Call for Papers: Developing a Benefit-Cost Framework for Data Policy
The Program on Economics & Privacy at George Mason University’s Antonin Scalia Law School and the Future of Privacy Forum are seeking papers to explore the development of a benefit-cost framework in privacy policy. Scholars from an interdisciplinary background, including economics, law, public policy, business and marketing, are encouraged to submit abstracts for consideration.
Selected submissions will be presented at the Fifth Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security Policy, on June 8, 2017, at the Antonin Scalia Law School, and published in a special symposium issue of the Journal of Law, Economics & Policy.
Submissions
To be considered, please send an abstract outlining your proposed paper to [email protected] by April 15, 2017. Selections will be announced by May 1, 2017. Selected authors will be expected to have completed a discussion draft by June 1, 2017, to circulate to conference participants. Final papers will be due on September 1, 2017.
Topics of special interest include:
Developing metrics to measure the costs and impacts of privacy controls.
Unpacking the economics of privacy using microeconomic tools.
Calculating the value of privacy for consumers through analysis of competitive offerings.
Benefit-cost analysis of innovative data uses.
Understanding the concept of cognizable privacy harm constituting substantial injury under Section 5 of the FTC Act.
Measuring consumer reactions to changes in tracking.
Understanding the value of anonymity and pseudonymity in online interactions.
Weighing the benefits of data use to individuals, organizations, communities and society at large.
Assessing the possibility of market failures in privacy—to what extent will the market fail to produce the “correct” amount of privacy?
What are the roles of neoclassical and behavioral economics in explaining consumers’ relative unresponsiveness to privacy policies or the limited role for privacy as a dimension of competition?
Are there impediments to the development of privacy offerings that play a larger role in competition among firms and platforms?
What are the economic implications of privacy issues raised by artificial intelligence and machine learning?
The authors argue that such a right may be unconstitutional in Canada: it would most likely infringe upon freedom of expression in a way that cannot be demonstrably justified under the Canadian Constitution. They also argue that the legal framework in Quebec addresses some of the privacy and reputational concerns that a RTBF is meant to address through a “public interest” test, although they acknowledge that there are some limits to this framework.
The Top 10: Student Privacy News (March-April 2017)
The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Approximately every month, we post “The Top 10,” a blog with our top student privacy stories.
The Future of Privacy Forum is headed to IAPP! Next week in DC, FPF has several events happening at IAPP, including a panel with the U.S. Department of Ed, “Privacy + Ed Tech = Awesome” (4/20 at 9:30am), and a Peer-to-Peer Roundtable on K-12 privacy (4/19 at 3:30pm). Also check out:
Rachel Krinsky Rudnick from University of Connecticut for a Peer-to-Peer Roundtable on Privacy in Higher Ed (4/19 at 12:30pm)
If you didn’t manage to get one of the sold-out tickets to FPF’s Tech Lab (4/18 at 5:30pm), you can still see some of FPF’s Connected Toys and learn more about our work at IAPP booth 92 (4/19 and 4/20)
FPF also is on IAPP panels about “Practical Data De-ID” (4/18 at (9:30am), “Open Data vs Privacy” (4/19 at 2pm), “Highly Integrated Personalized Experiences” (4/19 at 4:30pm), “Location Data and Consumer Privacy” (4/20 at 9:30), and “New Developments in Privacy for the Connected Car” (4/20 at 3pm).
The Top 10
The first federal student privacy bill of 2017 has arrived! Senators Markey and Hatch have re-introduced the “Protecting Student Privacy Act,” an amendment to FERPA.
The U.S. Department of Education (USED) is requesting comments until April 19th on a proposal to electronically match USED applications for financial assistance with U.S. Citizenship and Immigration Services (USCIS) data to confirm the immigration status of alien applicants for or recipients of financial assistance under title IV of the Higher Education Act. Privacy advocates have raised concerns about allowing any connection of these databases.
Common Sense Media’s Privacy Initiative has released their follow-up survey measuring whether 1,121 vendors have encryption support. While there has been measured improvement since their October 2016 survey, roughly 40% of websites still do not enforce encryption.
Alberta (Canada) is dealing with the difficult issue of privacy for students versus their parents: The Education Minister of Alberta says that parents should not be told if children join gay-straight alliances. This issue was raised in the U.S. in 2016 in the context of the ACLU model student privacy legislation, which said that schools should not disclose information in student records to parents if that information could potentially harm the child.
USED’s audit of IES found that the agency needs to “tighten its processes to ensure researchers know how to safeguard student privacy.” Shortly afterwards, the House Committee on Government and Oversight Reform sent a letter to Secretary DeVos on March 30, asking for detailed information about how USED will improve the department’s cybersecurity.
The Consortum for School Networking (CoSN) has released a set of “fundamental resources to help [schools] protect against cyberthreats and develop effective security programs.” CoSN also released their annual K-12 IT Leadership Survey, and cybersecurity is one of the three top priorities identified along with mobile learning and broadband capacity.
The Berkman Klein Center has released “Privacy & Student Data: Companion Learning Tools,” five scenarios of ed tech adoption at various grade levels to help schools and districts train teachers and others on student data privacy.
REL Northeast & Islands has released a report on “Analyzing student-level disciplinary data” for districts to help them answer important questions about the use of disciplinary actions.
Student immigration data was a major topic yet again:
New York City announced that immigration agents will not be allowed in schools without warrants;
Civil rights groups asked California’s attorney general to investigate school districts that require parents to provide children’s SSNs, citizenship status and other sensitive info such as when they entered the country; and
Some school boards changed their rules for sharing student information with law enforcement organizations;
FPF commends NHTSA for its work to introduce a Vehicle to Vehicle (V2V) Communications system that takes privacy seriously in both the design and implementation of the system. We agree that great gains in road safety can result from broad-scale application of crash avoidance technologies like V2V. Overall, FPF supports NHTSA’s approach to consumer privacy and the seriousness with which NHTSA has engaged this topic, working with partners to design a system that includes multiple technical, physical, and organizational controls to help limit potential privacy impacts on consumers. In our comments, FPF describes measures that could help clarify or bolster these privacy safeguards.
FPF is encouraged by NHTSA’s “privacy by design” approach to building this system, by taking privacy into account throughout the entire engineering process from the earliest design stages to the operation of the system. We also commend NHTSA for working with partners in order to implement layers of technical, policy and physical controls to mitigate potential privacy impacts of the V2V system; we agree that the proposed rule’s ongoing privacy risk analysis is a crucial component of the V2V system.
FPF recommends that NHTSA:
improve the contemplated privacy notice in terms of content, usability, and delivery mechanisms, and undertake the proposed consumer education efforts;
retain the proposed rule’s approach to defining Personally Identifiable Information—an approach that is consistent with the Federal Trade Commission and other Federal entities’ definitions;
work with other regulators and partners to identify any protective technical or legal control that could limit third party collection, aggregation, or sale of V2V data, including considering encryption or higher Pseudonym Certificate rotation rates;
consider what sorts of consumer privacy controls are appropriate (e.g. opt-out), when such choices are appropriate, and how such choices can be presented in the context of the operators’ relationships with vehicles and service providers;
ensure oversight and accountability mechanisms for the security entity within the proposed rule’s credential management system;
continue to study and mitigate the residual privacy risks created by the proposed rule.
This NPRM is an important step toward safer roads, and our analysis indicates that the proposed Rule includes thoughtful, careful privacy protections in a complex system. We urge the Administration to consider our recommendations and outstanding questions to improve the final regulation. We thank NHTSA for recognizing the importance of privacy in the context of V2V technologies, and look forward to remaining engaged as the rulemaking advances.
'Successful smart city leaders will be smart on privacy'
In a piece for Samsung Public Information Display, Jules Polonetsky and Kelsey Finch share what they have learned from working with smart city and community stakeholders to navigate complex issues and integrate digital services in privacy-protective ways. The authors explain:
“If city leaders, technology providers, community organizations, and other stakeholders work together to address core privacy issues and principles, they will be able to leverage the benefits of a data-rich society while minimizing threats to individual privacy and civil liberties.”
We are pleased to announce that Margaret Honda has joined FPF as Director of the Research Coordination Network! In this role, Margaret oversees a new community of privacy academics and industry practitioners whose goal is to advance the privacy research agenda through collaboration.
Before joining FPF, Margaret worked at Forrester Research, Inc., a technology market research firm, during which time she held various senior management positions and created and implemented new product offerings focused on developing meaningful executive-level customer engagement strategies. Margaret earned her Bachelor of Science degree in Health Management and Policy from the University of New Hampshire.
We are pleased to announce that Mary C. Wright has joined FPF as Membership Development Specialist! As the primary handler of the relationship between FPF and its stakeholders, Mary manages the FPF member database, ensures members are enrolled in the appropriate groups and subgroups, and works with FPF leadership to ensure we are providing value to members and stakeholders.
Mary is a native of Colorado, bringing a solid history in development, program management and hospitality where she built key relationships, executed strategic plans and managed national accounts. After serving 10 years as a marketing and event fundraising professional, Mary spent the last 15 years as an executive development officer raising money for non-profit organizations, Big Brothers Big Sisters, NAACP and the Carson Scholars Fund. Mary is a graduate of the University of Northern Colorado.
On April 11, Windows Users Get Improved Privacy Protections from Microsoft
FPF is pleased to see the major privacy advances in Microsoft’s upcoming update to Windows 10. The Creator’s Update version of Windows 10 will provide a new privacy dashboard, allows users to limit telemetry information sent back to Microsoft, provides a detailed look at the telemetry information collected, and makes it easy for users to understand what data is collected when they choose basic or advanced installations. People already running a version of Windows 10 will get a notification to schedule the Creators Update and choose privacy settings.
For each setting, Microsoft has provided a detailed description with the option to learn more about the information collected and how it is used. If you choose to turn all of these settings off (limiting the amount of data collected), you will be shifted to “basic” mode and your privacy settings screen will look like the image below.
The basic level now sends about 50 percent less data back to Microsoft, but does not eliminate all transmission of data, as the company requires a minimum amount of data for security and other essential debugging purposes.
EU Policymakers and US Civil Society Groups Meet to Discuss Trans-Atlantic Privacy Issues
FPF’s Vice President of Policy, John Verdi, attended a meeting with Věra Jourová, the European Union’s Commissioner for Justice, Consumers, and Gender Equality. The meeting between EU policymakers and US civil society groups focused on an open, robust discussion of trans-Atlantic privacy issues, including the US/EU Privacy Shield program.