Clear Channel Faces New Questions Over 'Spying Billboards'
Earlier this year, Clear Channel unveiled a new outdoor advertising initiative that involves telling marketers whether their stores are visited by consumers who have viewed ads on billboards.
Jules Polonetsky, CEO of the think tank Future of Privacy Forum, tells MediaPost that Clear Channel would do a service to consumers by providing more information about how its program works. “It may not be deceptive, but it’s certainly not transparent — which is driving the concerns,” he says.
White House Releases Report on Big Data and Discrimination
Building on previous publications from the President’s Big Data Working Group in 2014 and 2015, the White House has released a new report analyzing the confluence of “Big Data” and civil rights. The report strongly supported the potential Big Data holds, lauding the benefits society stands to reap from proper data analysis. This enthusiasm was tempered by an awareness that using technology can exasperate inequities; without proper caution going forward, the blind application of technology may serve to amplify preexisting biases.
The report divides its hopes and fears over big data into two categories: problems with algorithmic inputs and the inner workings of the algorithms themselves. The first category comprises fears over the integrity of underlying data sets; cautioning that data sets which are incomplete, outdated or unrepresentative may perpetuate their errors or biases when used as algorithmic grist. The second category addresses opaque and increasingly complex algorithms which reject users or narrow their options based on personal data. These categories are illustrated by case studies in credit access, education, employment and criminal justice.
For direction, the report seeks further conversation between market participants, academia, the government, and the public on data ethics. Specifically, the report emphasizes due process in data-based decisions, including allowing users to correct data and implementing an appeals process for those affected by these decisions. The administration hopes that the end result of this discussion will be an algorithmic best practices which is transparent and equitable.
FPF has been an early and eager participant in this discussion and was pleased to see the report’s appreciation for the potential of Big Data. In dealing with the risks of discrimination posed by realization of Big Data’s potential, FPF sees strong data ethics framework as a necessary and effective addition to the raw potential of technology. Read about FPF’s ethics work for an understanding of the latest scholarship in this promising area.
Radio Interview – Lauren Smith, FPF Policy Counsel, Discusses the "Textalyzer"
Today, Lauren Smith, FPF Policy Counsel, joined The Takeaway to discuss the legal issues behind the “Textalyzer,” a technology that can tap into a driver’s phone, and whether or not it is the best deterrent to prevent texting and driving.
Challenges with the Implementation of a Right to be Forgotten in Canada
Today, Eloïse Gratton, Partner and National Co-Leader, Privacy and Data Security Practice Group, Borden Ladner Gervais LLP, and Jules Polonetsky, CEO, Future of Privacy Forum, filed a joint-submission paper to the Office of the Privacy Commissioner of Canada (OPC), as part of their consultation and call for essays on online reputation ending today (April 28, 2016). The OPC has recently chosen reputation and privacy as one of its priorities for the next five years and is currently focusing its attention on the reputational risks stemming from the vast amount of personal information posted online and on existing and potential mechanisms for managing those risks. In January 2016, the OPC published a discussion paper, entitled “Online Reputation, What are they saying about me?” in which it asks if a right to be forgotten can find application in the Canadian context and if so, how.
The Future of Privacy Forum and EY Examine Speech Recognition and Smart Devices in New Paper
FOR IMMEDIATE RELEASE
April 28, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
THE FUTURE OF PRIVACY FORUM AND EY
EXAMINE SPEECH RECOGNITION AND SMART DEVICES IN NEW PAPER
Washington, DC – Today, the Future of Privacy Forum (FPF), in collaboration with Ernst & Young LLP, released Always On: Privacy Implications of Microphone-Enabled Devices, a new paper that explores how speech recognition technology fits into a broader scheme of “always listening” technologies. The paper identifies emerging practices by which manufacturers and developers can alleviate privacy concerns and build consumer trust in the ways that data is collected, stored, and analyzed.
Is your Smart TV listening to your conversations? Are your children’s toys spying on your family? These types of questions are increasingly raised as the next generation of internet-connected devices enter the market.
“While we work to ensure that the appropriate privacy protections are in place, it is important to remember that the benefits of speech recognition are undeniable,” said Jules Polonetsky, CEO, FPF. “Hands-free control of technology improves the lives of people with physical disabilities, makes healthcare and other professional services more efficient through accurate voice dictation, enhances automobile safety, and makes everyday tasks more convenient.”
“Increasingly ‘smart’ devices challenge the product development lifecycle,” said Sagi Leizerov, an Executive Director with Ernst & Young LLP and EY’s Global Privacy leader. “The implications of new features, how those features should be made known to impacted individuals, the decision of what the default setting should be and what privacy controls should be provided, are at the heart of building trust when adopting additional ‘Internet of Things’ solutions in the daily lives of consumers.”
FPF and EY conclude that the colloquial term “always on” is often not an effective way to describe the range of technologies that use audio and video recording hardware. Instead, three general categories of microphone-enabled devices are proposed:
(1) manually activated (requiring a press of a button, a flip of a switch, or other intentional physical action);
(2) speech activated (requiring a spoken “wake phrase”); and
(3) always on devices (devices, such as home security cameras, that are designed to constantly transmit data, including devices that “buffer” to allow the user to capture only the most recent period of time).
“Ultimately, companies should keep consumers’ expectations in mind when designing the default frameworks of a device,” said Stacey Gray, Legal and Policy Fellow, FPF. “Our expectations will evolve more quickly in some areas than others, and so the manufacturers of devices that are introducing microphones for the first time—like televisions and toys—should go the extra distance to provide additional transparency and in many cases greater levels of control and choice.”
###
The Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices. FPF includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups. Learn more about FPF’s work by visiting www.fpf.org.
Always on: Privacy Implications of Microphone-Enabled Devices
Is your smart TV listening to your conversations? Are your children’s toys spying on your family?
These questions are being raised as the next generation of Internet-connected devices enters the market. Such devices, often dubbed “always on,” include televisions, cars, toys and home personal assistants, many of which now include microphones and speech-recognition capabilities.
Voice is an increasingly useful interface to engage with our devices. Consider the Amazon Echo, which can be activated by spoken command (“Alexa”), Mattel’s Hello Barbie, or Apple’s familiar personal assistant Siri, which can be activated by spoken command (“Hey, Siri”). The growing prevalence of voice as the primary way to interact with devices enables companies to collect, store and analyze increasing amounts of personal data. But consumers don’t always understand when and in what ways these devices are actually collecting information.
FPF Testifies at NHTSA Meeting on Autonomous Vehicles
Lauren Smith, FPF Policy Counsel, testified today at the National Highway Traffic Safety Administration’s (NHTSA) second public meeting on autonomous vehicles. The NHTSA is seeking input on planned guidelines for the safe deployment and operation of automated vehicles.
Lauren’s testimony focused on the benefits of autonomous vehicles and the importance of proper data management. “The benefits for facilitating the deployment of autonomous vehicles are so compelling and policymakers should be doing all they can to smooth and speed the way for these technologies to improve as quickly as possible,” Lauren stated. “Applying current best practices around data privacy, paired with existing federal enforcement mechanisms, should facilitate, not stall, this opportunity.”
University of Amsterdam's Summer Course on Privacy Law and Policy
The University of Amsterdam’s Institute for Information Law (IViR) is accepting applications for its fourth annual Summer Course on Privacy Law and Policy which will be held from July 4-8, 2016. The course focuses on privacy law and policy related to the internet, electronic communications, and online and social media and explores both the broader trends and the most recent developments in this rapidly changing field. The course will be held in De Rode Hoed, a historic building on one of Amsterdam’s most beautiful canals. The interactive seminars will be led by distinguished European and US academics, regulators and practitioners who will investigate the EU and US legal frameworks and how they operate together. Enrollment is limited to 25 participants.
FPF Asks Lawmakers: "Send a Message to States that Privacy is a Priority"
FPF supported Data Quality Campaign’s (DQC) recent initiative to bring an important issue about student privacy to the attention of lawmakers. Signing on with DQC and 20 other educational and privacy groups, FPF agrees that it is critical that states have the resources they need to ensure adequate privacy protection for student data. Since states already receive some federal funding to support their State Longitudinal Data Systems (SLDS), one way for them to fund a central responsibility for privacy concerns is to be allowed to use those funds.
As Rachel Andersen at DQC summarizes:
The letter asks Congress to make hiring a data privacy professional an allowable use for states with their federal State Longitudinal Data Systems program funds, using an existing set aside within the program, which Congress established several years ago through the appropriations process and has continued on an annual basis. This existing set aside permit funding for staff focused on “data coordination, quality, and use.” This letter asks Congress to add “privacy protection” to these enumerated activities.
The proposed change would simply allow states the option of using the program’s current “data coordination, quality, and use” set aside for privacy protection activities as well. This new allowable use would be completely optional for states and would grant them more freedom to fund a privacy professional position if they choose.
The opportunity to use these funds for privacy would be available for all states and there is absolutely no requirement that states do anything or give up anything they’re already funding. Even if states were to take advantage of the new allowable use, they might elect to use only a small share of the funding for a privacy person.
In short, we are requesting more flexibility for states who want to use SLDS funds they are already receiving for privacy capacity, there are no obligations for anyone.
Why Does this Issue Matter?
As states and the federal government continue to propose laws (including possible amendments to the Family Educational Rights and Privacy Act (FERPA) and the Strengthening Education Through Research Act (SETRA)) to help safeguard student’s data, states also need the internal capacity to properly understand, develop, and implement strong privacy policies and practices. The funding use flexibility proposed in this letter could help states implement and support good privacy protections for their students and their families.
Many states do not have an individual who has been tasked with leading the state’s education data privacy activities. But the level of discussion and legislation in states (over 400 student data privacy bills have been considered in states since 2014!) shows us how much states want to build capacity and expertise to ensure they are safeguarding students’ privacy. This request is one way to help them do this.
Why This Particular Ask?
States often look to the “allowable uses” when they are considering how to use program funds. Adding privacy as an allowable use in this SLDS set aside would be an important signal to states that privacy coordination activities/personnel are a priority and that these SLDS funds can help.
Currently many states use this set aside for EdFacts or NAEP coordinators to help handle their state’s data management and quality. Expanding the data set aside to allow states to hire privacy coordinators as well is a natural extension of the existing option.
There are certainly other ways we all can and should continue this conversation about how to build privacy capacity and resources in states. The request in this letter is just one more way to help get states the capacity they need.
FPF is pleased to join in this “ask” to federal policymakers to send a clear message to states that privacy is a priority in the collection and use of student data – and to provide an avenue to the resources to support it.
A Visual Guide to Practical Data De-Identification
For more than a decade, scholars and policymakers have debated the central notion of identifiability in privacy law. De-identification, the process of removing personally identifiable information from data collected, stored and used by organizations, was once viewed as a silver bullet allowing organizations to reap data benefits while at the same time avoiding risks and legal requirements.
However, the concept of de-identification has come under intense pressure to the point of being discredited by some critics. Computer scientists and mathematicians have come up with a re-identification tit for every de-identification tat. At the same time, organizations around the world necessarily continue to rely on a wide range of technical, administrative, and legal measures to reduce the identifiability of personal data to enable critical uses and valuable research while providing protection to individuals’ identity and privacy.
The debate around the contours of the term personally identifiable information, which triggers a set of legal and regulatory protections, continues to rage, with scientists and regulators frequently referring to certain categories of information as “personal” even as businesses and trade groups define them as “de-identified” or “non-personal.”
The stakes in the debate are high. While not foolproof, de-identification techniques unlock value by enabling important public and private research, allowing for the maintenance and use – and, in certain cases, sharing and publication – of valuable information, while mitigating privacy risk.
* * *
Omer Tene, Kelsey Finch and Jules Polonetsky have been working to address these thorny issues in a paper titled Shades of Gray: Seeing the Full Spectrum of Practical Data De-Identification. The paper is published in the Santa Clara Law Review.
