The Privacy Policy Snapshot Challenge – $20,000 First Prize.
The Privacy Policy Snapshot Challenge calls upon developers, designers, health data privacy experts, and creative, out-of-the-box thinkers to use the US Department of Health and Human Services ONC’s Model Privacy Notice template to create an online tool that can generate a user-friendly “snapshot” of a product’s privacy practices. ONC will award a total of $35,000 in prizes through this challenge. Enter your submissions now! The deadline for submission is April 10, 2017 with winners expected to be announced in mid-2017. For more information, view the Federal Register Notice.
ONC is also hosting an informational webinar on Thursday, January 12, 2017 from 2:00-3:00pm ET.Register for the webinar.
As the ONC team explains, ” More and more individuals are obtaining access to their electronic health information and using consumer health technology to manage this information. As retail products that collect digital health data directly from consumers are used, such as exercise trackers, it is increasingly important for consumers to be aware of companies’ privacy and security policies and information sharing practices. Health technology developers can use the Mobile Privacy Notice to easily enter their information practices and produce a notice to allow consumers to quickly learn and understand privacy policies, compare company policies, and make informed decisions”.
As FPF showed in our recent FPF Mobile Apps Study , the number of apps that provide privacy policies continues its upward trend from our previous surveys in 2011 and 2012. But health and fitness apps – which may access sensitive, physiological data collected by sensors on a mobile phone, wearable, or other device – do worse than average at providing privacy policies. Only 70% of top health and fitness apps had a privacy policy (6% lower than overall top apps), and only 61% linked to it from the app platform listing page (10% lower than overall top apps).
The App Study also looked specifically at period tracking and sleep aid apps. Only 63% of period tracking apps provided a link to the privacy policy from the app platform listing page. More disappointingly, only 54% of sleep aid apps provided a link to the privacy policy from the app platform listing page.
FPF also released a best practices that responsible companies can follow to ensure they provide practical privacy protections for consumer-generated health and wellness data. The document was produced with support from the Robert Wood Johnson Foundation and incorporates input from a wide range of stakeholders including companies, advocates, and regulators.
Fitness and wellness data from apps and wearables provide significant benefits for users, but it is essential that companies incorporate Fair Information Practice Principles to safeguard this data.
FPF Testifies at NYC Taxi and Limousine Commission Hearing
Yesterday, Lauren Smith, FPF Policy Counsel testified at the NYC Taxi and Limousine Commission’s (TLC) hearing about its proposed rules that add new trip reporting requirements for for-hire vehicle (FHV) bases.
Lauren explained that the proposed rules would create significant privacy risks by mandating that FHV bases transmit passenger drop-off time and location data. This can be highly sensitive information. These additional data points pose particular risks in light of the TLC’s existing data collection, given that FHV bases must already report the date, time, and location of passenger pick-ups. With the addition of drop-off data as proposed by the rule, the TLC’s data set would provide the TLC and the public with a comprehensive view of the movements of individual New Yorkers.
Lauren asserted that at minimum, the TLC should explore ways to: 1) tailor the data collection more narrowly to the stated purpose by focusing on trip duration rather than the location of passengers’ trips; 2) collect less precise, more general geographic information; and 3) enact policies and procedures that detail the privacy and security protections for such sensitive data.
Conference Proceedings – Beyond IRBs Designing Ethical Review Processes for Big Data Research
Today, FPF is pleased to make available the Conference Proceedingsfrom our Beyond IRBs: Designing Ethical Review Processes for Big Data Research workshop. The workshop, co-hosted by the Washington & Lee School of Law and supported by the National Science Foundation and the Alfred P. Sloan Foundation, aimed to identify processes and commonly accepted ethical principles for data research in academia, government and industry.
The workshop brought together over 60 researchers, including lawyers, computer scientists, ethicists and philosophers, as well as policymakers from government, industry and civil society, to discuss a blueprint for infusing ethical considerations into organizational processes in a data rich environment. To learn more about the event, its participants, and its organizers, please visit bigdata.fpf.org.
As part of the Beyond IRBs workshop, FPF and the Washington & Lee School of Law issued a call for papers addressing ethical, legal, and technical guidance for organizations conducting research on personal information. The papers were published in Spring 2016 in the Washington & Lee Online Law Review.
Building on the discussions at Beyond IRBs, FPF also co-hosted a Roundtable on Ethics, Privacy, and Research in June 2016 with the Ohio State University’s Program on Data and Governance. This timely event, which followed the White House’s call to develop strong data ethics frameworks, convened corporate and academic leaders to discuss how to integrate ethical and privacy considerations into innovative data projects and research. To learn more about the event, see our post here.
FPF was also recently awarded additional grants by the National Science Foundation and the Alfred P. Sloan Foundation in our pursuit of thought-provoking discussions around ethical, legal, and technical guidance for organizations conducting research on personal information.
