FPF Comments on NHTSA’s Federal Automated Vehicles Policy
FPF Comments on NHTSA’s Federal Automated Vehicles Policy
Today, the Future of Privacy Forum (FPF) submitted comments regarding the Department of Transportation’s National Highway Traffic Safety Administration Request for Comment on the Federal Automated Vehicles Policy guidance published in the Federal Register on September 23, 2016.
FPF commended NHTSA for their forward-looking Federal Automated Vehicles Policy guidance and its acknowledgement that privacy will play a key role in promoting trust in connected vehicles. FPF believes that the Guidance and its emphasis on privacy is an important first step in building that trust.
Automated vehicle technologies hold tremendous potential to transform the safety and convenience of the vehicles in which we ride. According to NHTSA’s research, a full 94 percent of the 35,092 fatalities in U.S. motor vehicle accidents last year could be attributed to human error. NHTSA is right to recognize that evolving technologies can reduce the number of accidents on our roads, and also have the potential to increase mobility for the elderly and Americans with disabilities who may be constrained from driving altogether. FPF applauds NHTSA for releasing guidance that will create guidelines that enable these technologies to enter the market, while retaining the flexibility necessary for them to evolve and improve along the way.
Some safety technologies under development may hinge on the ability of cars to detect and understand what is around them better than a human driver. In addition, decisions that were previously manual or mechanized may now be algorithmic, relying on data inputs collected from each of the many new kinds of sensors and computing being built into vehicles.
As we welcome these new technologies, it is critical that at the front-end of the connected car revolution, we build responsible data practices into connected cars—just as we have in other new and unfamiliar technologies that have disrupted other sectors. Being optimistic about the benefits of new data uses does not mean we need to be naive about the risks. As highly automated vehicles develop and as we better understand the nature of the data and what is needed for these vehicles to operate, we also need to be sensitive to the privacy concerns that develop.
But it is nearly impossible today to anticipate today the full range of the privacy questions or concerns that will arise given the diversity of technologies, uses, and models being considered today, and those we can not yet imagine. This is especially true as these new technologies begin to transform the relationship of consumers to vehicles altogether, such as through fleet-based and other models.
As these policies do advance, it will be critical to ensure alignment between Federal, State, and self-regulatory guidance for the automated vehicle ecosystem. Consistency between federal, state, and self-regulatory regimes in this space are critical given that automotive companies design systems at a national and global level. Patchwork legislation could impede interoperability or render vehicles incapable of driving across state lines. Instead, NHTSA should encourage states to follow NHTSA’s example in issuing guidance that can be easily updated in light of rapidly evolving technology, rather than adopting this guidance as law at this time.
Privacy Papers 2016: Spotlight on the Winning Authors
Today, FPF announced the winners of the 7th Annual Privacy Papers for Policymakers (PPPM) Award. This Award recognizes leading privacy scholarship that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad.
From a record number of nominated privacy-related papers published in the last year, five were selected by Finalist Judges, after having been first evaluated highly by a diverse team of academics, advocates, and industry privacy professionals from FPF’s Advisory Board. Finalist Judges and Reviewers agreed that these papers demonstrate a thoughtful analysis of emerging issues and propose new means of analysis that can lead to real-world policy impact, making them “must-read” privacy scholarship for policymakers.
by Jennifer Daskal, Associate Professor, American University Washington College of Law
Jennifer Daskal is an Associate Professor of Law at American University Washington College of Law. She teaches and writes in the fields of criminal law, national security law, and constitutional law. From 2009-2011, Daskal was counsel to the Assistant Attorney General for National Security at the Department of Justice and, among other things, served on the Secretary of Defense and Attorney General-led Detention Policy Task Force. Prior to joining DOJ, she was the senior counterterrorism counsel at Human Rights Watch, worked as a staff attorney for the Public Defender Service for the District of Columbia, and clerked for the Honorable Jed S. Rakoff. She spent two years before joining WCL’s faculty as a national security law fellow and adjunct professor at Georgetown Law Center.
Daskal is a graduate of Brown University, Harvard Law School, and Cambridge University, where she was a Marshall Scholar. Recent publications include The Un-Territoriality of Data, 326 Yale L.J. 326 (2015); Pre-Crime Restraints: The Explosion of Targeted, Non-Custodial Prevention, 99 Cornell L. Rev. 327 (2014); After the AUMF, 5 Harvard Nat’l Sec. L. J. 115 (2014) (co-authored with Steve Vladeck); and The Geography of the Battlefield: A Framework for Detention and Targeting Outside the ‘Hot’ Conflict Zone, 171 Penn. L. Rev. 1165 (2013). Daskal has published op-eds in the New York Times, Washington Post, International Herald Tribune, L.A. Times, and Salon.com, and she has appeared on BBC, C-Span, CNN, MSNBC, and NPR, among other media outlets. She is an Executive Editor of and regular contributor to the Just Security blog.
by Joshua A. Kroll, Engineer, Security Team, Cloudflare; Joanna Huey, Princeton University; Solon Barocas, Princeton University; Edward W. Felten, Princeton University; Joel R. Reidenberg, Stanley D. and Nikki Waxberg Chair in Law, Fordham University School of Law; David G. Robinson, Upturn; and Harlan Yu, Upturn
Joshua Kroll is an Engineer working on cryptography and Internet security at the web performance and security company Cloudflare. He is also an affiliate of the Center for Information Technology Policy at Princeton University, where he studies the relationship between computer systems and human governance of those systems, with a special focus on accountability. His previous work spans cryptography, software security, formal methods, Bitcoin, and cybersecurity policy. He holds a PhD in Computer Science from Princeton University, where he received the National Science Foundation Graduate Research Fellowship in 2011.
by Danielle Keats Citron, Professor of Law, University of Maryland Carey School of Law
Danielle Keats Citron is the Morton & Sophia Macht Professor of Law at the University of Maryland Francis King Carey School of Law. Her work focuses on information privacy, cyber law, automated systems, and civil rights. She received the 2005 “Teacher of the Year” award.
Professor Citron is the author of Hate Crimes in Cyberspace (Harvard University Press 2014). Cosmopolitan and Harper’s Bazaar nominated her book as one of the “Top 20 Best Moments for Women” in 2014; Boston University Law Review held an online symposium on her book in 2015. Her current work focuses on the privacy policymaking of state attorneys general. Professor Citron’s scholarship has appeared, or is forthcoming, in Boston University Law Review (twice), California Law Review, George Washington Law Review, Hastings Law Journal, Michigan Law Review (twice), Minnesota Law Review, Notre Dame Law Review, Southern California Law Review, Washington University Law Review, Washington Law Review (twice), Washington & Lee Law Review, U.C. Davis Law Review, and others. Her opinion pieces have been featured in The Atlantic, New York Times, TIME, CNN, Guardian UK, New Scientist, and Slate. She has appeared on National Public Radio, HBO’s John Oliver Show and the New York Times video series. She is a technology contributor at Forbes.com and a member of Concurring Opinions.
by Kirsten Martin, Assistant Professor of Strategic Management & Public Policy, George Washington University School of Business; and Helen Nissenbaum, Professor, Media, Culture, and Communication & Computer Science, New York University
Kirsten Martin is an assistant professor of strategic management & public policy at the George Washington University’s School of Business. She is the principle investigator on a three-year grant from the National Science Foundation to study online privacy. Martin is also a member of the advisory board of the Future Privacy Forum and the Census Bureau’s National Advisory Committee for her work on privacy and the ethics of “big data.” Martin has published academic papers in Journal of Business Ethics, First Monday, Business and Professional Ethics Journal, and Ethics and Information Technology and is co-author of the textbook Business Ethics: A managerial approach. She has written teaching cases for the Business Roundtable Institute for Corporate Ethics including cases on Google in China as well as Bailouts and Bonuses on the financial crisis. She is regularly asked to speak on privacy and the ethics of big data.
Martin earned her BS in engineering from the University of Michigan and her MBA and PhD from the University of Virginia’s Darden Graduate School of Business. Her research interests center on online privacy, corporate responsibility, and stakeholder theory.
Before beginning her academic career, Martin worked at Sprint Telecommunications developing corporate strategy and Internet solutions. She also provided information system consulting services for Anderson Consulting (currently Accenture) to clients in the coal, pharmaceutical, telecommunication, and oil and gas industries.
Helen Nissenbaum is Professor of Media, Culture, and Communication, and Computer Science, at New York University, where she is also Director of the Information Law Institute. Her eight books include Obfuscation: A User’s Guide for Privacy and Protest, with Finn Brunton (MIT Press, 2015), Values at Play in Digital Games, with Mary Flanagan (MIT Press, 2014), and Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford, 2010). Her research has been published in journals of philosophy, politics, law, media studies, information studies, and computer science. Grants from the National Science Foundation, Air Force Office of Scientific Research, and the U.S. Department of Health and Human Services Office of the National Coordinator have supported her work on privacy, trust online, and security, as well as studies of values embodied in design, search engines, digital games, facial recognition technology, and health information systems.
Recipient of the 2014 Barwise Prize of the American Philosophical Association, Prof. Nissenbaum has contributed to privacy-enhancing software, including TrackMeNot (for protecting against profiling based on Web search) and AdNauseam (protecting against profiling based on ad clicks). Both are free and freely available.
Nissenbaum holds a Ph.D. in philosophy from Stanford University and a B.A. (Hons) from the University of the Witwatersrand. Before joining the faculty at NYU, she served as Associate Director of the Center for Human Values at Princeton University.
Risk and Anxiety: A Theory of Data Breach Harms
(Full paper available pending publication)
by Daniel Solove, Professor of Law, George Washington University Law School; and Danielle Citron, Professor of Law, University of Maryland Carey School of Law
Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, schools, healthcare institutions, and other organizations. An internationally-known expert in privacy law, Solove has been interviewed and quoted by the media in several hundred articles and broadcasts, including the New York Times, Washington Post, Wall Street Journal, USA Today, Chicago Tribune, the Associated Press, ABC, CBS, NBC, CNN, and NPR.
He has written numerous books including Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011), Understanding Privacy (2008), The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale 2007), and The Digital Person: Technology and Privacy in the Information Age (NYU 2004). He has also written several textbooks including Information Privacy Law (Aspen, 5th ed. 2015), Privacy Law Fundamentals (IAPP, 3d ed. 2015), Privacy and the Media (Aspen, 2d ed. 2015), Privacy, Law Enforcement, and National Security (Aspen, 1st ed. 2015), Consumer Privacy and Data Protection (Aspen, 1st ed. 2015), and Privacy, Information, and Technology (Aspen Publishing, 3rd ed. 2012). All of these books were co-authored with Paul M. Schwartz.
Additionally, Professor Solove has written more than 50 law review articles in the Harvard Law Review, Yale Law Journal, Stanford Law Review, Columbia Law Review, NYU Law Review, Michigan Law Review, U. Pennsylvania Law Review, U. Chicago Law Review, California Law Review, Duke Law Journal, and many others. He has also written shorter works for Wired, Scientific American, the Washington Post, and several other magazines and periodicals.
Danielle Keats Citron is the Morton & Sophia Macht Professor of Law at the University of Maryland Francis King Carey School of Law. Her work focuses on information privacy, cyber law, automated systems, and civil rights. She received the 2005 “Teacher of the Year” award.
Professor Citron is the author of Hate Crimes in Cyberspace (Harvard University Press 2014). Cosmopolitan and Harper’s Bazaar nominated her book as one of the “Top 20 Best Moments for Women” in 2014; Boston University Law Review held an online symposium on her book in 2015. Her current work focuses on the privacy policymaking of state attorneys general. Professor Citron’s scholarship has appeared, or is forthcoming, in Boston University Law Review (twice), California Law Review, George Washington Law Review, Hastings Law Journal, Michigan Law Review (twice), Minnesota Law Review, Notre Dame Law Review, Southern California Law Review, Washington University Law Review, Washington Law Review (twice), Washington & Lee Law Review, U.C. Davis Law Review, and others. Her opinion pieces have been featured in The Atlantic, New York Times, TIME, CNN, Guardian UK, New Scientist, and Slate. She has appeared on National Public Radio, HBO’s John Oliver Show and the New York Times video series. She is a technology contributor at Forbes.com and a member of Concurring Opinions.
The Finalist Judges also selected four papers for Honorable Mention on the basis of their uniformly strong reviews from the Advisory Board.
Ambiguity in Privacy Policies and the Impact of Regulation, by Professors Joel Reidenberg, Fordham University School of Law, Jaspreet Bhatia, Carnegie Mellon University, Travis Breaux, Carnegie Mellon University, and Thomas B. Norton, Fordham University
The winning authors have been invited to join FPF and Honorary Co-Hosts Senator Edward J. Markey, Congressman Joe Barton, and Congresswoman Diana DeGette, to present their work at the U.S. Senate with policymakers, academics, and industry privacy professionals. This annual event will be held on January 11, 2017, the day before the Federal Trade Commission’s PrivacyCon. FPF will subsequently publish a printed digest of summaries of the winning papers for distribution to policymakers, privacy professionals, and the public. To RSVP, please visit privacypapers.eventbrite.com.
This Year's Five Must-Read Privacy Papers: The Future of Privacy Forum Announces Recipients of Annual Privacy Award
FOR IMMEDIATE RELEASE
November 16, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
This Year’s Five Must-Read Privacy Papers: The Future of Privacy Forum Announces Recipients of Annual Privacy Award
Washington, DC – Today, the Future of Privacy Forum (FPF) announced the winners of the 7th Annual Privacy Papers for Policymakers (PPPM) Award. The PPPM Award recognizes leading privacy scholarship that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad. The winners of the 2017 PPPM Award are:
Accountable Algorithms, by Joshua A. Kroll, Engineer, Security Team, Cloudflare; Joanna Huey, Princeton University; Solon Barocas, Princeton University; Edward W. Felten, Princeton University; Joel R. Reidenberg, Stanley D. and Nikki Waxberg Chair in Law, Fordham University School of Law; David G. Robinson, Upturn; and Harlan Yu, Upturn
Privacy of Public Data, by Kirsten Martin, Assistant Professor of Strategic Management & Public Policy, George Washington University School of Business; and Helen Nissenbaum, Professor, Media, Culture, and Communication & Computer Science, New York University
Risk and Anxiety: A Theory of Data Breach Harms, by Daniel Solove, Professor of Law, George Washington University Law School; and Danielle Citron, Professor of Law, University of Maryland Carey School of Law
From a record number of nominated privacy-related papers published in the last year, these five were selected by Finalist Judges, after having been first evaluated highly by a diverse team of academics, advocates, and industry privacy professionals from FPF’s Advisory Board. Finalist Judges and Reviewers agreed that these papers demonstrate a thoughtful analysis of emerging issues and propose new means of analysis that can lead to real-world policy impact, making them “must-read” privacy scholarship for policymakers.
The Finalist Judges also selected four papers for Honorable Mention: Biometric Cyberintelligence, by Professor Margaret Hu, Washington & Lee University School of Law; Ambiguity in Privacy Policies and the Impact of Regulation, by Professors Joel Reidenberg, Fordham University School of Law, Jaspreet Bhatia, Carnegie Mellon University, Travis Breaux, Carnegie Mellon University, and Thomas B. Norton, Fordham University; Data Driven Discrimination at Work, by Professor Pauline Kim, Washington University in Saint Louis School of Law; and Friending the Privacy Regulators, by Professor William McGeveran, University of Minnesota Law School.
“Policymakers are grappling with privacy issues that are more sophisticated than ever, and academic scholarship can provide a much-needed source of innovative thinking and new ideas,” said Jules Polonetsky, FPF’s CEO. “Through this Award, we aim to bring the very best of academic privacy scholarship to the people who are crafting real-world policy. These are the ‘must-reads’ for any well-informed policymaker who wants to make a difference in privacy.”
The winning authors have been invited to join FPF and Honorary Co-Hosts Senator Edward J. Markey and Congressman Joe Barton and Congresswoman Diana DeGette, Co-Chairs of the Congressional Bi-Partisan Privacy Caucus,to present their work at the U.S. Senate with policymakers, academics, and industry privacy professionals. This annual event will be held on January 11, 2017, the day before the Federal Trade Commission’s PrivacyCon. FPF will subsequently publish a printed digest of summaries of the winning papers for distribution to policymakers, privacy professionals, and the public.
PPPM is free, open to the general public, and widely attended. To RSVP, please visit privacypapers.eventbrite.com.
###
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
Advisory Board Reviewers for PPPM 2016
Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad. The Award showcases work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
Winning Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals. This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
FPF would like to extend a special Thank You to our 2016 Advisory Board Reviewers, including:
Projjol Banerjea, zeotap
Eduard Bartholme, Call For Action
Allison Cohen, Toyota
Heather Federman, Macy’s
Olga Garcia-Kaplan, Novitex Enterprise Solutions
Lauren Gelman, BlurryEdge Strategies
Rita Heimes, International Association of Privacy Professionals (IAPP)
Mike Hintze, Hintze Law
Sarah Holland, Google
Susan Israel, Loeb & Loeb LLP
Manoj Lamba, ClassDojo
David Medine, Consultative Group to Assist the Poor
Catherine Tucker, MIT Sloan School of Management
Susannah Wesley, Edelman
Heather West, Mozilla
Michael Zimmer, UW-Milwaukee School of Information Studies
Thank you for all your hard work!
Spotlight on PPPM Judges
This week, the Future of Privacy Forum (FPF) will announce the winners of the 2016 Privacy Papers for Policymakers Award. Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad.
The goal of the Award is to advance academic-industry collaboration in support of the National Privacy Research Strategyby showcasing work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
How are PPPM papers chosen?
Papers are identified via our annual Call for Nominations, as well as from leading privacy research centers and submissions to the Privacy Law Scholars Conference (with authors’ permission).
Submissions receive an initial ranking from a diverse team of academics, consumer advocates, and industry privacy professionals from the FPF Advisory Board, with each submission being evaluated in the categories of: (1) Originality; (2) Applicability to policymaking; and (3) Overall quality of writing.
Finally, winners are selected by a panel of Finalist Judges who select the scholarship they feel should receive the Privacy Papers for Policymakers Award. Winning scholarship represents the “must-read” privacy papers of the year for policymakers. Leading Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals.
This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
Finalist Judges:
Our Finalist Judges for 2016 include representatives from FPF, as well as one representative from each of our three audiences: Academia, Industry Privacy Professionals, and Consumer Advocates.
Judges include Jules Polonetsky, CEO, Future of Privacy Forum; Christopher Wolf, Founder and Board Chair, Future of Privacy Forum; Mary Culnan, Professor Emeritus, Bentley University, and Board Vice President, Future of Privacy Forum; Virginia Lee, Director – Global Privacy, Starbucks; and John Breyault, Vice President of Public Policy, Telecommunications and Fraud, National Consumers League.
More on our PPPM Judges:
Jules Polonetsky
CEO, Future of Privacy Forum
Jules serves as CEO of the Future of Privacy Forum. Jules previous roles have included serving as Chief Privacy Officer at AOL and before that at DoubleClick, as Consumer Affairs Commissioner for New York City, as an elected New York State Legislator and as a congressional staffer, and as an attorney. Jules serves on the Advisory Board of the Center for Copyright Information. He has served on the boards of a number of privacy and consumer protection organizations including TRUSTe, the International Association of Privacy Professionals, and the Network Advertising Initiative. From 2011-2012, Jules served on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. In 2001, Crain’s NY Business magazine named Jules one of the top technology leaders in New York City. Jules is a regular speaker at privacy and technology events and has testified or presented before Congressional committees and the Federal Trade Commission.
Mary Culnan
Professor Emeritus, Bentley University
Vice President, Future of Privacy Forum Board of Directors
Dr. Mary J. Culnan is Professor Emeritus at Bentley University. She also serves as a Senior Research Fellow in the Center for IT and the Global Economy (CITGE) at the Kogod School of Business, American University. Mary has testified before Congress, the Massachusetts Senate, and other government agencies on a range of privacy issues. Mary’s primary research interest is governance of privacy and security. She has also conducted research on how organizations can gain value from social media. Mary’s work has been published in a range of academic journals as well as the New York Times, the Washington Post and the Wall Street Journal. Mary was employed for seven years as a systems analyst by the Burroughs Corporation prior to earning her Ph.D. in management from UCLA. Before joining the faculty at Bentley in fall 2000, she held faculty positions at the University of Virginia, University of California, Berkeley, the American University and Georgetown University.
Christopher Wolf
Founder and Board Chair, Future of Privacy Forum
Christopher Wolf is the founder and Board Chair of the Future of Privacy Forum. Chris is also a senior partner in the Washington, DC office of Hogan Lovells LLP, where he is a leader of that firm’s Privacy and Information Management practice. He has been in private law practice in Washington, DC since 1982. Chris has served as an adjunct law professor on Internet and privacy law, and is a frequent lecturer in continuing legal education programs on the subject.
MSNBC called Chris Wolf a “pioneer in Internet law”, reflecting his involvement in some of the earliest and precedent setting cases involving technology agreements, copyright, domain names, jurisdiction — and privacy. As the ability to collect, store, share and transfer personal information over the Internet increased, privacy became the main focus of Chris’ law practice. And Chris became known as a pioneer in privacy law too. It was for that reason that the prestigious Practising Law Institute (PLI) tapped Chris to be Editor and Lead Author of its first-ever treatise on privacy law. He also is co-editor of the PLI book, “A Practical Guide to the Red Flag Rules”, the identity theft prevention regulations issued by the FTC and financial regulators.
John Breyault
Vice President of Public Policy, Telecommunications and Fraud, National Consumers League
John joined the National Consumers League — America’s oldest consumer organization — in September 2008. His focus at NCL is advocating for stronger consumer and worker protections before Congress and federal agencies on a range of issues including telecommunications and technology policy, fraud, and consumer financial protections. In addition, John directs NCL’s Fraud Center an online hub for consumer education and advocacy related to fraud.
Prior to coming to NCL, John was Research Director at the Telecommunications Research and Action Center (TRAC), a non-profit consumer organization dedicated to promoting the interests of telecommunications consumers. Concurrent with his work at TRAC, John was Director of Research at Amplify Public Affairs (APA) where he helped launch the firm’s Web 2.0-based public affairs practice.
Prior to joining APA, John worked at Sprint in its International Carrier Services Division, at BellSouth in its Government Affairs office and at the American Center for Polish Culture. John has served on numerous Boards and advisory committees including the Federal Communications Commission’s Consumer Advisory Committee, the Commodity Futures Trading Commission’s Technology Advisory Committee and the Board of the Arlington-Alexandria Coalition for the Homeless.
Virginia “Ginny” Lee
Director – Global Privacy, Starbucks
Ginny Lee has worked in the high tech industry for over twenty years. Currently, she is Director – Global Privacy at Starbucks. Prior to this, she was Sr. Attorney – Privacy/Security at Intel Corporation and responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design”. Prior to Intel, Ginny was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Ginny also ran a boutique law practice focused on privacy and intellectual property law. She has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. In addition to her legal experience, Ginny has held positions in engineering and product management and technical support.
Ginny holds a BA in Applied Mathematics from the University of Maine, a MBA from the University of New Hampshire, and a JD from the University Of Maine School Of Law. Ginny is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G) and Manager (CIPM). She is admitted to practice in Maine, Washington and Oregon and is a registered patent attorney.
Thank you to our 2016-17 PPPM Finalist Judges!
Georgetown – FPF: Valuable Partnership and Talent Channel
This August, Stacey Gray was promoted to the position of Policy Counsel at the Future of Privacy Forum (FPF). In this role, she covers Location & Ad Tracking, Big Data, and the Internet of Things. Stacey stays on top of developments in the space, like the new iOS Limit Ad Tracking Feature, and facilitates monthly working group meetings. She has also taken the lead on the highly anticipated Privacy Papers for Policymakers (PPPM) event, and has lent her extensive expertise to events like the 2016 Place Conference.
Stacey first came to FPF as a fellow from Georgetown University Law Center in August 2015, continuing a tradition of Georgetown graduates working fellowships at FPF. Each of the last three years, FPF has taken a top Georgetown student and immersed them in the world of privacy. FPF fellows collaborate with advocates, academics, and companies and handle projects that lead to best practices, white papers, codes of conduct, and the like.
Other FPF fellows to come from Georgetown include Sarah Gordon (September 2013-August 2014), who has worked for Zillow as a Corporate Counsel since her fellowship ended, and Stephany Fan (September 2014-May 2015), who went on to work at Morgan Lewis & Bockius LLP as an Associate.
When Stacey was a fellow, she worked on consumer privacy issues, work that she has continued as a Policy Counsel. “My background is in civil rights,” Stacey said. “As a result, I became interested in privacy through my academic focus on the Fourth Amendment.”
Stacey feels that FPF presents an unusual opportunity. “What strikes me as different about working here is the extent to which our work relies on nuance and technical expertise,” she said. “FPF is not as concerned with ‘taking a position’ as we are with getting to the right answers to important questions. This often means considering all sides of crucial debates, even when they are not necessarily about privacy at all, but about ethics, fairness or discrimination. It also means that among our policy staff we are constantly pushing each other to better understand the issues and engage intellectually with the underlying ideas.”
Stacey says that this has made her experience at FPF “tremendously challenging and rewarding.” Now, Stacey serves as a mentor for our newest fellow from Georgetown, Carolina Alonso. Carolina joined us in September, and has been working on the Student Privacy Pledge, as well as several projects related to kids and the connected home. This includes a joint paper with the Family Online Safety Institute (FOSI), set to be released in December. Carolina also works closely with Stacey on Ad Tech.
Carolina, who grew up in Silicon Valley, and has interned with organizations like Facebook and Yahoo, says FPF is a unique place. “When you join FPF, they expect that you are going to be the expert,” Carolina said. “This is different from school. Everything we do here has a real purpose and a real audience.”
Like Stacey, Carolina feels that her fellowship at FPF has been a valuable experience. “People here are very approachable and friendly. That makes Georgetown-FPF a great partnership.”
We agree. FPF has been fortunate to have a stream of high-level young talent, and we enjoy helping recent graduates build a solid foundation in the privacy field.
She explained that the colloquial term “always on” is often not an effective way to describe the range of technologies that use audio and video recording hardware. Instead, three general categories of microphone-enabled devices are proposed: (1) manually activated (requiring a press of a button, a flip of a switch, or other intentional physical action); (2) speech activated (requiring a spoken “wake phrase”); and (3) always on devices (devices, such as home security cameras, that are designed to constantly transmit data, including devices that “buffer” to allow the user to capture only the most recent period of time).
Seven Basic Security Checks for Evaluating Educational Platforms
FPF has produced a checklist to assist parents and schools in considering the “basics” of security standards on new ed tech products and services they may be considering or using. In on-line security, there is unfortunately no “one size fits all” solution, but with so many products and services available, this checklist is designed to provide some initial key triggers of areas that either meet a basic threshold, or might serve as discussion points for further review with the company involved.
Evaluating security standards on any particular product, site, or service can be challenging, and unlike privacy policies, there’s often no “security policy” in one location to review. People who are not security specialists may have a hard time knowing where to start. This checklist is designed for those who have some familiarity with computers, but are not security or technical specialists, to be able to do some simple tests to see what protections are in place, and help guide their discussion with the company for a more in-depth understanding.
The Seven Steps include:
Look for an Encrypted Connection
Ensure That Applications Use TLS Between Email Servers
Ensure That URLs Do Not Contain Sensitive Information
Ensure Sensitive Information Is Not Stored in the Cache or Browser History
Ensure That Passwords Are Protected
Ensure That the Login and Password Recovery Mechanisms Do Not Reveal Unnecessary Information (e.g. the Existence of an Account)
Be Watchful for “Information Leakage”
For each step, we’ve provided a step-by-step process to evaluate the topic area, and additional security resources are also identified for those looking for more detailed guidance. As the checklist says, it does not answer all questions for all situations. A company who complied with all these steps might still have security concerns; a company that does not do every step may still have quite sufficient security in place. We hope this checklist – which can be used as a companion to our Quick Security Tips for Ed Tech Vendors – will simply prove to be a useful resource for schools and parents who want to make an initial review of a product or service and it’s security protections.
FPF Guide to Student Data Protections Under SOPIPA: For K-12 School Administrators and Ed Tech Vendors
Co-written with education privacy experts Linnette Attai of PlayWell LLC, Amelia Vance of the National Association of State Boards of Education, and David B. Rubin, Esq., this document provides an in-depth analysis for ed tech companies. In particular, we examine the definitions and unique requirements of the California Student Online Personal Information Protection Act (SOPIPA). Topics include:
Who Must Comply?
What is “Actual Knowledge”?7
What are “K-12 School Purposes”?
What Information Is Protected Under SOPIPA (“Covered Information”)
Specific Requirements of SOPIPA for Ed Tech Vendors
What is Targeted Advertising?
When Can an Operator Disclose Covered Information?
How Can Operators Use Student Information?
SOPIPA Rights for Students
SOPIPA was the first state law to comprehensively address student privacy. It became effective January 1, 2016 and applies to websites, applications, and online services that provide programs or services for K-12 students. SOPIPA applies to operators (as defined in the statute) that collect covered information from students in the state of California. This guide provides general information, not legal advice, and following the recommendations or tips within does not guarantee compliance with any particular law.
SOPIPA is important because most education technology companies do business with California schools, and because it became a template for similar statutes around the country. Our goal is to clearly explain what companies and information is covered, and what the law does (or doesn’t) require. This may be useful for companies and schools operating in California now, and also may prove helpful to policymakers in those states who may still be considering updates to their student privacy laws, and are considering whether to follow the California model.
On November 4, 2016, the California AG’s Director of Privacy Education and Policy released their document: Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data. This is valuable information for vendor’s use on the state’s view of the requirements of the law. However, these are non-binding recommendations, and do not definitively address all the areas of the law that will have to be addressed by vendors operating in California schools. Our detailed guide provides a useful companion tool for vendors to make informed decisions about their privacy policies and practices when operating in California schools.
FPF Hires New Policy Counsel – Amelia Vance
We are thrilled to welcome Amelia Vance to Future of Privacy Forum (FPF) as of November 7, 2016, as Policy Counsel. In this position, Amelia will lead FPF’s work to ensure the responsible use of student data and education technology in schools, helping educators with resources and information, and seeking inputs from all stakeholders to ensure students succeed.
Amelia came to us from her role as the Director of the Education Data & Technology Project at the National Association of State Boards of Education (NASBE). In that capacity, she tracked and provided comments on state and federal legislation, provided technical assistance to over 30 states, spoke at events with attendance ranging from 10 to 800 people, provided guidance on the nuances of student privacy law to most major education organizations, and wrote op-eds, short pieces, and longer reports, including “Policymaking on Education Data Privacy: Lessons Learned” and “School Surveillance: The Consequences for Equity and Privacy.”
Amelia is a member of the Virginia State Bar, the International Association of Privacy Professionals, the American Constitution Society, and is a board member of the Virginia Equality Bar Association. She is a graduate of McDaniel College and William & Mary Law School.
We are delighted to have Amelia on board as FPF continues to grow its impact within the public policy discussion on the responsible use of student data and education technology. For inputs or questions, please contact Amelia at [email protected].
