Good Data Collaborative to Advance Responsible Data Use

FPF is pleased to be working with SIMLab, The Engine Room, and Center for Democracy & Technology on the Good Data Collaborative.

The Good Data Collaborative seeks to identify gaps in resources to assist civil society in using data responsibly through distinct activities: a landscape assessment of existing tools and resources, as well as academic literature; a consultation with key stakeholders and current and potential users of the resources; and a redesigned, central repository of resources to help them address responsible data challenges in their work.

The project will be hosted by the Digital Civil Society Lab at the Stanford Center on Philanthropy and Civil Society.

FPF Joins National Cyber Security Alliance in San Francisco for Data Privacy Day 2017

Held every year on January 28, Data Privacy Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. On January 26, 2017, Jules Polonetsky, FPF’s CEO, joined the National Cyber Security Alliance and many other FPF members and friends at Twitter headquarters for its Data Privacy Day Event 2017.

Leading up to the event, FPF participated in two #ChatSTC #PrivacyAware Twitter chats on January 18 and 25, 2017. The January 18 chat centered around how personal information is being used, collected, and shared. Experts shared tips about how to best manage your privacy online. The purpose of the January 25 chat was to discuss why privacy is good for business and how organizations can create cultures of privacy awareness and educate their consumers about their data use practices.

Data Privacy Day Event 2017 featured livedstreamed panels, TED-style talks, and interviews focusing on the latest privacy issues for consumers and business. FPF participated in several segments including, Privacy and Connected Toys, How to Read a Privacy Policy in Less Than 60 Seconds Even if It Was Written By A Lawyer, and Growing Up Online and the Need for Teaching Privacy in Schools, among others.

Jules was interviewed by Jeff Frick of SiliconANGLE about FPF’s mission to advance principled data practices in support of emerging technologies. Jules discussed FPF’s extensive work on consumer data privacy issues, including many of our recent releases:  Always On: Privacy Implications of Microphone-Enabled Devices2016 Mobile Apps StudyKids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots, and Personal Data In Your Car. You can watch the full interview below.

Related Coverage

Data Privacy Day Stresses Online Safety Tips (The Mercury News), Larry Magid

Data Privacy Day: Will you ever have control of your personal info? (c|net), Laura Hautala

Are you safeguarding your data? Tech leaders talk digital privacy (The Mercury News), Queenie Wong

Twitter gathering: Data protection in forefront (Monterey Herald), Queenie Wong

When a doll rats out a parent: Tech firms struggle with thorny privacy issues (SiliconANGLE), Gabriel Pesek

To learn more about Data Privacy Day, please visit https://staysafeonline.org/data-privacy-day/about.

The 2nd Annual FPF Tech Lab Open House | April 18, 2017 in Washington, DC

The 2nd Annual FPF Tech Lab Open House is an opportunity for us to welcome our members, friends, and colleagues in town for the IAPP Global Privacy Summit. Hosted at our home office in Washington, DC, this event provides a rare occasion for policymakers, regulators, and thought leaders to interact with the latest in privacy-impacting gadgets and new technologies.

Join us on Tuesday, April 18th, from 5:30 -7:30pm at the FPF Office and check out the latest in tech:

– Play with Smart Toys: CognitToys Dino, ChiP Robot, and more

– Outsmart our Smart Home gadgets

– Learn how Wi-Fi and Proximity Sensors can be used to track smartphones in our space

– Come face to face with facial recognition

– Experience virtual reality

– Share fun moments with Snap Spectacles

– And more!

Plus, network with locals and out-of-towners, engage in lively discussions about privacy, all while enjoying drinks and hors d’oeuvres.

Doors open at 5:30 pm; a short program begins at 6:00 pm with remarks from special visiting guests.

By invitation only. Please contact [email protected] for more information.

VIEW PHOTOS

FOR IMMEDIATE RELEASE: FPF and NADA Launch Guide to Consumer Privacy in the Connected Car

FOR IMMEDIATE RELEASE             

January 26, 2017

Contact:

Melanie Bates, Director of Communications, FPF, [email protected]

Jared Allen, Senior Director of Media Relations, NADA, [email protected]

FPF and NADA Launch Guide to Consumer Privacy in the Connected Car 

The Alliance of Automobile Manufacturers, General Motors, Global Automakers, and Toyota support Guide’s efforts to educate consumers about data in today’s cars

Washington, DC – Today, the Future of Privacy Forum (FPF) and the National Automobile Dealers Association (NADA) released a first-of-its kind consumer guide, Personal Data In Your Car. The Guide will help consumers understand the kind of personal information collected by the latest generation of vehicles, which use data to further safety, infotainment, and customer experience. The Guide will be made available to consumers by FPF, NADA, automakers, and dealers in order to explain the kinds of information that may be collected, the guidelines that govern how it is collected and used, and the options consumers may have. Copies of the Guide are being distributed by NADA and Ford Direct at the 2017 NADA Convention & Expo in New Orleans.

“The release of this Guide is a critical step in communicating to consumers the importance of privacy in the connected car, as well as the benefits that car data can provide,” said FPF CEO Jules Polonetsky. “As car data grows in volume and gains attention from both the media and regulators, we think it is critical to find creative ways to communicate with consumers in plain language how it works, how it can serve them, and what options and protections exist.”

“For so many consumers, the idea that their connected vehicle is constantly collecting personal information is completely new to them, and often times something they’ve never even thought about,” said NADA President and CEO Peter Welch. “Consumers have every right to know what kind of personal data may be collected by any vehicle they drive – but knowledge has to start with awareness. It is our hope that this guide helps generate awareness about privacy and vehicle technology, and ultimately leads to more consumers feeling confident and safe in any vehicle they drive.”

Today’s vehicles come equipped with a wide array of equipment and features that rely on the collection and use of data about consumers and their vehicles. These new features support a range of technologies that enhance safety, efficiency, performance, convenience, and entertainment. The Guide describes several components that are integral to properly protecting consumer data. For example, services that collect and share personal information should be accompanied by a clear privacy policy. The reality is that yes, cars are starting to know more about you, but what it knows may save your life.

In addition, Personal Data In Your Car highlights that nearly all leading automakers have committed to protecting consumer information by committing to the Automotive Privacy Principles. These Principles guide privacy practices in the automotive industry. They went into effect beginning with model year 2017 vehicles and for subscription services beginning on January 2, 2016.

The two major automaker trade groups voiced support for the Guide, with CEO of the Alliance of Automobile Manufacturers Mitch Bainwol saying, “We’ve long said that strong consumer data privacy protections are essential to maintaining the trust of our customers, and our Privacy Principles were a major step in protecting personal information collected in the vehicle.  Efforts like this FPF/NADA guide are an important part of helping drivers – and others – understand the many steps automakers take to safeguard data.”

“Automobiles increasingly make use of innovative technologies designed to save lives, time and the environment,” said Global Automakers President and CEO John Bozzella.  “Consumers have a right to know and trust that connected car platforms and the benefits that flow from them will not compromise their privacy or security, and we applaud FPF and NADA for developing a guide to help inform the public.”

As vehicles become more connected, it will be increasingly important to communicate with consumers how their information is collected and shared. For further information about technology in the car, consumers should contact their local dealer and review their vehicle’s owner’s manual.

The Guide launched at the Washington Auto Show on January 26th.

###

The Future of Privacy Forum is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. To learn more, visit www.fpf.org.

The National Automobile Dealers Association is a national trade association representing franchised new-car dealers. To learn more, visit www.nada.org.

FPF and NADA Launch Guide to Consumer Privacy in the Connected Car

The Future of Privacy Forum (FPF) and the National Automobile Dealers Association (NADA) released a first-of-its kind consumer guide, Personal Data in Your Car. The Guide will help consumers understand the kind of personal information collected by the latest generation of vehicles, which use data to further safety, infotainment and customer experience. The Guide will be made available to consumers by FPF, NADA, automakers, and dealers in order to explain the kinds of information that may be collected, the guidelines that govern how it is collected and used, and the options consumers may have.

Today’s vehicles come equipped with a wide array of equipment and features that rely on the collection and use of data about consumers and their vehicles. These new features support a range of technologies that enhance safety, efficiency, performance, convenience, and entertainment. The Guide describes several components that are integral to properly protecting consumer data. For example, services that collect and share personal information should be accompanied by a clear privacy policy. The reality is that yes, cars are starting to know more about you, but what it knows may save your life.

Personal Data In Your Car highlights that nearly all leading automakers have committed to protecting consumer information by committing to the Automotive Privacy Principles. These Principles guide privacy practices in the automotive industry. They went into effect beginning with model year 2017 vehicles and for subscription services beginning on January 2, 2016.

As vehicles become more connected, it will be increasingly important to communicate with consumers how their information is collected and shared. For further information about technology in the car, consumers should contact their local dealer and review their vehicle’s owner’s manual.

The Guide launched at the Washington, DC Auto Show on January 26th. Watch the launch below.

Video

Other Resources

The Student Privacy Pledge is a Binding Legal Commitment and G Suite for Education Makes the Grade

The Student Privacy Pledge is a public and legally enforceable statement by ed tech companies to safeguard student privacy, built around a dozen commitments regarding the collection, maintenance, and use of student personal information.  Since it was introduced in 2014 by the Future of Privacy Forum and the Software and Information Industry Association, more than 300 ed tech companies have become signatories, and it was endorsed by the White House in 2015.

Yesterday, the Mississippi Attorney General filed a Complaint against Google, alleging that the company violated its promises as a signatory of the Student Privacy Pledge (“Pledge”). After reviewing the Complaint and Google’s policy, the Future of Privacy Forum has determined that Google’s practices are consistent with its obligations under the Pledge.

First, it is important to understand that only Google’s educational products, known collectively as G Suite for Education, are subject to the Pledge. As we have written before, the Pledge covers only “school service providers,” – that is, companies when they are operating in their capacity as a provider of a service that is both designed and marketed for use in schools. This is consistent with most state student privacy laws and proposed federal bills. Why? When vendors are selling their general market products, they should not be required to change those products simply because they are sold to a school. The Pledge, and all state student privacy laws, are written to cover services like G Suite for Education that are specifically designed and marketed to schools.

The Complaint alleges that Google is advertising to students based on “data mining” the student’s behavioral activity while logged into G Suite. However, Google has consistently stated that there are no ads in the G Suite for Education Core Services, which include Gmail, Calendar, Classroom, Drive, Docs, Sheets, Slides, Contacts, Groups, Vault, and Hangouts. Beyond those core services, school administrators must opt-in to allow students to use their school account with other Google services, some of which are ad supported, such as YouTube, Maps, or Blogger. Students can likewise be on a personal device, and “sync” the device or use other websites with their G Suite account if a school administrator allows them to do so.  When using these commercial sites – not covered by the Pledge – students will see ads, but no student personal information from within the G Suite for Education Core Service products is ever used to target that advertising.

Targeted advertisements to students using data collected from G Suite for Education student accounts is not allowed under the Pledge, and Google does not do this. Therefore, we don’t believe the Complaint raises any valid issues about student data use by Google for Mississippi students. Google’s practices meet the commitments it has publicly made, as expressed in the Student Privacy Pledge.

Mobile Apps Study Underscores Necessity of Strong Best Practices for Health and Wellness Data

Kelsey Finch, FPF Policy Counsel, presented FPF’s 2016 Mobile Apps Study at the Federal Trade Commission’s annual PrivacyCon on January 12, 2017. Kelsey exhibited a visual representation of the App Study designed by FPF Fellow, Carolina Alonso. See the visual here and below.

The 2016 Mobile Apps Study underscores the necessity of strong Best Practices for health and wellness data. The App Study revealed that while the number of apps that provide privacy policies continues its upward trend from our previous surveys in 2011 and 2012, health and fitness apps – which often control and link to wearable devices, and which can collect sensitive health and wellness data – do worse than average at providing privacy policies. Only 70% of top health and fitness apps had a privacy policy (6% lower than overall top apps), and only 61% linked to it from the app store listing page (10% lower than overall top apps).

READ STUDY

Recognizing the need for strong Best Practices, FPF released Best Practices for Consumer Wearables and Wellness Apps and Devices, a detailed set of guidelines that responsible companies can follow to ensure they provide practical privacy protections for consumer-generated health and wellness data. The document was produced with support from the Robert Wood Johnson Foundation and incorporates input from a wide range of stakeholders including companies, advocates, and regulators.

READ BEST PRACTICES

FPF Welcomes New Fellows

FPF is pleased to welcome Gabriela Zanfir-Fortuna, PhD. as a non-resident fellow. Gabriela worked for more than two years (March 2014-June 2016) for the European Data Protection Supervisor in Brussels, both for ‘Supervision and Enforcement’ and ‘Policy and Consultation’ Units. Notably, she represented the EDPS in various subgroups of the Article 29 Working Party, being a member of the drafting team of WP29 that assessed the EU-US Privacy Shield. Gabriela worked on international data transfers, international relations, EU large scale IT-systems (particularly, the Schengen Information System), case-law overviews and she was a member of the Court team.

At FPF, she will be responsible for tracking global privacy research scholarship for the FPF academic-industry Research Coordination Network (RCN). She will also help author blog posts, provide counsel on EU privacy law, and monitor EU activities related to FPF’s work. Please join us in welcoming Gabriela to the team!


FPF is delighted to welcome Leslie Harris as a senior fellow. Leslie is an Internet and technology policy lawyer who has been closely involved in the development of seminal Internet policy and regulation in Congress, Executive Branch agencies, the European Union and global governance bodies including the OECD,UNESCO and ICANN. From 2005 to 2014, she served as President/CEO of the Center for Democracy & Technology. Leslie is currently President of the Harris Strategy Group, a senior level consultancy providing strategic advice on policy and strategy related to new technology, civil liberties and human rights.

At FPF, she will lead our efforts to explore and examine legal, ethical, technological, administrative and practical roadblocks and challenges to sharing administrative data between businesses and researchers. Please join us in welcoming Leslie to the team!

Video Archive: 2016 Privacy Papers for Policymakers

On January 11, 2017, FPF and Honorary Co-Hosts Senator Edward J. Markey, and Co-Chairs of the Congressional Bi-Partisan Privacy Caucus, Congressman Joe Barton, and Congresswoman Diana DeGette, held the 7th Annual Privacy Papers for Policymakers at the Dirksen Senate Office Building. The videos are below.








 

 

FPF Supports the Email Privacy Act – H.R. 387

Yesterday, Congress introduced the Email Privacy Act (H.R. 387), which would update protections in the Electronic Communications Act (ECPA) to take account of citizens’ evolving use of technology and better align the law with consumers’ reasonable expectations of privacy in the contents of their email communications. Offered by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO), this bi-partisan bill simplifies the law and codifies practices currently employed by law enforcement agencies and companies; in most circumstances, the bill requires the government to obtain a warrant government in order to access to email content.  The bill would reduce confusion for police, companies, and users, while bringing statutory protections for electronic communications into the modern era.

ECPA, originally passed in 1986, created standards for government access to the content of communications sent over telecommunications systems – it is the primary federal law governing law enforcement access to Internet traffic. Although ECPA was forward-thinking for its time, the developments of technology and communications in the 30 years since have greatly surpassed its scope and the effectiveness of its policy direction.

The Email Privacy Act makes several important updates. Under ECPA, the content of communications (including email) could be obtained without a warrant after 180 days. This provision may had been reasonable when online storage was expensive, email use was limited, and few American engaged in sensitive communications online.  However, in light of the current use and storage of email communications as a typical and standard means of individual and organizational correspondence, there is no reason to reduce protections for those communications after six months.  This update recognizes the central role of email messages in modern society, and ensures that individuals and organizations can maintain their communications in reasonable confidence – requiring law enforcement to obtain a warrant based on probable cause for access. The “probable cause” standard for requesting or accessing the content of such communications is consistent with other protections from arbitrary search; eliminating this “180-day rule” is an excellent and necessary improvement to existing law.

Likewise, previous Department of Justice interpretation of ECPA established a standard that “opening” an email removed it from warrant protection, even within the 180-day period. This is interpretation does not align with users’ current expectations given the common use of email for communication by and between individuals and organizations. The contents of email, like the contents of traditional hard-copy official correspondence, should always enjoy 4th Amendment protections. The Email Privacy Act appropriately reflects that standard, requiring the government to demonstrate probable cause before accessing emails – even when those messages have been opened by the recipient.

While the bill doesn’t include every improvement or reform that many advocates would like to see, it includes key and important requirements that make big steps forward in the protections the contents of electronic communications. Nothing in the bill affects existing requirements under the Wiretap Act, FISA, or any other current law. FPF joins numerous other privacy and advocacy organizations to urge immediate passage of the bill as introduced.