Privacy to Enable “Drones for Good”

In her recent blog, Paula J. Bruening, Senior Counsel for Global Privacy Policy, Intel, highlights the work of the National Telecommunications and Information Administration multi-stakeholder working group and the best practices it released on drone privacy, transparency, and accountability, especially as it enables the deployment of drones for purposes that will benefit society.

READ

Lauren Smith Featured on WXYZ-TV

On July 21, 2016, FPF Policy Counsel, Lauren Smith, was featured on WXYZ-TV (ABC 7 Detroit) to discuss connected cars and data collection. Lauren explains:

“Some of the information may be going to the manufacturer, some may be staying locally on the car, some may be going to your insurance company if you’ve selected that, some may be going to some technology you’ve opted into. So we’re trying to clarify for consumers what kind of information your car may collect and where the information is being sent.”

WATCH

Privacy Shield: Essentially Equivalent

FPF Advisory Board Member, Cameron F. Kerry, Senior Counsel, Sidley Austin LLP, and Maarten Meulenbelt, Partner, Sidley Austin LLP, published Privacy Shield: Essentially Equivalent, on July 14, 2016. The paper discusses how the Privacy Shield fulfills EU legal requirements. The authors explain:

“The Privacy Shield requirements far surpass those under Safe Harbour and ensure that EU residents whose data is transferred to the US receive protection essentially equivalent to what they receive in the EU.”

READ

Kids, Connected Toys and Devices, and Privacy

At FPF, we recognize the benefits that connected home technologies can provide to individuals, families, and kids.  We also know that privacy issues can make or break adoption of connected home tech – particularly questions about whether kids’ privacy and security are sufficiently safeguarded.   Families are using voice controlled devices to search the web, play games, and order products. Kids are playing with dolls that listen and talk, interactive animals, and apps that link toys to digital services.  Parents are using smart home technology to keep their families safe – connected tech can warn of fires or alert parents when a child falls into a backyard pool.

These technologies and many others are generating opportunities for interactive play and education, but also creating new challenges. Toys that can become a child’s closest friend, collect intimate information, and provide advice are raising questions about how to ensure families can make appropriate choices about how data is collected and used.

I think there are 5 key questions we need to answer about kids, connected homes, and privacy.

First: does COPPA apply to connected toys? Yes. Nearly all connected toys connect to online services or interact with apps that do.  This means that they are subject to COPPA protections.

Second: Do connected toys require a legislative update to COPPA because toys often lack screens and keyboards for parents to use to grant parental consent?  No. COPPA requires companies to provide notices and obtain consent from parents when online technologies collect personal data from kids.  Although many connected toys do not have built-in screens, toymakers are able to interact with parents through app-based or web-based interfaces.  And the COPPA rule allows for a range of alternative ways to verify parental permission and gives the FTC leeway to assess new methods as they become technically feasible.

Third: Are general home devices that serve families covered by COPPA? They are not and should not be. General purpose home devices like alarm systems, security cameras, smart TVs and home assistants are not targeted at children and don’t have actual knowledge of personal information about children.  Today, connected devices aren’t able to distinguish between an adult and a child.   This is similar to general purpose websites, search engines and other services that serve families – COPPA was designed to avoid placing its burdens on all users interacting with a service, simply because some children are using it.  The services that can understand speech are relying on speech recognition, not unique voice recognition, as we explain in a recent FPF whitepaper.

Fourth: Do parents have appropriate controls in light of kids’ interactions with the connected home? Sometimes they do, sometime they do not.  Law is a blunt tool, offering binary choices, on or off, legal or illegal.  But, as connected devices are becoming more integrated in our lives, parents must be able to have nuanced options to aid in their decision making.  More sophisticated and more usable design is going to be needed to help us manage the increasing number of options.  Carnegie Mellon’s Norman Sadeh and his team point the way to what is possible, with an app that uses artificial intelligence to learn what a user wants and then makes the hundreds of choices needed to fully configure the privacy options on a typical smartphone.

We will need technology and policy that allows parents to make choices consistent with their goals and values and that recognizes that not every household looks the same.  In some households, the child is the only English speaker, an elderly grandparent is the primary caregiver, no one has a credit card needed for age verification and the service needed is increasingly essential for school, work or play.

Finally: Are all connected home products sufficiently secure? No. Many digital devices have security vulnerabilities, and connected home systems are no different.  Does COPPA’s security requirement provide an adequate incentive for companies to work hard to provide reasonable security? Starting August 1, 2016, the maximum civil penalty for violating COPPA will more than double from $16,000 to $40,000 per violation. A violation is defined as each child an operator collects personal information from in violation of COPPA.  A connected toy directed at children under 13 with only 1000 users would face a potential civil penalty of as much as $40,000,000.  The FTC has super hero powers here – but it will take more than penalties.  Getting home security right requires education of device makers, software providers, home routers, and consumers who end up configuring these items.  Too hard to set up or use, the consumer turns the security off. Too easy, the hacker gets in.  The research needed to ensure useable security must be a priority.

We aren’t just thinking about toys and entertainment when we talk smart home. We are talking about inclusion of people with disabilities, the elderly, the underprivileged.  We are talking safety and education and health.

Some examples:

And of course people are familiar with the Nest and its money saving, environmental and safety benefits. For people with mobility-related disabilities, smart home technology allows users to control things in the home that can be physically challenging to access such as lights, door locks, or security systems.

It is true that these services are collecting detailed information about our day-to-day activities within our most private places, our homes.  But it is important not to lose sight of the fact that for adults and for kids, many of these smart devices are critical for health and wellness and security and sometimes just for fun.

Podcast: Lauren Smith Speaks with Bloomberg Law

Lauren Smith, Policy Counsel, spoke with Bloomberg Law today about connected cars and the legal implications of data collection. Lauren discussed the importance of privacy and highlighted many principles that are covered in the our report, “The Connected Car and Privacy: Navigating New Data Issues.” You can listen to the interview beginning at 5:50.

LISTEN

 

Big Data and Elections

Brenda Leong, FPF Senior Counsel and Director of Operations, contributed to a story in CSO about big data and elections. She explained:

Big data analytics offers, “great new ways to engage with voters on the things that really matter to them, which results in more motivated, and hopefully better informed, participants in the electoral process, and likely higher turnouts on election day.”

“Every campaign needs to treat security and privacy needs seriously, and have meaningful training for workers. We strongly recommend that every campaign have a chief privacy officer to monitor just these issues,” she said.

Read the full article in CSO

Future of Privacy Forum Statement Regarding Finalization of the US-EU Privacy Shield Agreement

In response to today’s finalization of the US-EU Privacy Shield agreement, FPF CEO Jules Polonetsky issued the following statement:

“Today’s finalization of the US-EU Privacy Shield agreement preserves an important data transfer mechanism that is supported by robust privacy safeguards. But for the long term EU-US relationship, it is important to see Privacy Shield as the beginning of a process, not the end.  Data flows between the US and EU economies and the services used by individuals across the Atlantic are too important to be strained by constant uncertainty.  It will be essential for companies, policymakers, regulators and civil society to build on the legal documents by seeking ongoing efforts to build trust and support responsible data practices.”

EU Approves Privacy Shield: The Agreement Will Benefit Companies and Individuals in the US and Europe

Today, EU member states strongly supported finalization of the EU-US Privacy Shield, a renewed framework for transatlantic data flows that replaces the EU-US Safe Harbor arrangement.  The Privacy Shield agreement enables member companies to transfer data between the EU and US, subject to privacy safeguards and commitments.

“Approving the Privacy Shield preserves a key legal mechanism for EU-US data flows,” stated FPF Vice President of Policy John Verdi.  “There are, of course, challenges ahead.  Surveillance reform must continue on both sides of the Atlantic.  But today’s approval provides much needed certainty for American companies that rely on the EU-US framework to pay and manage their EU-based employees, as well as for the 150+ EU companies that use the framework to transfer data to US subsidiaries.”

The Safe Harbor agreement was struck down last year amid concerns regarding US government surveillance programs – concerns that were amplified by the 2013 Snowden revelations.  The Privacy Shield approval comes in the wake of surveillance reforms and additional commitments by the US government.  FPF and Professor Peter Swire previously detailed the more than two dozen significant reforms to US surveillance law and practice since 2013. A previous FPF study revealed that Safe Harbor included 152 companies who are headquartered or co-headquartered in European countries, which span across a wide range of industries and countries.

July 20th Event: Kids & The Connected Home

Join us for a discussion on kids, connected toys and devices, and privacy.

The debate over the relationship between children and technology has been heated and complex. Issues ranging from the right amount of screen time, online privacy, safety and security have occupied policymakers, parents, and advocates for quite some time. New technologies such as dolls that listen and talk, interactive teddy bears, smart home devices, virtual reality, and artificial intelligence have intensified the debate. As new types of data are collected, these technologies will generate both opportunities for interactive play and education, but also new challenges.

Security concerns around outsiders accessing children’s information or accessing a parent’s home are already in the news. The nature of dolls and toys that become a child’s best friend – that can discuss intimate information, provide advice, and be a buddy – are raising questions about the right balance. When artificial intelligence enters the mix, the debate will only be intensified.

This talk is free and open to the public though space is limited. Doors open at 9:30 am for networking.

Follow the conversation on Twitter via the hashtag #InternetOfToys and follow @csmpasscode, @FOSI, and @futureofprivacy.

REGISTER

WATCH

WHEN


Wednesday, July 20, 2016 from 10:00 am to 12:00 pm (EDT)

WHERE


Microsoft I & P Center – 901 K Street NW, 11th Floor, Washington, DC 20001

FPF Advisory Board Member William McGeveran Publishes Privacy and Data Protection Law

Privacy and Data Protection LawWe are pleased to share that FPF Advisory Board member William McGeveran published Privacy and Data Protection Law on June 24, 2016. The textbook covers statutory and regulatory structures including FTC enforcement, medical privacy, and the Patriot Act, as well as standard topics like Torts and the Fourth Amendment.

William teaches courses in Data Privacy Law, Internet Law, Trademark Law, Civil Procedure I and II, and Law in Practice at the University of Minnesota Law School. He is an affiliated professor at the School of Journalism and Mass Communications. Order your copy of Privacy and Data Protection Law today!