competition the prior week.  Critics were suspicious of the employee’s second place finish, along with his $350,000 prize—the implication being that he used his access to DraftKings ownership statistics, unavailable to the general public, to gain an advantage over FanDuel DFS participants.  Garnering attention from the media, the FBI, and disgruntled DFS players, the episode has been compared to insider trading.  On October 8, just three days after the DFS giants released their statements, the two DFS giants faced a class action complaint.


The class action complaint filed in the Southern District of New York is comprised of seven claims, including negligence, fraud and misrepresentation, a violation of Kentucky’s Consumer Protection Act, a violation of the New York Deceptive Acts and Practices Law, false advertising, and unjust enrichment.  A significant portion of the complaint is devoted to the arbitration provision in DraftKings’s terms of use.  The provision states:

[A]ny and all disputes, claims or controversies arising out of or relating to this Agreement, the breach thereof, or any use of the Website . . . except for claims filed in a small claims court that proceed on an individual (non-class, non-representative) basis, shall be settled by binding arbitration . . . . In agreeing to arbitrate all Claims, you and DraftKings waive all rights to a trial by jury in any action or proceeding involving any Claim.[12]

If the above arbitration provision is enforced, then the Southern District of New York will dismiss the case pursuant to the agreed-to provision.  Those DFS participants seeking redress for their losses could still bring their claims on an individual basis, but given that individual losses may be modest relative to the cost of pursuing complex litigation against large corporations, DraftKings and FanDuel’s potential liability in arbitration would be much smaller than it would be in the class action context.  Thus, the DFS giants have a strong incentive to enforce their arbitration provision.

Arbitration provisions of this kind are not uncommon and are generally enforced.  In American Express Co. v. Italian Colors Rest., merchants sued American Express over alleged violations of the Sherman Act.[13]  However, the agreement between the merchants and American Express contained an arbitration provision.[14]  Similar to the provision in DraftKings’s terms of use, the American Express agreement required disputes to be resolved through arbitration and expressly prohibited class suits.  The restaurateurs argued that the cost of litigating the claims on an individual basis would have been prohibitively high relative to their potential recovery, effectively barring the merchants from seeking vindication of their rights.[15]  Because of this, the restaurateurs claimed, an exception should be made to the Federal Arbitration Act in order to preserve access to remedies.  The Supreme Court disagreed.  In the majority opinion, Justice Scalia reasoned that “the fact that it is not worth the expense involved in proving a statutory remedy does not constitute the elimination of the right to pursue that remedy.”[16]  Essentially, then, arbitration provisions remain enforceable in situations where individual suits are economically unfeasible.  However, all is not lost for DFS participants—indeed, the perceived strength of the DFS terms of use may be their own undoing.


In light of the American Express decision, and the likely enforceability of the arbitration provision, the class action complaint advances a number of arguments claiming that DraftKings’s Terms of Use is not a valid, enforceable contract.  Among these is DraftKings’s right, “without prior notice,” to “revoke any or all of [the participants’] rights granted” under the terms of use and DraftKings’s ability to deny participants the ability to partake in its head-to-head contests.  Notably, one of the most aggressive provisions in DraftKings’s terms of use is absent from the complaint.  The DFS giant reserves for itself “the right to amend these Terms of Use at any time and without notice, and it is [the participants’] responsibility to review these Terms of Use for any changes.”[17]

A similar provision was at issue in Harris v. Blockbuster Inc.[18]  There, like in the DFS case, Blockbuster claimed the arbitration clause in its online terms and conditions protected the now-defunct company from class action exposure.[19]  The problem for Blockbuster, however, was that it reserved the right “at its sole discretion, [to] modify these Terms and Conditions of Use . . . with or without notice.  Such modifications will be effective immediately upon posting.”

The court sitting in the Northern District of Texas took issue with Blockbuster’s unfettered ability to “change the rules of the game,” especially given that there was no provision stating that once enacted, the changes would not apply to disputes arising prior to the amendment.[20]  Additionally, the Blockbuster court stated that it did not matter that a retroactive modification had not actually been attempted—the mere fact that the provision was in the contract rendered the entire contract, including the arbitration provision, illusory.  As mentioned above, DraftKings’s terms of use contains a nearly identical modification provision without any clause suggesting that modifications would only apply to subsequent disputes.  If the court determines that the modification clause renders the contract illusory, DraftKings will be vulnerable to class action litigation.


The case study provided by Blockbuster should have alerted drafters of the dangers of unilateral modification clauses.  Arbitration provisions offer a strong defense for companies hoping to avoid the liability associated with class action suits, but including a modification clause like the one at issue in Blockbuster could render the entire contract illusory. Indeed, DraftKings’s may have done just that.  Blockbuster informs that if a unilateral modification clause must be included, the clause must also provide that modifications would only apply to disputes subsequently arising.  Whether or not the class will succeed in its underlying suit remains to be seen, but because DraftKings may have effectively voided its own arbitration provision, there is a chance we will find out.


*Andrew Lewis. University of Illinois College of Law, Class of 2015. Practices commercial litigation in Chicago, IL. Many thanks to JLTP editor Iman Naim for her help and guidance with this article.

[1] Tom Kludt, DraftKings and FanDuel Ads Seem to Be Everywhere on TV Because They Are, CNNMoney (Oct. 8, 2015, 5:23 PM),

[2] Dustin Gouker, Nothing but the Truth? DraftKings Faces New Class-Action Lawsuit for Alleged False Advertising, Legal Sports Report, (Apr. 28, 2015, 7:28 PM),

[3] WKYC Staff, NE Ohio Attorney Files Lawsuit, Says Fanduel, Draftkings Violate Ohio Law, WKYC (Oct. 22, 2015, 12:38 AM), attorney-fantasy-sports-websites- fanduel-draftkings-violate-ohio-law/74352890.

[4] Rachel Axon, DraftKings Staying Open in New York until Legal Decision in Court, USA Today Sports (Nov. 20, 2015, 7:39 PM),

[5] Id.

[6] Id.

[7] Id.

[8] See Jonathan Berr, Is DraftKings’ Ethan Haskell Just a Shrewd “Investor”?, CBS Money Watch (Oct. 14, 2015, 5:15 AM) (explaining that “[i]n daily fantasy sports, as in the stock market, the most widely chosen assets—or, in this case, athletes—represent a less attractive investment because the rewards of the performance are shared among many holders. By contrast, the solitary owner of an undervalued asset would reap larger rewards than those who have opted for a more obvious choice.”).

[9] Seung Lee, How to Win $350,000 on FanDuel and the Mathematics of Daily Fantasy Sites, Newsweek (Oct. 8, 2015, 2:11 PM),

[10] Joe Drape & Jacqueline Williams, Scandal Erupts in Unregulated World of Fantasy Sports, N.Y. Times (Oct. 5, 2015),

[11] Complaint, Johnson v. FanDuel, Inc., No. 15-cv-7963 (S.D.N.Y. Oct. 8, 2015).

[12] Terms of Use, DraftKings, (last updated Oct. 19, 2015).

[13] American Express Co. v. Italian Colors Rest., 133 S. Ct. 2304 (2013).

[14] Id. at 2308.

[15] See Id., (“In resisting the motion, respondents submitted a declaration from an economist who estimated that the cost of an expert analysis necessary to prove the antitrust claims would be ‘at least several hundred thousand dollars, and might exceed $1 million,’ while the maximum recovery for an individual plaintiff would be $12,850, or $38,549 when trebled.”).

[16] Id. at 2311.

[17] Terms of Use, supra note 11.

[18] Harris v. Blockbuster Inc., 622 F. Supp. 2d 396 (N.D. Tex. 2009).

[19] Id. at 397.

[20] Id. at 399.