New Swire-FPF Report: U.S. Surveillance Law, Safe Harbor, and Reforms Since 2013
In the wake of critical decisions being handed down by the EU concerning the Safe Harbor laws (Schrems case) and U.S. Surveillance practices, Professor Peter Swire and the Future of Privacy Forum today have released a report titled “U.S. Surveillance Law, Safe Harbor, and Reforms Since 2013.”
The new report responds to two requests to Swire bythe Belgian Privacy Commission: (1) explain whether U.S. surveillance law is fundamentally compatible with E.U. law, in the wake of the Schrems case striking down the EU/US Safe Harbor; and (2) explain U.S. reforms since the Snowden revelations began in 2013.
Swire will deliver his report December 18, speaking remotely, to a conference hosted by the Belgium Privacy Commission, which is studying these issues for the broader group of European privacy regulators in the Article 29 Working Party. The agenda is at: https://www.privacycommission.be/en/events/forum-consequences-judgment-schrems-case.
The Swire study addresses serious misunderstandings of U.S. national security laws, which were reflected in official statements made in the Schrems case. The soon-to-be released report covers three critical areas:
(1) The fundamental equivalence of the United States and EU member States as constitutional democracies. In the Schrems decision, the US was criticized for failing to ensure “a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order.” This chapter critiques that finding, instead showing that the United States has strict rule of law, separation of powers, and judicial oversight of law enforcement and national security surveillance.
(2) The Section 702 PRISM and Upstream programs are reasonable and lawful responses to changing technology. The Advocate General’s opinion in the Schrems case said that the PRISM program gave the NSA “unrestricted access to mass data” stored in the U.S., and that Section 702 enabled NSA access “in a generalised manner” for “all persons and all means of electronic communications.” This chapter refutes those claims. Instead, Section 702 operates with judicial supervision and subject to numerous safeguards and limitations.
(3) The U.S. Congress and executive branch have instituted over two dozen significant reforms to surveillance law and practice since 2013. The Schrems decision said that U.S. privacy protections must be evaluated in the “current factual and legal context,” but disregarded the numerous changes put in place since 2013. This chapter provides a readable explanation of each of these actions, which together constitute the biggest set of pro-privacy actions in U.S. surveillance law since creation of the Foreign Intelligence Surveillance Act in 1978.
Peter Swire is the Huang Professor of Law and Ethics at the Georgia Tech Scheller College of Business, a Senior Counsel to Alston & Bird LLP, and Senior Fellow of the Future of Privacy Forum. He served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology.
About FPF
The Future of Privacy Forum (FPF) is a Washington, D.C.-based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups. For more information, visit www.fpf.org
Privacy Papers for Policymakers
*Update: We will be LIVE-streaming this event! * Live streaming will begin at 5:30 PM ET on Wednesday, January 13th, 2016. CLICK HERE to view the Live Stream. (video and/or audio may appear as “disconnected” until 5 minutes before event begins)
The Future of Privacy Forum invites you to
“Privacy Papers for Policy Makers”
A discussion of leading privacy research
Opening Remarks by:
Dr. Lorrie Faith Cranor, Chief Technologist, U.S. Federal Trade Commission
Paper presentations by:
Prof. Arvind Narayanan, Princeton University Department of Computer Science
Paper: A Precautionary Approach to Big Data Privacy
(written with co-authors Prof. Joanna Huey and Prof. Edward Felten, Princeton University)
Dr. Florian Schaub, Carnegie Mellon University School of Computer Science,Dr. Rebecca Balebako, RAND Corporation, and Adam Durity, Google
Paper: A Design Space for Effective Privacy Notices (written with co-author Dr. Lorrie Faith Cranor)
Prof. Ryan Calo, University of Washington School of Law
Paper: Privacy and Markets: A Love Story
Prof. Neil Richards, Washington University School of Law
Paper: Taking Trust Seriously in Privacy Law (written with co-author Prof. Woodrow Hartzog, Samford University’s Cumberland School of Law)
Prof. Peter Swire, Georgia Tech Scheller College of Business
Paper: Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy (Testimony before the Senate Judiciary Committee, July 8, 2015)
Prof. Joel R. Reidenberg, Center on Law and Information Policy, Fordham University
Paper: The Transparent Citizen
Closing Remarks by Special Guest:
Julie Brill, FTC Commissioner
Our presenters were selected by FPF’s Advisory Board as having written the articles and papers that should inform any conversation about privacy among policymakers in Congress, as well as at the Federal Trade Commission and other government agencies in 2016. To view and read their papers, visit: https://fpf.org/2015/11/19/what-privacy-papers-should-policymakers-be-reading-in-2016/.
January 13, 2016 | 5:30 – 7:30 PM
Microsoft Innovation & Policy Center
901 K Street Northwest, 11th Floor Washington, DC 20001
Reception to Follow
This event is intended to comply with applicable Congressional and Executive branch gift rules. Contact us with any questions.
Privacy Papers for Policymakers 2015 is sponsored by AT&T, Tune, and Microsoft
Beyond IRBs: Designing Ethical Review Processes for Big Data Research
Kicking off a great event this morning, Beyond IRBs: Designing Ethical Review Processes for Big Data Research, with over 60 of the country’s top academics and industry researchers. Thoughtful Key Note remarks from Professor Ryan Calo, from the University of Washington School of Law, have framed the conversation today around how best to create incentives in the private sector to work with privacy-conscious consumers, and how to learn from the criticisms of IRBs while benefiting from the wisdom of traditional models.
Our morning Firestarters, Joshua Fairfield and Margaret Hu, Professors at Washington & Lee School of Law, are now bringing the Workshop into full swing with a provocative guided discussion around the ethical obligations of informed consent to privacy policies.
Professor Ryan Calo, University of Washington School of Law
Jules Polonetsky, Executive Director, Future of Privacy Forum
Facial Recognition and Privacy
Facial Recognition is an exciting technology that promises a host of consumer benefits but also raises a range of privacy concerns. In order to help advance policy discussions around different uses of “computer vision,” we are releasing today a Facial Recognition Discussion Document. We hope the background review of current legal and policymaker guidance is informative and that the principles set forward can lead to fruitful debate and discussion. Technology, business models, and policy are still developing in this area and thoughtful discussions among technology and policy experts will be essential to establishing privacy norms that incorporate Fair Information Practice Principles and support responsible uses of facial recognition technologies.
We will be seeking input from different business sectors, leading academics and advocacy groups as we continue our work in this area. We welcome your thoughts and feedback at [email protected].
To read the Facial Recognition Discussion Document, click here.
Future of Privacy Forum Statement Regarding Electronic Frontier Foundation Student Privacy Complaint
In response to the allegations made today that Google has violated commitments of the Student Privacy Pledge (SPP), FPF Executive Director Jules Polonetsky issued the following statement:
“We have reviewed the EFF complaint but do not believe it has merit. Chrome Sync is a setting within the control of the school IT administrator, and can also be changed by parents or students. This feature allows students to log in at home or at a library and have access to their school bookmarks, favorites and other settings. Since Chromebooks may be shared among students in school (with password-protected accounts for each student using that particular hardware device), many schools rely on Sync so that multiple students have ready access to their accounts and settings on the same device. We understand that any data collected is not used for behavioral advertising and all other data uses are aggregated and anonymous. The Chrome Sync setting is a general feature of all Chromebooks, whether purchased by schools or the general public. We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.”
White House Steps Up APEC-EU Interoperability Push
Former FPF’er Josh Harris provides some insights on the APEC-EU privacy interoperability project. “…the White House released a fact sheet detailing the outcomes of this year’s APEC meetings and highlighting the interoperability project as a key outcome that should be continued and expanded.” Check out the full article here and if you want to know even more, Hilary Wandall, Chief Privacy Officer at Merck and Melinda Claybaugh, Counsel for International Consumer Protection at the Federal Trade Commission will be joining Josh Harris to talk about this topic in a webinar on December 9th.
What Privacy Papers Should Policymakers be Reading in 2016?
Each year, FPF invites privacy scholars and authors to submit articles and papers to be considered by members of our Advisory Board, with an aim toward showcasing those articles that should inform any conversation about privacy among policymakers in Congress, as well as at the Federal Trade Commission and in other government agencies. For our sixth annual Privacy Papers for Policymakers, we received submissions on topics ranging from mobile app privacy, to location tracking, to drone policy.
Our Advisory Board selected papers that describe the challenges and best practices of designing privacy notices, ways to minimize the risks of re-identification of data by focusing on process-based data release policy and taking a precautionary approach to data release, the relationship between privacy and markets, and bringing the concept of trust more strongly into privacy principles.
Our top privacy papers for 2015 are, in alphabetical order:
These papers illuminate concerns that will continue to drive privacy debates in 2016. We look forward to celebrating the formal release of FPF’s Privacy Papers for Policymakers digest at an event with the authors the evening of January 13th, 2016. Save the date–more details to come!
We also want to thank Microsoft, EY, AT&T, and TUNE for their special support of this project. And we thank the scholars, advocates, and Advisory Board members that are engaged with us to explore the future of privacy.
Panelists Debated Materiality and Privacy Harms under the FTC’s Section 5
On November 5, the Future of Privacy Forum and Washington & Lee University School of Law co-hosted a panel on the Future of Section 5 of the FTC Act. The Federal Trade Commission Act permits the agency to bring civil enforcement actions under Section 5 against companies who engage in “unfair or deceptive trade practices.” Our panel of esteemed academics and professionals included David Vladeck (Professor of Law, Georgetown University Law Center), James Cooper (Director of Research and Policy, George Mason University School of Law, Law and Economics Center), Joshua Fairfield (Professor of Law, Washington & Lee University School of Law), and Margaret Hu (Assistant Professor of Law, Washington & Lee University School of Law). The panelists engaged in an hour of lively discussion about the nature of recent FTC rulings under this authority, and expectations for companies in the future.
Much debated among the panelists was the issue of materiality, or the requirement under the FTC Act that unfair trade practices be “material” to consumers before the FTC can bring an enforcement action. Only days after the Supreme Court heard oral arguments in Spokeo, Inc. v. Robins—a case about whether a man was harmed by having false information published about him online—this topic of privacy-related harm was on everyone’s mind. The Schrems Safe Harbor case from the European Court of Justice was also mentioned as it might relate to determining harm in the future.
The panelists diverged in their reactions to the FTC’s recent enforcement action against Nomi Technologies, a consumer analytics company that provided retailers with the technology to track in-store consumers by collecting their cell phone MAC addresses. At issue was the fact that Nomi’s privacy policy promised consumers the ability to opt out of the tracking—either online or in-store—but did not provide the in-store option. While Professor Vladeck called the case a “classic right to lie,” James Cooper called for empirical economic studies to determine when and how consumers are harmed. The key questions—how can something we all agree no one reads (a privacy policy) influence consumer behavior, and does that matter in terms of enforcement of companies’ public statements?—didn’t have an easy answer.
On the subject of types of cases the FTC brings and will continue to bring, Professor Vladeck noted that the FTC brings cases to make a point, and to keep the marketplace free of deception and unfair practices for the sake of both consumers and businesses. In the winning analogy of the night, he stated: “The FTC’s principal role is to be the gym teacher at the prom.”
Following the panel, the Future of Privacy Forum was delighted to host an Open House Reception to welcome everyone to its new offices, and to celebrate its new partnership with Washington & Lee University School of Law. Thank you to everyone who joined, and we hope to see you again soon!
Panelists (left to right): Professor Margaret Hu, James Cooper, Professor David Vladeck, and Professor Joshua Fairfield.
Left to right: Jules Polonetsky (Executive Director and Co-chair, Future of Privacy Forum), Dean Brant Hellwig (Washington & Lee School of Law), and Christopher Wolf (Founder and Co-chair, Future of Privacy Forum)
FTC's Cross Device Workshop to be held on Monday, Nov. 16th
On Monday, the FTC will be holding a workshop on cross-device tracking: how and why the advertising and marketing industries are using emerging technologies to track individual users across platforms and devices.
In the first decades of the Internet, the predominant method of state management–the ability to remember a unique user over time–was the cookie. However, because of how cookies operate, via the web browser placing a data file onto a user’s hard drive, this model is becoming increasingly ineffective at tracking user behavior across different browsers and devices. The fact that modern users are now accessing online content and resources through a broadening spectrum of devices–e.g. laptop, smartphone, tablet, watch, wearable fitness tracker, television, and other internet-connected home appliances–is creating a real challenge for advertisers and marketers who seek to holistically analyze consumer behavior. In this report, we explain the challenges and some of the emerging technological solutions, each of which presents nuanced differences in privacy benefits and concerns.
SCHOOL VENDORS LEGALLY COMMIT TO USE STUDENT DATA ONLY FOR APPROVED EDUCATIONAL USES
WASHINGTON, D.C. – Thursday, November 12, 2015 – The Future of Privacy Forum (FPF) and Software & Information Industry Association (SIIA) today announced that the Student Privacy Pledge, endorsed by President Obama, the National PTA and the National School Boards Association, now has the support of 200 companies serving millions of students.
The legally binding commitments in the Pledge can be enforced by the Federal Trade Commission and State Attorneys General. All participating companies and organizations are listed online at www.studentprivacypledge.org.
The Pledge is a list of 12 commitments school service providers have made to affirm K-12 student data is maintained in a secure, private and responsible framework.
The Pledge was developed by the FPF and SIIA in October 2014 with guidance from school service providers, educator organizations, and parent groups following collaboration with U.S. Representatives Jared Polis (CO) and Luke Messer (IN).
“Companies that serve students understand that they must maintain the trust of parents, students and teachers,” said Jules Polonetsky, Executive Director, FPF. “Although many states are passing new laws to govern student privacy, the Pledge plays a key role in setting a national standard for protecting student data and ensures companies are aware of the central restrictions in statutes such as FERPA and COPPA.”
“This milestone for the student privacy pledge further demonstrates the industry’s strong commitment to protecting student data privacy. These best practices safeguarding student information are a staple of the industry and provide a legally enforceable commitment to students, parents and schools,” said Brendan Desetti, Director, Education Policy, SIIA.
In addition to the Pledge campaign, the FPF has run a series of student privacy ‘bootcamp’ training sessions for ed-tech, hosted the first-ever National Student Privacy Symposium, and issued a privacy guide for parents in partnership with the National PTA.
The Future of Privacy Forum (FPF) is a Washington, D.C.-based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups. For more information, visit www.fpf.org
About SIIA
SIIA is the leading association representing the software and digital content industries. The Education Technology Industry Network (ETIN) of SIIA serves and represents more than 200 of SIIA’s 800 member companies worldwide that provide educational software applications, digital content, online learning services and related technologies across the K-20 sector. SIIA-ETIN shapes and supports the industry by providing leadership, advocacy, government relations, corporate education, intellectual property protection, business development opportunities and critical market information.
In the wake of critical decisions being handed down by the EU concerning the Safe Harbor laws (Schrems case) and U.S. Surveillance practices, Professor Peter Swire and the Future of Privacy Forum today have released a report titled “U.S. Surveillance Law, Safe Harbor, and Reforms Since 2013.”
About Peter Swire
About FPF
