Call for Papers: Developing a Benefit-Cost Framework for Data Policy

The Program on Economics & Privacy at George Mason University’s Antonin Scalia Law School and the Future of Privacy Forum are seeking papers to explore the development of a benefit-cost framework in privacy policy. Scholars from an interdisciplinary background, including economics, law, public policy, business and marketing, are encouraged to submit abstracts for consideration.

Selected submissions will be presented at the Fifth Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security Policy, on June 8, 2017, at the Antonin Scalia Law School, and published in a special symposium issue of the Journal of Law, Economics & Policy.

Submissions

To be considered, please send an abstract outlining your proposed paper to [email protected] by April 15, 2017. Selections will be announced by May 1, 2017. Selected authors will be expected to have completed a discussion draft by June 1, 2017, to circulate to conference participants. Final papers will be due on September 1, 2017.

Topics of special interest include:

MORE DETAILS

Droit À L’Oubli: Canadian Perspective on the Global ‘Right to Be Forgotten’ Debate

Eloise Gratton of Borden Ladner Gervais LLP and Jules Polonetsky have published, “Droit À L’Oubli: Canadian Perspective on the Global ‘Right to Be Forgotten’ Debate” (forthcoming in the Colorado Technology Law Journal). This paper explores whether importing a RTBF would be legal in Canada.

The authors argue that such a right may be unconstitutional in Canada: it would most likely infringe upon freedom of expression in a way that cannot be demonstrably justified under the Canadian Constitution. They also argue that the legal framework in Quebec addresses some of the privacy and reputational concerns that a RTBF is meant to address through a “public interest” test, although they acknowledge that there are some limits to this framework.

READ PAPER

The Top 10: Student Privacy News (March-April 2017)

The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Approximately every month, we post “The Top 10,” a blog with our top student privacy stories.

The Future of Privacy Forum is headed to IAPP! Next week in DC, FPF has several events happening at IAPP, including a panel with the U.S. Department of Ed, “Privacy + Ed Tech = Awesome” (4/20 at 9:30am), and a Peer-to-Peer Roundtable on K-12 privacy (4/19 at 3:30pm). Also check out:

The Top 10

  1. The first federal student privacy bill of 2017 has arrived! Senators Markey and Hatch have re-introduced the “Protecting Student Privacy Act,” an amendment to FERPA.
  2. The U.S. Department of Education (USED) is requesting comments until April 19th on a proposal to electronically match USED applications for financial assistance with U.S. Citizenship and Immigration Services (USCIS) data to confirm the immigration status of alien applicants for or recipients of financial assistance under title IV of the Higher Education Act. Privacy advocates have raised concerns about allowing any connection of these databases.
  3. Common Sense Media’s Privacy Initiative has released their follow-up survey measuring whether 1,121 vendors have encryption support. While there has been measured improvement since their October 2016 survey, roughly 40% of websites still do not enforce encryption.
  4. Alberta (Canada) is dealing with the difficult issue of privacy for students versus their parents: The Education Minister of Alberta says that parents should not be told if children join gay-straight alliances. This issue was raised in the U.S. in 2016 in the context of the ACLU model student privacy legislation, which said that schools should not disclose information in student records to parents if that information could potentially harm the child.
  5. USED’s audit of IES found that the agency needs to “tighten its processes to ensure researchers know how to safeguard student privacy.” Shortly afterwards, the House Committee on Government and Oversight Reform sent a letter to Secretary DeVos on March 30, asking for detailed information about how USED will improve the department’s cybersecurity.
  6. Up to 100,000 Taxpayers Compromised in FAFSA Tool Breach, IRS says” via NYTimes. See a blog article with background on the tool and previous IRS/USED statements here.
  7. The Consortum for School Networking (CoSN) has released a set of “fundamental resources to help [schools] protect against cyberthreats and develop effective security programs.” CoSN also released their annual K-12 IT Leadership Survey, and cybersecurity is one of the three top priorities identified along with mobile learning and broadband capacity.
  8. The Berkman Klein Center has released “Privacy & Student Data: Companion Learning Tools,” five scenarios of ed tech adoption at various grade levels to help schools and districts train teachers and others on student data privacy.
  9. REL Northeast & Islands has released a report on “Analyzing student-level disciplinary data” for districts to help them answer important questions about the use of disciplinary actions.
  10. Student immigration data was a major topic yet again:

*Want more news stories? Email Amelia Vance at avance AT fpf.org to subscribe to our student privacy newsletter.

 

Image from Flickr: student_ipad_school – 137 by Brad Flickinger

FPF Comments on NHTSA’s V2V Rulemaking

Yesterday, the Future of Privacy Forum submitted written comments to the Department of Transportation and National Highway Traffic Safety Administration in response to their Notice of Proposed Rulemaking on Vehicle to Vehicle Communications.

FPF commends NHTSA for its work to introduce a Vehicle to Vehicle (V2V) Communications system that takes privacy seriously in both the design and implementation of the system. We agree that great gains in road safety can result from broad-scale application of crash avoidance technologies like V2V. Overall, FPF supports NHTSA’s approach to consumer privacy and the seriousness with which NHTSA has engaged this topic, working with partners to design a system that includes multiple technical, physical, and organizational controls to help limit potential privacy impacts on consumers. In our comments, FPF describes measures that could help clarify or bolster these privacy safeguards.

FPF is encouraged by NHTSA’s “privacy by design” approach to building this system, by taking privacy into account throughout the entire engineering process from the earliest design stages to the operation of the system. We also commend NHTSA for working with partners in order to implement layers of technical, policy and physical controls to mitigate potential privacy impacts of the V2V system; we agree that the proposed rule’s ongoing privacy risk analysis is a crucial component of the V2V system.

FPF recommends that NHTSA:

  1. improve the contemplated privacy notice in terms of content, usability, and delivery mechanisms, and undertake the proposed consumer education efforts;
  2. retain the proposed rule’s approach to defining Personally Identifiable Information—an approach that is consistent with the Federal Trade Commission and other Federal entities’ definitions;
  3. work with other regulators and partners to identify any protective technical or legal control that could limit third party collection, aggregation, or sale of V2V data, including considering encryption or higher Pseudonym Certificate rotation rates;
  4. consider what sorts of consumer privacy controls are appropriate (e.g. opt-out), when such choices are appropriate, and how such choices can be presented in the context of the operators’ relationships with vehicles and service providers;
  5. ensure oversight and accountability mechanisms for the security entity within the proposed rule’s credential management system;
  6. continue to study and mitigate the residual privacy risks created by the proposed rule.

This NPRM is an important step toward safer roads, and our analysis indicates that the proposed Rule includes thoughtful, careful privacy protections in a complex system. We urge the Administration to consider our recommendations and outstanding questions to improve the final regulation. We thank NHTSA for recognizing the importance of privacy in the context of V2V technologies, and look forward to remaining engaged as the rulemaking advances.

Read the full comments here.

'Successful smart city leaders will be smart on privacy'

In a piece for Samsung Public Information Display, Jules Polonetsky and Kelsey Finch share what they have learned from working with smart city and community stakeholders to navigate complex issues and integrate digital services in privacy-protective ways. The authors explain:

“If city leaders, technology providers, community organizations, and other stakeholders work together to address core privacy issues and principles, they will be able to leverage the benefits of a data-rich society while minimizing threats to individual privacy and civil liberties.”

READ BLOG

FPF Welcomes New Team Members!

Margaret HondaWe are pleased to announce that Margaret Honda has joined FPF as Director of the Research Coordination Network! In this role, Margaret oversees a new community of privacy academics and industry practitioners whose goal is to advance the privacy research agenda through collaboration.

Before joining FPF, Margaret worked at Forrester Research, Inc., a technology market research firm, during which time she held various senior management positions and created and implemented new product offerings focused on developing meaningful executive-level customer engagement strategies. Margaret earned her Bachelor of Science degree in Health Management and Policy from the University of New Hampshire.


Mary WrightWe are pleased to announce that Mary C. Wright has joined FPF as Membership Development Specialist! As the primary handler of the relationship between FPF and its stakeholders, Mary manages the FPF member database, ensures members are enrolled in the appropriate groups and subgroups, and works with FPF leadership to ensure we are providing value to members and stakeholders.

Mary is a native of Colorado, bringing a solid history in development, program management and hospitality where she built key relationships, executed strategic plans and managed national accounts. After serving 10 years as a marketing and event fundraising professional, Mary spent the last 15 years as an executive development officer raising money for non-profit organizations, Big Brothers Big Sisters, NAACP and the Carson Scholars Fund. Mary is a graduate of the University of Northern Colorado.

On April 11, Windows Users Get Improved Privacy Protections from Microsoft

FPF is pleased to see the major privacy advances in Microsoft’s upcoming update to Windows 10.  The Creator’s Update version of Windows 10 will provide a new privacy dashboard, allows users to limit telemetry information sent back to Microsoft, provides a detailed look at the telemetry information collected, and makes it easy for users to understand what data is collected when they choose basic or advanced installations.  People already running a version of Windows 10 will get a notification to schedule the Creators Update and choose privacy settings.

For each setting, Microsoft has provided a detailed description with the option to learn more about the information collected and how it is used. If you choose to turn all of these settings off (limiting the amount of data collected), you will be shifted to “basic” mode and your privacy settings screen will look like the image below.

New privacy settings screen in the Windows 10 Creators Update. An example of how the privacy settings screen may appear to you. The actual values of the toggles on this screen will be based on your current settings in Windows 10. For example, if you previously chose to turn off location services, the toggle in this screen will be initially set to “Off” for location services.

The basic level now sends about 50 percent less data back to Microsoft, but does not eliminate all transmission of data, as the company requires a minimum amount of data for security and other essential debugging purposes.

We note that with these updates, Microsoft also has taken a big step towards being ready for compliance with the EU General Data Protection Regulation (GDPR).

Dive into the diagnostic data collected at the basic level here: https://technet.microsoft.com/itpro/windows/configure/basic-level-windows-diagnostic-events-and-fields

EU Policymakers and US Civil Society Groups Meet to Discuss Trans-Atlantic Privacy Issues

FPF’s Vice President of Policy, John Verdi, attended a meeting with Věra Jourová, the European Union’s Commissioner for Justice, Consumers, and Gender Equality. The meeting between EU policymakers and US civil society groups focused on an open, robust discussion of trans-Atlantic privacy issues, including the US/EU Privacy Shield program.