FPF in 2021: Delivering Privacy Insights & Expert Analysis
With the last days of 2021 upon us, we wanted to take a moment to reflect on this exciting year that saw FPF expand its presence both domestically and around the globe, while producing engaging events, thought-provoking analysis, and insightful reports with real-world impact.
Growing Global Expertise
The scope of FPF’s international work continued to expand this year, as policymakers around the world are focused on ways to establish or improve privacy frameworks. More than 120 countries have now enacted a privacy or data protection law, and FPF both closely followed and advised upon significant developments in Asia, the European Union, and Latin America.
FPF saw its presence in Asia grow substantially this year with the opening of the FPF Asia-Pacific office, headed by Dr. Clarisse Girot. The FPF Asia-Pacific office will provide expertise in digital data flows and discuss emerging data protection issues in a way that is useful for regulators, policymakers, and data protection professionals. Along with the opening of the office, FPF also announced a partnership with the Asian Business Law Institute (ABLI) to support the convergence of data protection regulations and best privacy practices in the Asia-Pacific region. The Asia-Pacific office held several events in the months following its opening, including a virtual event during Singapore’s Personal Data Protection Week and an event co-hosted with the Asian Development Bank titled Trade-Offs or Synergies? Data Privacy and Protection as an Engine of Data-Driven Innovation.
Following the Indian government’s passage of regulations that placed strict rules for the removal of illegal content and automated scanning of online content, FPF published a review of the new rules and included relevant resources with more information. This year also saw FPF announce Malavika Raghavan as the new Senior Fellow for India. This appointment further expanded FPF’s reach in Asia to one of the key jurisdictions for the future of data protection and privacy law.
We released many reports and blog posts analyzing privacy legislation in the EU, Brazil, Japan, Russia, and South Korea, and elsewhere. One example was the blog post published in March by Dr. Gabriela Zanfir-Fortuna, now FPF Vice President for Global Privacy, and Regina Iminova titled, Russia: New Law Requires Express Consent for Making Personal Data Available To The Public and for Any Subsequent Dissemination. The blog provides a comprehensive background of the new law and explains the ways in which personal data rights changed following the law’s passage.
International data flows have been an important topic of discussion over the past year. Following the Schrems II decision in 2020, which had serious implications for data flows coming from the EU into the US, the FPF global team created a series of informative infographics that explains the complexity of international data flows in two distinct contexts: retail and education services.
Scholarship & Analysis on Impactful Topics
The core of FPF’s work remains focused on providing insightful, independent analysis on pressing privacy issues. 2021 saw FPF provide this important leadership through events, awards, projects, papers, and more, providing insights into issues such as academic data sharing, digital contact tracing technologies, and neurotechnologies.
For the second year, FPF recognized privacy-protective research collaboration between a company and researchers with the Award for Research Data Stewardship. The first winning project this year is a collaboration between Stanford Medicine researchers led by Tejaswini Mishra, Ph.D., Professor Michael Snyder, Ph.D., and medical wearable and digital biomarker company Empatica. The other team recognized is a collaboration between Google’s COVID-19 Mobility Reports and COVID-19 Aggregated Mobility Research Dataset projects, and researchers from multiple universities in the United States and around the globe. These projects demonstrated how privately-held data can be responsibly shared with academic researchers, supporting significant progress in medicine, public health, education, social science, and other fields.
FPF offered resources and best practices for a variety of topics this year. In August, with support from the Robert Wood Johnson Foundation, we developed actionable guiding principles to bolster the responsible implementation of digital contact tracing technologies. The principles we laid out allow organizations implementing this technology to do so in a way that takes a responsible approach to how their technology collects, tracks, and shares personal information.
It is important to take steps to ensure equity in access to DCTT and understand the societal risks and tradeoffs that may accompany its implementation. Privacy leaders who understand these risks will be better able to bolster trust in this technology within their organizations.
– FPF’s John Verdi in a recent CPO Magazine article
To better assist organizations’ shared mobility data access and reduce privacy risks in their data-sharing process, FPF and SAE’s Mobility Data Collaborative (MDC) created a transportation-tailored privacy assessment that provides practical guidance for data from ride-hailing services, e-scooters, or bike-sharing programs.
“Micromobility services can play a key role in improving access to jobs, food and health care. However, there are multiple factors for companies and government agencies to consider before sharing mobility data with other organizations, including the precision, immediacy, and type of data shared.”
– FPF’s Chelsey Colbert in a recent TechCrunch article
FPF and the Privacy Tech Alliance released a report titled, “Privacy Tech’s Third Generation: A Review of the Emerging Privacy Tech Sector,” which analyzed the evolving privacy technology market, examined trends and predictions in the field, and identified five market trends and their implications for the future. The report focused on the COVID-19 pandemic’s role in accelerating the global marketplace adoption of privacy tech.
FPF held a series of workshops focused on manipulative design with technical, academic, and legal experts to define clear areas of focus for consumer privacy, and guidance for policymakers and legislators. These workshops looked at manipulative design through a variety of different contexts including youth and education, online advertising and U.S. law, and GDPR and European law. The issue of manipulative design, transparency, and trust was also discussed during the first annual Dublin Privacy Symposium, which was hosted by FPF.
In collaboration with the IBM Policy Lab, FPF released a set of recommendations to promote privacy and mitigate risks associated with brain-computer interfaces. The report provides developers and policymakers with actionable ways this technology can be implemented while protecting the privacy and rights of its users. Following the release of the report, FPF and the IBM Policy Lab hosted an online event discussing the report and the brain-computer interface field more broadly.
FPF recognizes the need for access to personal information for independent research and for platform accountability and supports this research when it is done responsibly. In November and December, FPF hosted a series of salon dinners titled, “Promoting Responsible Research Data Access,” which brought together the many voices needed for a robust conversation on how we can unlock data for scientific research and will lead to a playbook for privacy-protective research access to corporate data.
Expanding the Conversation Around Responsible Data Use
FPF continues to convene industry experts, academics, consumer advocates, and other experts to explore the challenging issues in the data privacy field. Members of our team have also testified in front of state and national legislative bodies as experts for potential privacy legislation.
For the 11th year in a row, FPF recognized leading privacy research and analytical work with the Privacy Papers for Policymakers Award held virtually for the first time. The winners spoke on their research in front of an audience of academic, industry, and policy professionals in the privacy field. The event was headlined by a keynote address by FTC Chairwoman Rebecca Kelly Slaughter, her first major speech as then acting chair of the FTC. In her remarks, she focused on making enforcement more efficient and effective, how to protect privacy during the pandemic, and the overlap of COVID-19 and issues related to privacy.
FPF launched a new training program in 2021 focused on the use of data-driven technologies. The Understanding Digital Data Flows training program provided a deep dive into how technology and personal data are utilized in a variety of sectors. The training sessions were led by FPF experts and discussed topics including artificial intelligence, de-identification, and more. These informative trainings will continue into 2022 and the first eight sessions are already open for registration.
In the same vein, FPF released a series of insights for lawyers to understand before advising clients on issues of artificial intelligence. Among the insights were an explanation of AI’s probabilistic, complex, and dynamic nature, the importance of transparency in AI use, and the issue that algorithmic bias presents to AI users.
Laws like ECOA, GDPR, CPRA, the proposed EU AI regulation, and others are forming a legal foundation for regulating AI… As more organizations begin to entrust AI with high-stakes decisions, there is a reckoning on the horizon.
-Brenda Leong in a recent ABA Journal article
To add to the conversation surrounding COPPA and verifiable parental consent, FPF released a report outlining suggested solutions collected through research and insights from stakeholders. In the report, key friction points in the verifiable consent process are identified, which include: efficiency, accessibility, privacy and security, and convenience and cost barriers. Throughout the year, FPF collected comments from industry professionals, advocates, and academics to help identify possible solutions to untangle the challenges associated with verifiable parental consent, which will inform our work in 2022.
Following the release of a report which provided recommendations on the use of augmented and virtual reality technologies, FPF hosted XR Week, a week dedicated to ethical and privacy concerns of AR and VR technologies. The week included several events including a roundtable with expert participants and several conversations held in a virtual reality space.
During debate over Maryland HB 1062, which proposed several updates to Maryland’s Student Data Privacy Act, FPF’s Amelia Vance testified in front of the Maryland House Ways and Means Committee on the bill. In her testimony, Amelia voiced her approval of many of the proposed updates and offered recommendations on two amendments, clarifying how the bill defines “operator,” and the scope of the Council’s recommendations.
The FPF Youth & Education team released a series of resources focused on school surveillance and student monitoring. In October, the team released an infographic, “Understanding Student Monitoring,” that depicts reasons schools monitor student activity, what types of data are being monitored, and how that data can be utilized. Following reports that the Pasco County (FL) Sheriff’s Office was keeping a list of students who may be “potential criminals,” FPF released a report advocating for transparency and accountability for parents and students, FERPA compliance, and more robust privacy training for law enforcement and SROs.
Earlier this month, Stacey Gray testified in front of the U.S. Senate Finance Subcommittee on Fiscal Responsibility and Economic Growth on consumer privacy in the technology sector. Her testimony focused on the term “data brokers” and explained how third-party data processing is central to many concerns around privacy, fairness, accountability, and crafting effective privacy regulation.
The FPF team welcomed many new faces during 2021 and saw the promotion of key staff members to senior positions. John Verdi became Senior Vice President of Policy, Amelia Vance was elevated to Vice President of the Youth & Education program, Gabriela Zanfir-Fortuna was promoted to Vice President for Global Privacy, and Stacey Gray was promoted to Director of Legislative Research & Analysis. This year, the leadership team also saw the addition of Amie Stepanovich as Vice President of U.S. Policy and Rebekah Stroman as Chief of Staff. 2021 also saw us welcome Clarisse Girot, Lee Matheson, Keir Lamont, Tatiana Rice, Nancy Levesque, Payal Shah, Joanna Grama, and Jim Siegl to the FPF staff.
“The FPF team has grown to meet the need for independent privacy expertise, especially in the international, youth & education, and policy spaces,” said Jules Polonetsky, CEO of FPF. “I could not be more proud of the high-quality work that the FPF staff has produced to increase understanding of how technology impacts civil and human rights. We’re looking forward to 2022 and wish everyone a Happy Holidays and a Happy New Year.”
This is by no means a comprehensive list of all of FPF’s important work in 2021, but we hope it gives you a sense of the impact that our work had on both the privacy community and society at large. Keep updated on FPF’s work by subscribing to our monthly briefing and following us on Twitter and LinkedIn.
On behalf of the entire FPF staff we wish you a Happy New Year!