Talking Cars and the Internet of Things at TRUSTe's IoT Privacy Summit

Future of Privacy Forum is excited to partner with TRUSTe to provide attendees with a full day of case studies, workshops and panels at the second IoT Privacy Summit on June 17th in Menlo Park, California. This year’s Summit focuses on practical solutions to the privacy challenges brought on by the Internet of Things, with topics focusing on key FPF priorities like connected cars, smart cities and homes, wearable devices, and more.

FPF’s Joseph Jerome will participate in a panel titled “How the Automobile Industry Took the Lead in Industry Self-Regulation,” along with representatives from General Motors and Hogan Lovells. The panel will discuss how car makers came together to address privacy issues head-on as vehicles become increasingly connected — and data fueled. The group will also discuss how a set of automotive privacy principles were developed, and what industry is doing to implement them ahead of their 2016 start-date. Click here to view a current list of other speakers.

Ahead of the Summit, on June 16th, FPF will also participate in the IoT Privacy Tech Working Group. The group will meet to identify both the technical standards and best practices necessary to help enhance consumer privacy in the IoT. More information about the IoT Privacy Summit 2015 is  available here.

More important, to register, click here. We look forward to discussing the Internet of Things next month!

Communicating with Parents about Student Privacy

Recently, a number of bills have been proposed at both federal and state levels aimed at protecting student data privacy. Laws, codes of conduct, better contracts and training all play key roles in ensuring that student data will be used responsibly.  However, the most important effort that has yet to be well addressed is the communication between schools and parents.

At FERPA|SHERPA, we highlight some school districts that have succeeded in offering parents a clear description of the technologies they use and the data collected.  We were pleased to recently come across another great example of parent communication at the Smithfield Public School District in Smithfield, RI.  Smithfield provides an informational webpage that informs parents about the applications used in the district, the purposes for which they are being used and what information they collect. The webpage also provides links where parents can see the privacy policy, terms and conditions and other relevant information about the educational applications.

Kudos as well to Smithfield for designating two leading school officials, Paul Barrette, the school department’s director of technology, and Craig Levis, special education director, as the privacy leads for the district.  It is essential that schools appoint privacy officers and institute appropriate training if we expect compliance with laws and policies.

Please let us know of any other schools that have provided helpful communications for parents, so that we can share great examples that the school community can learn from.

 

Pew Tackles the Future of Privacy

On Wednesday, the Pew Research Center released its third report on Americans’ attitudes towards privacy and surveillance. While the report confirms previous findings that, no, privacy is not dead, it focuses a broader look at Americans’ views on privacy in public and information control. It finds that our privacy-values are particularly heightened with respect “to having a sense of control over who collects information and when and where activities can be observed.”

Nearly all adults report that who is gathering information and what information are an essential dimension of privacy control. Strong majorities believe — 74% believe “very strongly” — that it is important to be in control of who can get information about you. The home continues to be viewed as “do not disturb” zones, which may present interesting implications for the emerging Internet of Things. And by a 2-to-1 margin, Americans believe in limits on employer-monitoring of employees.

One particularly interesting finding from the report are the Americans’ views toward data retention broadly. Most Americans believe that only “a few months” or less is long enough for companies to store most records of their activities. Different industry sectors get more or less leeway. For example, majorities support credit card companies retaining their data, but even here, the length of time people feel are reasonable retention periods varies. Once again, strong majorities were skeptical of the need for online advertisers to “safe any info” about them for lengthy periods of time, if at all.

The Future of Privacy Forum’s Capitol-Area Academic Network was privileged enough to discuss the Pew privacy project with the report’s authors last fall, and Pew’s series continues to demonstrate not only the value of privacy — but the strong need to think about better ways to offer privacy controls and communicate practices with consumers.

Joseph Jerome, Policy Counsel

NYC Taxi & Limousine Commission Proposal Raises Privacy Concerns for Apps

On Monday, the Future of Privacy Forum joined with the Bill of Rights Defense Committee/Defending Dissent Foundation, Center for Democracy & Technology, The Constitution Project, and Electronic Frontier Foundation to write the NYC Taxi and Limousine Commission (TLC) about its proposed rules regarding For-Hire Vehicle dispatch apps.

We were especially concerned with the requirement that apps be automatically capable of “collecting and transmitting” a wide array of data including the requested pick-up time, date, and location, which could be collected even in the event that the passenger later cancelled the trip. The proposed rules provide no guidance with regard to when and how such transmission would occur, suggesting this data could be requested at the sole discretion of TLC.

This sort of broad data collection by a government agency presents important privacy issues. In particular, it raises key Fourth Amendment concerns, as well as permits wide swaths of sensitive data to potentially be released publicly through state Freedom of Information laws. Several news reports have previously demonstrated how even allegedly anonymized taxicab data can be “reverse engineered” to reveal passenger names and trip pick up and drop location information.

Everyone understands the TLC’s need to regulate FHVs and that mobile apps are increasingly the mechanisms that govern these services. FPF in particular has been a strong proponent of smart city initiatives, and using trip data to optimize traffic flows, improve the environment, and advance safety.

Nonetheless, we urge the TLC to seriously consider the privacy challenges posed by its proposal. Our letter encourages the Commission to engage in a more in-depth consultative process with privacy experts, organizations and the public in order to determine how to achieve TLC’s goals to guide FHV apps without unnecessarily placing passengers’ privacy at risk. The full letter is available to read here.

A Historical Primer on Section 215 Bulk Collection

Over on the IAPP’s Privacy Tracker blog, FPF Senior Fellow explains how the past week has seen two significant events concerning Section 215 of the USA PATRIOT Act. First, on May 7, the Second Circuit ruled that “the telephone metadata program exceeds the scope of what Congress has authorized and therefore violates” Section 215. And yesterday, the House of Representatives approved the USA FREEDOM Act by 338-88, which could limit by statute collection of domestic telephone metadata and other records under Section 215. According to Swire, this week’s activities will have potential important effects in the long term on surveillance policy.