FPF Relaunches Global Calendar of Privacy Events

FPF has officially relaunched the Privacy Calendar. The Privacy Calendar can be accessed at www.privacycalendar.org and is a global calendar of privacy-related events. With its interactive design, users have the ability to search for an event by name, organizer, or city and can use the online submission form to add an event. Events may also be submitted by emailing [email protected].

Want a free FPF I heart privacy t-shirt? Send us 5 events that we do not have listed and we will send you a t-shirt (up to 10 people will get shirts).

Check out the Privacy Calendar today!

VISIT CALENDAR

FPF Joins Coalition to Reject DHS Proposal to Demand Passwords to Enter the U.S.

Yesterday, FPF joined a broad coalition in a joint statement to the Department of Homeland Security (DHS) opposing password demands of travelers. Secretary John Kelly suggested DHS could require non-citizens to provide the passwords to their social media accounts as a condition of entering the country. As articulated in the statement, the practice of demanding social media passwords would not increase the security of U.S. citizens and would jeopardize the fundamental rights of people in the U.S. and abroad.

The coalition was comprised of 50 organizations and trade associations and nearly 90 individual experts, including human rights and civil liberties organizations, technology company trade associations, and experts in technology, security, and the law. To learn more about the issues at stake, please visit: https://cdt.org/insight/no-to-dhs-social-media-password-requirement/

Future of Privacy Forum on YouTube

FPF posts videos of many of our programs on our YouTube channel. Visit our page to see more videos and subscribe!

SEE FPF ON YOUTUBE

Welcome to Future of Privacy Forum!

The Future of Privacy Forum (FPF) is a nonprofit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF brings together industry, academics, consumer advocates, and other thought leaders to explore the challenges posed by technological innovation and develop privacy protections, ethical norms and workable business practices.

FPF Welcomes New Senior Fellow

FPF is pleased to welcome Henry Claypool as a senior fellow. Henry is currently Policy Director at the Community Living Policy Center at the University of California, San Francisco. He is the former Director of the U.S. Department of Health and Human Services Office on Disability and a founding Principal Deputy Administrator of the Administration for Community Living.  He also served as a presidentially-appointed member of the Federal Commission on Long-Term Care, advising Congress on how long-term care can be better provided and financed for the nation’s older adults and people with disabilities, now and in the future, and was Executive Vice President of the American Association of People with Disabilities, which promotes equal opportunity, economic power, independent living and political participation for people with disabilities.  He is Affiliated Faculty at the Institute for Health & Aging at UCSF and principal of Claypool Consulting.

At FPF, Henry will lead our outreach and research efforts to promote understanding of the range of ways Internet of Things (IoT) technologies are being used to empower those with disabilities and bring disability advocates into privacy-data-technology policy debates. He will be responsible for convening a series of meetings to advance understanding of core privacy issues related to IoT, to address issues, concerns, and goals of the disability community, and to ensure input of disability groups into IoT policy development.

Please join us in welcoming Henry to the team!

House Passes Email Privacy Act (H.R. 387)

Yesterday, the U.S. House of Representatives passed the Email Privacy Act (H.R. 387). The bill updates the Electronic Communications Privacy Act (ECPA), the law that sets standards for government access to private internet communications. Although ECPA was forward-thinking for its time, the developments of technology and communications in the 30 years since its passage have greatly surpassed its scope and the effectiveness of its policy direction.

“The Email Privacy Act recognizes the central role of email messages in modern society, and ensures that individuals and organizations can maintain their communications in reasonable confidence – requiring law enforcement to obtain a warrant based on probable cause for access,” said Brenda Leong, FPF’s Senior Counsel and Director of Strategy.

FPF has joined numerous other privacy and advocacy organizations to urge immediate passage of the bill. We will continue to keep you updated with developments as the bill moves through the Senate. 

FPF in Brussels: The Law and Science of De-Identification

Last week, FPF brought together a panel of technology, legal, regulatory, and business voices to discuss “The Law and Science of De-Identification” at the 10^th annual Computers, Privacy, and Data Protection conference.

De-identification—the process of modifying personal data to ensure that data subjects are no longer identifiable—is one of the primary measures that organizations take to protect privacy. Over the past few years however, computer scientists and mathematicians have demonstrated that de-identification is not foolproof. At the same time, by necessity, organizations around the world continue to rely on a wide range of technical, administrative and legal measures to reduce data identifiability. The EU General Data Protection Regulation recognizes the concept of pseudonymization, albeit with limited legal implications compared to its stricter relative, anonymization.

This panel of interdisciplinary experts discussed the technology, law, policy, and implementation of de-identification techniques in Europe. Claudia Diaz, Professor at KU Leuven, chaired the session and introduced the complicated landscape in which de-identification is studied, implemented, and debated. Kelsey Finch, Policy Counsel for the Future of Privacy Forum, moderated the session, and tied the discussion at CPDP to its origins in the November 2016 Brussels Privacy Symposium workshop on Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization.

• Claude Castelluccia, Research Director and Head of the Privatics Group for INRIA, kicked off the session with an overview of “differential testing,” a technique designed to identify when a dataset may be at risk for leaking data subjects’ sensitive attributes, rather than simply their identities.
• Sophie Stalla-Bourdillon, Associate Professor at the University of Southampton, overviewed the shifting definitions of de-identified or anonymous data in European law and called for a recognition of amore dynamic legal standard.
• Alessandro Spina, Data Protection Officer for the European Medical Agency, discussed developing the first set of professional guidelines for de-identifying and publishing pharmaceutical clinical reports.
• Simon Hania, Vice President of Privacy and Security at TomTom, discussed the role of de-identification to achieving business goals, and the tough questions that arise when implementing these tools within organizations.

The papers on which Claude Castelluccia and Sophie Stalla-Bourdillon, and Alessandro Spina based their comments were also selected finalists at the Brussels Privacy Symposium, available here and here.

In a robust question and answer session with the audience and their fellow panelists, the speakers touched on questions, including: how to incentivize robust de-identification within organizations and across sectors; the implications of open data or release-and-forget styles of de-identification; transparency about de-identification commitments and techniques for consumers; and what contextual factors matter most in risk-based de-identification approaches.

Video of the session is available below.

If you would like to participate in this and future discussions regarding EU privacy issues, make sure you Save the Date! The next Brussels Privacy Symposium is November 6, 2017.

The Top 10: Student Privacy News (Dec 2016-Jan 2017)

The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Today, we are launching “The Top 10,” a monthly blog with our top student privacy stories from the past month (or month-and-a-half, in today’s case).

1. Today, the Data & Society Research Institute released their great new report exploring “The Legacy of inBloom.” Simultaneously released were a few blogs from stakeholders responding to the report, including a response from FPF.
2. The California Student Privacy Alliance (a branch of the Student Data Privacy Consortium, made up of districts from 13 states who create a model contract for vendors) has released their CA model contract.
3. The Mississippi Attorney General filed a complaint against Google, alleging that Google was violating the Student Privacy Pledge. Co-creators of the Pledge SIIA and FPF disagreed. There were also some great responses and thoughts about the allegations from Bill Fitzgerald and Jim Siegl.
4. A school district has been found in violation of FERPA due to a little-known clause in the federal law which requires that family law courts suspend FERPA rights proactively (as opposed to their automatic suspension when custody rights are suspended).
5. There is a great deal of concern about student data potentially being used to identify and deport undocumented students (read the fantastic EdWeek article). Nominated USED Secretary DeVos was asked whether she would allow federal authorities to arrest those students at school, and she deferred the question to DOJ.
6. Today, Common Sense Media released the script from their encryption test of ed tech products late last year (see that study here) so others can run this test themselves on any ed tech product.
7. FPF filed comments with the Commission on Evidence-Based Policymaking on privacy in the context of a federal student-level data system.
8. There has been a great deal of contradictory information on DREAMers and DACA over the past month and a half: the former Homeland Security Secretary said that federal authorities should not use DACA data to deport students; immigration handliners are upset that the President may not end DACA; Vox obtained an alleged draft order that ends DACA; and Congress has introduced a bill that requires that DACA data cannot be used for the purpose of immigration enforcement proceedings. While many colleges have said they will not turn over data about immigrant student to the federal government following the President’s immigration Executive Order, the Chronicle for Higher Education reported that these pledges “don’t mean much.”
9. PTAC issued guidance on “Integrated Data Systems and Student Privacy” and “Use of Financial Aid Information for Program Evaluation and Research.”
10. A London university “admits to monitoring student emails under pressure [from] Government anti-terror programme.”

*Want more news stories? Email Amelia Vance at avance AT fpf.org to subscribe to our student privacy newsletter.