Students deserve safety measures that are evidence-based. Decisions about threats should be made by, among others, school administrators, counselors, and educators who understand students’ particular needs and circumstances. Non-evidence based protocols are more likely to trigger false alarms, fail to identify actual threats, and increase the workload on already overburdened administrators—administrators who could otherwise be doing things that actually make schools safer. And there is a model on how to do this: Utah’s 2019 school safety law found ways to bake-in evidence-based policies and privacy guardrails without hindering school safety.
Increased surveillance and data sharing without clear justification frequently overwhelms administrators with information, undermines effective learning environments, increases inequities, and can fail to promptly identify individuals who may pose genuine threats to school safety. In particular, overbroad school surveillance programs can place important data-driven school initiatives at risk: data collected to help ensure students are treated equitably under the Every Student Succeeds Act, for example, should not be repurposed in the name of school safety to harm or stigmatize those students.
Even when policies are evidence-based and don’t repurpose sensitive data in ways that break trust, without sufficient privacy and equity guardrails, certain information collected for school surveillance purposes will disadvantage particular minority groups. School safety policies must be created in an evidence-based way that avoids creating a disparate impact on vulnerable communities.
FPF invited the committee to seek answers about how privacy and equity guardrails are or are not being incorporated into state and local school safety initiatives. Prior to implementing school safety programs, officials ought to 1) find and analyze the best available evidence to inform policy; 2) perform privacy impact assessments, commonly-used and established processes for ensuring the appropriate balance between the benefits and risks of data collection and use initiatives, particularly as they related to already vulnerable communities; and 3) transparently engage with all stakeholders, including parents, students, and educators.
Statement by FPF CEO Jules Polonetsky: Facebook Case Shows It Is Time to Give the FTC Enhanced Civil Penalty Authority
WASHINGTON – July 24, 2019 –Today, the Federal Trade Commission (FTC) announced an unprecedented settlement requiring Facebook to pay $5 billion in civil penalties, create new accountability and compliance mechanisms, and imposing additional injunctive relief. The settlement stems from violations of a 2012 order.
The $5 billion penalty is more than 15 times larger than the previous record penalty levied by the FTC for a privacy violation. It is one of the largest penalties issued by a US government agency in any context. The fine is more than twice the financial penalty that could be imposed by an EU regulator under the General Data Protection Regulation.
But today’s record settlement masks a major gap in the FTC’s enforcement authority – the Commission doesn’t typically have fining authority for privacy violations, unless it is enforcing an existing order (as with Facebook) or invoking specific statutes (such as the Children’s Online Privacy Protection Act).
In fact, in many privacy cases the FTC has trouble even getting refunds for consumers. That’s because many companies provide online products and services for free – so it’s difficult to prove a financial loss. In those privacy cases, the FTC should have fining authority; it would create effective, proportionate deterrence and ensure that bad actors are held accountable – even when they don’t charge consumers a fee for services.
The time has come to give the FTC civil penalty authority. Preferably, this would be accomplished by Congress as part of a comprehensive new national privacy law that also gives consumers meaningful control over how their information is used.
The FTC also needs more resources so it can conduct more privacy investigations faster, while maintaining a high level of technical and legal competence. Real oversight of the Facebook settlement will require FTC staff resources and time to be effective. That funding could be provided by Congress this year through the appropriations process.
If Congress wants stronger incentives for compliance and more responsive investigations, it needs to give the FTC civil penalty authority for privacy violations and more tech and investigative resources now. There is no reason to wait.
Future of Privacy Forum is a global non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
The US, China, and the Risks of Cutting Global Data Flows
Peter Swire published an op-ed for the French newspaper Le Monde that discusses the Court of Justice for the European Union’s decision as to whether U.S. surveillance practices violate the fundamental rights of EU citizens under GDPR. Swire argues that if the U.S is deemed to be in violation, thereby causing transatlantic data flows to be blocked, then data flows between the EU and China should also be blocked.
An English translation of the piece is available here. The original piece is available in French here.
You can read an annotated bibliography for the piece here.
Peter is an FPF Senior Fellow and Elizabeth and Tommy Holder Chair and Professor of Law and Ethics at the Georgia Tech Scheller College of Business.
New Privacy Tech Industry Attracts Massive Funding
Privacy Tech Alliance connecting researchers and entrepreneurs to analysts, customers, VCs
WASHINGTON – July 11, 2019 – One Trust’s announcement today of a $200 million Series A investment, which follows yesterday’s announcement by TrustArc of a $70 million Series D round, demonstrates the arrival of a new industry sector for privacy protection technologies.
“Investors have noticed that business is booming for companies in the privacy technology space,” said Jules Polonetsky, CEO of the Future of Privacy Forum and a co-founder of the Israel Tech Policy Institute. “Innovative technology must be part of the solution for companies and government agencies that want to use data and be sensitive to individual privacy.”
The Israel Tech Policy Institute, in conjunction with the Future of Privacy Forum, launched the Privacy Tech Alliance to promote the market for privacy protective technologies internationally, facilitate the development of new tech, and maximize value for innovators and investors. The global nature of privacy regulation – from GDPR to the California Consumer Privacy Act – is spurring innovative technologies and a new industry sector is rising around technologies that help companies use data while protecting privacy, such as homomorphic encryption and de-identification.
“The Privacy Tech Alliance is supporting diverse companies bringing privacy-enhancing technology to market,” said Limor Shmerling Magazanik, Managing Director of the Israel Tech Policy Institute. “Many of these companies also offer compliance solutions to help their customers navigate an increasingly complex regulatory environment around privacy.”
OneTrust and TrustArc join eleven other leading global tech vendors who have joined the Privacy Tech Alliance Advisory Board. Founding members of the Privacy Tech Alliance Board include Anonos, BigID, D-ID, Duality, Immuta, Nymity, OneTrust, Privacy Analytics, SAP, Truata, TrustArc, WireWheel, and ZL Tech.
For companies large and small, drafting policies and managing excel sheets no longer suffice to oversee complex global data operations. To scale data governance and privacy program management, companies in every sector of the economy must turn to privacy governance systems and tools. Such tools serve multiple governance needs, including data mapping, data protection impact assessments, consent and cookie management, data storage and retention, identity management and authentication, and more. In addition to privacy program management tools, researchers, scientists and entrepreneurs are innovating privacy enhancing technologies, including tools for de-identification, encryption, obfuscation, blockchain, and more.
This week’s notice by the UK Information Commissioner of its intention to fine Marriott Hotels and British Airways $130 million and $230 million respectively vividly illustrates the rising stakes for organizations that wrestle with an increasingly complex regulatory environment for privacy and data protection, including Europe’s GDPR and California’s CCPA.
Future of Privacy Forum is a global non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
About the Israel Tech Policy Institute
Israel Tech Policy Institute is an incubator for tech policy leadership and scholarship, advancing ethical practices in support of emerging technologies. Learn more about ITPI by visiting www.techpolicy.org.il.
Education, Privacy, Disability Rights, and Civil Rights Groups Send Letter to Florida Governor About Discriminatory Student Database
WASHINGTON, DC – Today, the Future of Privacy Forum and 32 other education, disability rights, privacy, and civil rights organizations sent a letter to Florida Governor DeSantis, urging him to postpone the implementation of Florida’s proposed school safety database. FPF is deeply concerned that the program will be used to label students as threats based on data that has no documented link to violent behavior, such as data on disabilities or those seeking mental health care. The signatories urged Governor DeSantis to immediately halt the state’s construction of this database and, instead, create a commission of parents, students, and experts on education, privacy, security, equity, disability rights, civil rights, and school safety, to identify measures that have been demonstrated to effectively identify and mitigate school safety threats.
Education Weekrecently detailed the types of information to be collected in Florida’s planned database. The categories discussed included children who have been victims of bullying based on protected statuses such as race, religion, disability, and sexual orientation; children who have been treated for substance abuse or undergone involuntary psychiatric assessments; and children who have been in foster care, among others.
“Through policy, Florida is saying that students who have been bullied and harassed are threats, making it less likely that those students will report bullying and receive the help they need,” said Amelia Vance, Director of the Education Privacy Project at FPF. “It is especially troubling that the database has no retention or deletion requirements – meaning that Florida is creating a literal permanent record that could follow students around their whole life.”
The letter asks the Governor to pause the database’s implementation – due to be launched August 1, 2019 – and create a commission of experts to determine whether a state database would actually help to identify school safety threats and would not pose undue harm to students, and identify the legal, ethical, privacy, and security parameters that should be an integral part of this database. If Governor DeSantis is not willing to do that, signatories requested that he require the state to provide public information about the database’s data governance, enumerate the data that will be included, share how parents can access and, if needed, contest the information and inferences about their child in the database, and provide a public commitment to abide by all federal and state privacy and non-discrimination laws.
The Future of Privacy Forum is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
Florida Council of Administrators of Special Education
Florida League of Women Voters
Future of Privacy Forum
Intercultural Development Research Association
Learning Disabilities Association of America
Learning Disabilities Association of Florida
Mental Health America
Mental Health Association in Indian River County, Florida, a proud affiliate of Mental Health America
National Association of Councils on Developmental Disabilities
National Center for Learning Disabilities
National Center for Youth Law
The National Council on Independent Living
National Disability Rights Network
Public Advocacy for Kids
School Social Work Association of America
SPLC Action Fund
TASH
Sidewalk Labs Releases Detailed Plans for Collaboration with City of Toronto on Quayside Smart City Project, Including Proposed Privacy and Data Protection Framework
By: Suzie Allen
Experts Highlight Data Protection Safeguards, Opportunities, and Risks
“Master Innovation and Development Plan” will be Vetted by City Residents, Officials
Last week, Sidewalk Labs unveiled its proposed “Master Innovation and Development Plan” (MIDP) for Sidewalk Toronto, a project that would design a smart city district in Toronto’s Eastern Waterfront. The proposal will be considered by the government and other stakeholders in the coming months to determine whether to move forward with the project. This proposed public-private partnership between Sidewalk Labs and Waterfront Toronto seeks to promote affordability and sustainability while reducing climate impact and creating new mobility solutions, such as by prioritizing mass transit and pedestrians over vehicles.
The MIDP as proposed contemplates substantial data collection and use; it also proposes a range of signifcant legal, technical, and policy controls to mitigate privacy risks and promote data protection. In the coming year, Toronto residents and officials will analyze the MIDP and work with Sidewalk Labs and Waterfront Toronto to identify aspects of the proposal that could be modified to promote benefits and reduce risks.
Background
Quayside: The Quayside site in Toronto covers 12 acres of land that is primarily managed by Waterfront Toronto, a tri-government organization funded by the Government of Canada, the Province of Ontario, and the City of Toronto. Sidewalk Labs has proposed a development plan that includes elements of user-centric design and seeks to promote the health and well-being of residents. For example, Quayside’s streets will prioritize transit, cycling, and walking instead of a car-centered design and the city will have a thermal grid for fossil-free heating and cooling. The plan also articulates inclusiveness for indigenous populations, individuals with disabilities, and other members of the community as a goal of the design.
Scale: The Sidewalk Labs proposal includes the 12-acre Quayside site, as well as additional land on Toronto’s Eastern Waterfront over approximately a 20 year period. Public engagement around the Quayside site and the development of the MIDP stretches back to November 2017, and has involved “dozens of meetings with local experts, non-profits, and community stakeholders; and the research, engineering, and design work of more than 100 local firms.”
Roles and Responsibilities: If the MIDP is approved, Sidewalk Labs would have three main roles in developing Quayside: 1) developing real estate and infrastructure systems through partnerships with local developers; 2) providing advisory, technical, and management services to the District Administrator; and 3) serving as a technical advisor, purchasing technology from or partnering with third parties rather than building the technology itself.
Process and next steps: Waterfront Toronto plans to consult with the public and receive feedback on the MIDP. Once this is complete, Waterfront Toronto will take the evaluation and make a recommendation to the Investment Real Estate and Quayside (IREQ) Committee, which will make a recommendation to the Waterfront Toronto Board of Directors. The Board will then decide whether, and how, to continue to the next phase by deciding to pursue some, all, or none of the elements of the MIDP.
Privacy, Data Governance, and Transparency
The MIDP acknowledges that some of the urban data at the core of the Quayside effort will be personal and/or sensitive, and proposes several key measures intended to mitigate the privacy risks. The MIDP contemplates both include technical controls, such as employing hardware and software solutions that integrate privacy-protective data collection, use, and sharing into the development and operation of the Quayside site, as well as legal and organizational safeguards, such as establishing consistent and transparent processes for using urban data and independent oversight. Key measures include:
Responsible Data Use (RDU) Guidelines: The MIDP calls for the development of core, high-level principles for responsible data use that apply to all uses of personal data by Sidewalk Toronto projects. Sidewalk Labs proposed several potential starting points, including:
all technology involved in the Quayside project must have a beneficial purpose for residents;
projects will strive to minimize the amount of personal information collected and retained;
personal data that is collected will be de-identified by default and at the source — that is, on the device collecting the data — whenever possible;
data deemed to be non-personal or sufficiently de-identified will be made publicly accessible by default;
AI systems must address ethical and bias concerns; and
personal information will not be sold or used for advertising purposes without explicit consent.
Responsible Data Use Assessment: To support the implementation of the RDU Guidelines, the MIDP contemplates developing a RDU Assessment as a mechanism for public and private entities to weigh the data benefits and privacy risks of digital products and services prior to deployment. The Assessments would focus on transparency and extending protections to diverse groups and communities, in order to ensure that a particular technology or algorithmic use case does not negatively impact individuals, groups, or communities due to biased decision-making.
Urban Data Trust: Finally, the MIDP would entrust oversight and accountability of the Responsible Data Use Guidelines and Assessments to an “Urban Data Trust.” This new non-profit entity would manage urban data and technologies independent of Sidewalk Labs and Waterfront Toronto, and would oversee day-to-day digital governance of Sidewalk Toronto projects. Sidewalk Labs states the data trust concept is intended to build on existing privacy laws while providing an additional protection and review before data-related measures are permitted to go into effect. The trust would also apply to third-party data collection and use.
Since 2017, Sidewalk Labs has staked out an ambitious vision of the “city of tomorrow.” As Sidewalk Toronto would be fueled in significant part by data from and about Quayside’s residents and visitors, it is essential that clear and consistent standards for protecting personal data be built into the project from the outset. The MIDP sets out one of the most detailed urban data protection frameworks we have seen for any local development project and sets forward a model structure of municipal data. If the Sidewalk Labs proposal is ultimately approved, it could be the catalyst for similar projects throughout the world, making it imperative to keep privacy as a priority. MIDP describes an intriguing range of proposed organizational, technical, and legal safeguards, and has set the stage for continued discussions with Torontians and with stakeholders from government, industry, academia, and civil society about how to maximize the potential of urban innovation while minimizing risks to individuals and communities.
California’s AB-1395 Highlights the Challenges of Regulating Voice Recognition
Under the radar of ongoing debates over the California Consumer Privacy Act (CCPA), the California Senate Judiciary Committee will also soon be considering, at a July 9th hearing, an unusual sectoral privacy bill regulating “smart speakers.” AB-1395 would amend California’s existing laws to add new restrictions for “smart speaker devices,” defined as standalone devices “with an integrated virtual assistant connected to a cloud computing storage service that uses hands-free verbal activation.” Physical devices like the Amazon Echo, Google Home, Apple HomePod, and others (e.g. smart TVs or speakers produced by Sonos or JBL that have integrated Alexa or Google Assistant), would be included, although the bill exempts the same cloud-based voice services when they are integrated into cell phones, tablets, or connected vehicles.
Although AB-1395 seeks to address legitimate consumer privacy concerns, its core provisions likely contain pitfalls. Nonetheless, it raises important questions about the best ways to regulate privacy in the context of “listening” devices.
First, it’s clear that speech-to-text recognition has madeincredible strides in the past decade, due in large part to companies being able to train machine learning models on very large datasets of human speech. These models are not perfect–they are continuing to work on heavy accents, unusual speech patterns, and non-English speech–but they have improved dramatically in recent years. Only a few years after the first voice assistants hit the market, speech recognition has now become a common way of interacting with computers, and a game-changer for accessibility.
Notwithstanding these ground-breaking benefits, most people are justifiably wary of devices that seem to “listen,” “spy,” or retain or use data in unexpected ways. FPF explored these concerns in a 2016 White Paper, Always On: Privacy Implications of Microphone-Enabled Devices. We have also explored uses of voice recognition in Smart TVs. Sometimes privacy concerns are based on misunderstandings of how voice-activated technology works–for example, we distinguished in an Infographic on Microphones in Internet of Things (IoT) Devices, between “always on,” “voice-activated,” and “manually activated” devices, which operate and collect data differently. Other concerns are totally valid, for example those raisedby consumer privacy advocates regarding data retention defaults, design of user choices, or concerns about possible future uses of data in unexpected ways.
These issues can and should be addressed through comprehensive privacy legislation. FPF supports a non-sectoral, comprehensive federal privacy law, and in its absence has written in supportof the California Consumer Privacy Act (CCPA), which creates baseline protections for Californians that apply across sectors and types of technology, including smart speakers. For example, many companies provide options for data deletion, and this will soon be mandated as a consumer right under the CCPA. Enshrining these and other privacy rights into law, if bolstered by ongoing rule-making and effective enforcement, allows the law to set clear limits across sectors and technologies, while remaining flexible enough to adapt to evolving technology in the future. So-called “smart speakers” are a great example of this: five years ago they did not exist. Five years from now, it may already be an antiquated concept, as cloud-based voice recognition transcends the physical boundaries of standalone devices, and becomes increasingly integrated as a core feature of almost all new technology, e.g. connected cars, wearables, and outdoor smart city kiosks.
If California decides to address the narrow slice of “smart speakers,” we recommend that they take a close look at two core aspects of AB-1395 (as revised 06/26/2019) that could cause unintended consequences, or not be as effective at addressing consumer privacy concerns as intended:
Sharing Data with Third Parties. Section 22948.20(b) appears to prohibit a company from sharing transcript data with third parties, even if a user affirmatively consents and requests such sharing. This might be a drafting error and thus an easy fix, but as currently written it would outlaw many common and beneficial features of smart speakers. Many household smart speakers or “voice assistants” (e.g. Amazon Echo, Google Home, and many others) serve as a “hub” or “portal” for connecting to a user’s other devices or services. For example, a user might use a voice assistant to: turn on or off the lights, adjust the air conditioning, add something to their calendar, order take-out food, or order a taxi or shared ride. All of these examples require sharing identifiable data (an interpretation of the user’s request, e.g. “turn on the lights”). In many circumstances, owners of these devices expect this kind of data sharing to occur at their request, and on their behalf (in other words, with meaningful consent).
Retention. Section 22948.21(a) requires separate, opt-in consent for retention of voice or transcript data, and that manufacturers provide a “basic” retention-free version to customers who don’t opt in. In the context of voice recognition, access to large amounts of data has driven the rapid advancement of voice recognition in the last decade, and continues to drive product improvement–for example, as discussed above, for learning to recognize heavy accents, speech disorders, or non-English speech. However, consumer advocates are justified in their concerns about indefinite data retention as a “default,” particularly when users have limited ability to delete their data. One way to address this is through consumer deletion rights, which many leading companies provide and are mandated by the California Consumer Privacy Act (CCPA). An even better, more nuanced approach, might be to require or encourage companies to create meaningful, easier-to-use choices, such as automatic recurring deletion options (as Google recently introduced). Another common-sense privacy protection would be to require that it be possible to request data deletion through a voice request. Unfortunately, AB-1395 does not take any of these approaches, but instead creates an “all or nothing” framework for data retention. Most consumers probably want something in between–the ability to get the benefits of voice personalization (for example, if they themselves have a strong accent or unusual speech pattern), and perhaps support product improvement, but with easier, better, or more meaningful deletion options.
We hope consumer privacy will continue to be a core legislative priority in 2019 and 2020, as the United States draws closer to drafting and passing a baseline comprehensive privacy law. States that address these issues in the meantime should do so thoughtfully and with an eye towards effective regulation to address real privacy concerns while supporting the benefits of emerging technologies.
New Privacy Tech Alliance Promotes Innovative Privacy Technologies
TEL AVIV, ISRAEL – June 25, 2019 – The Future of Privacy Forum and the Israel Tech Policy Institute are launching the Privacy Tech Alliance during CyberWeek 2019, to promote the market for privacy-protective technologies internationally, facilitate the development of new technologies, and maximize value for innovators and investors.
“As the data ecosystem and regulatory requirements grow more complex, companies need technical solutions from innovators in this emerging sector,” said Jules Polonetsky, CEO of the Future of Privacy Forum and a co-founder of the Israel Tech Policy Institute. “Our goal is to encourage the social benefits of technology that allows for data-driven insights while minimizing privacy risks.”
The Privacy Tech Alliance brings together innovative startups and academics in the privacy space with companies and government agencies that need solutions and investors who see the potential upside. Startups and academic researchers are joining leading Chief Privacy Officers (CPOs) and venture capitalists to:
Define the sector and explore the products and services privacy and tech leaders need
Promote the adoption of privacy technologies by the government and the private sector
Support research and connect researchers and startups with partners and funders
Foster relationships between companies and prospective customers
“The global nature of privacy regulation means there is a growing market for privacy-protecting technologies,” said Limor Shmerling Magazanik, Managing Director of the Israel Tech Policy Institute. “Companies around the world are eager for tech-based solutions to help them comply with the EU’s General Data Protection Regulation, the California Consumer Privacy Act, and state and national rules modeled upon them.”
A recent wave of investments indicates funders see promise in privacy tech. Companies involved with the Privacy Tech Alliance in the U.S., EU, and Israel provide privacy-enhancing technology tools and privacy program management solutions, including de-identification, secure communications, homomorphic encryption, active monitoring, and data mapping and discovery.
The Privacy Tech Alliance launch will be held at 5:00 Tel Aviv time on June 25 at Camilo – The Green House, George Waze 24, Tel Aviv Jaffa, Israel 6997714. Speakers at the launch event will include:
Jules Polonetsky, CEO of the Future of Privacy Forum and co-founder of the Israel Tech Policy Institute
Omer Tene, Vice President of Research for the International Association of Privacy Professionals and a co-founder of the Israel Tech Policy Institute
Limor Shmerling Magazanik, Managing Director of the Israel Tech Policy Institute and a Senior Fellow at the Future of Privacy Forum. Ms. Magazanik will manage the Privacy Tech Alliance, which will be overseen by an Advisory Board of industry leaders and researchers.
David Hoffman, Associate General Counsel of Security Policy and Global Privacy Officer, Intel
Daniel Goroff, Vice President and Program Director, Alfred P. Sloan Foundation
Rami Kalish, General Managing Partner & Co-Founder, Pitango Venture Capital
Dr. Yair Rotstein, Executive Director of the US-Israel Binational Science Foundation
Anna Pouliou, Head of Privacy, Chanel
Lindsey Finch, Executive Vice President, Global Privacy & Product Legal at Salesforce
Alisa Bergman, Vice President and Chief Privacy Officer, Adobe Systems
Mike Yeh, Assistant General Counsel Corporate, External and Legal Affairs, Middle East and Africa, Microsoft
Florian Schaub, Assistant Professor, School of Information, University of Michigan
Companies that have joined the Privacy Tech Alliance Advisory Board include Anonos, BigID, Duality, D-ID, Immuta, Nymity, OneTrust, Privacy Analytics, Truata, TrustArc, and WireWheel.
Click here to view an archived broadcast of the event.
To learn about Privacy Technologies, visit the Resources page.
Future of Privacy Forum is a global non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
About the Israel Tech Policy Institute
Israel Tech Policy Institute is an incubator for tech policy leadership and scholarship, advancing ethical practices in support of emerging technologies. Learn more about ITPI by visiting www.techpolicy.org.il.
FPF Letter to NY State Legislature
On Friday, June 14, FPF submitted a letter to the New York State Assembly and Senate supporting a well-crafted moratorium on facial recognition systems for security uses in public schools. FPF also cautioned against overly broad bans or language that might have unintended consequences on other security programs, including some that may include biometric technology.
A targeted moratorium specifically focused on pausing the use of facial recognition systems for security purposes at public school facilities, rather than banning the use of all biometric technology prior to July 2022;
Permitting the continued operation of existing biometrics systems that do not rely on facial recognition, such as fingerprint and palm-print systems, and requiring a review of these systems; and
Analysis and reporting regarding the risks and benefits of biometric technology in schools. The report should include recommendations concerning both 1) the appropriate notice regarding the use of facial recognition systems; and 2) the appropriate level of consent applicable to such systems, if facial recognition technology is approved for future use.
FPF supports a moratorium to allow time for comprehensive study of the impact of facial recognition systems on school campuses. Our analysis of the risks and benefits of facial recognition systems suggests that an evidence-based review of widespread use of these systems in schools will likely find that the systems do not offer sufficient benefits when used for security purposes at public schools (as FPF Senior Counsel Brenda Leong discusses in this video). Although the desire to provide the highest levels of security and protection for students and school personnel is well-intentioned, it is unclear that facial recognition systems will actually make schools safer. Particularly in light of the costs of purchase, implementation, training, and maintenance, we believe the study is unlikely to find sufficient value or benefit in these systems to justify their risks and privacy impacts.
Schools may also face backlash from parents and staff who don’t want to be involved in such a system. For example, some parents who volunteer at school may wish to opt out of having their biometric information collected and stored. Although privacy best practices would require provision of an alternate method, any barrier to entry may decrease people’s willingness to volunteer or come to the school at all. For similar reasons, employees may also resist. Schools would thus incur additional costs to create alternatives for individuals who do not want to take part in a facial recognition system.
While FPF supports a moratorium on this technology, some provisions of the draft New York law contains broad language that may lead to unintended consequences. Facial recognition systems for campus security have triggered the immediate concerns, and that should be the moratorium’s target. Schools may implement facial categorization technologies in other ways that, if banned outright, would prevent or compromise current services to students. For example, schools may currently use biometric software that does not identify individuals but measures facial expressions, voice data, or gait analysis in order to help students in special education, occupational therapy, and physical therapy programs. If the ban applies broadly to all biometrics in all cases, it could unintentionally eliminate these services and programs.
Likewise, some school systems in New York have already purchased and implemented biometric systems based on fingerprints and palm prints for lunch-line efficiencies, attendance reporting, and other administrative functions. These systems are widespread throughout the country and have not typically presented high-risk factors for student privacy. Allowing these school districts to continue using these systems would prevent unnecessary costs of reverting to less-reliable technology, unless or until any risks are identified. Excessively broad language concerning biometric collection or use might even compromise the current practice of collecting the fingerprints of staff and other employees at public schools in order to run background checks, an outcome that would actually decrease student safety.
Instituting a moratorium on facial recognition technology in schools, while permitting continued operation of other existing biometric programs would mitigate privacy risks while creating time for the state to review the risks and benefits of biometric programs for students, teachers, parents, and others. The study should, of course, consider all aspects of biometrics use and make appropriate recommendations. By allowing existing programs to continue in the interim, schools could gradually make necessary changes without negatively impacting students or services.
Finally, if the study does find appropriate uses or justifications for facial recognition systems, we recommend that the current requirement to provide appropriate notice to those affected be expanded to require appropriate consent by school employees, students, visitors, and others who might be impacted. Establishing an express consent requirement and/or options to opt out are important for protecting individual privacy.
The full FPF letter to members of the State Senate can be read here, and to members of the State Assembly here.
Ethical and Privacy Protective Academic Research and Corporate Data
Is edtech helping or hindering student education? What effect does social media have on elections? What types of user interfaces help users manage privacy settings? Can the data collected by wearables inform health care? In almost every area of science, academic researchers are seeking access to personal data held by companies to advance their work.
Data held by companies holds the potential to unlock new scientific insights that can benefit society and expand human knowledge. When responsibly shared with academic researchers, this data can support progress in medicine and public health, education, social science, and many other fields.
But access to the data needed is often unavailable due to a range of barriers – including the need to protect privacy, address commercial concerns, maintain ethical standards, and comply with legal obligations.
To help companies tackle these challenges, the Future of Privacy Forum has launched the Corporate-Academic Data Stewardship Research Alliance, a peer-to-peer network of private companies who share the goal of facilitating privacy-protective data sharing between businesses and academic researchers.
The Alliance will support data sharing efforts under way, help address and mitigate challenges that create barriers to sharing and promote practices that encourage more data sharing between industry and academic researchers. So far, more than 25 prominent companies are participating in the Alliance’s activities.
In its initial work, the Alliance has identified a number of existing barriers to data sharing and has begun to address potential solutions that support compliance with legal, policy and ethical concerns.
Alliance participants agree on the need for a common understanding of the legal landscape with regard to sharing personal information with researchers. In response, the Alliance is producing an overview of how the use and sharing of personal information for research purposes is treated in key privacy laws, as well as a paper that analyzes the legal landscape and argues that lawmakers should continue to make allowances for scientific research when drafting future privacy laws.
The Alliance has also begun work on establishing a set of best practices for sharing data for research purposes. Those best practices include data security, de-identification, vendor management, due diligence, training and education, and more. This work will likely result in a guidance document or an industry Code of Conduct.
A major barrier to data sharing identified by the participants is the lack of contractual uniformity. Research institutions, some of which are subject to state procurement rules, may require their own contractual terms. This creates scaling issues, in which the company must negotiate with each institution separately. Additionally, companies want to ensure that the contracts include provisions that address and reduce the risks (privacy, security, etc.) inherent in data sharing. Going forward, the Alliance will gather or develop model contractual terms or template agreements that all parties can agree to, with the goal of easing the negotiation process and ensuring that appropriate protections for all parties, including data subjects, are included in the written agreements.
The lack of access to an Institutional Review Board (IRB) or ethics review board is another roadblock for companies. Some companies have expressed a preference for an independent third-party that could review a range of privacy and ethical issues that go beyond what a traditional IRB might address. The Alliance will support efforts to develop effective options for independent review of data sharing and the related research purposes.
To encourage privacy protective data sharing for scientific research, the Alliance will create a new Award for Leadership in Data Stewardship and Achievement in Academic Research.
The Alliance welcomes industry participants to join our monthly calls and contribute to our work. If you are interested in learning more about the Alliance, please contact FPF Senior Fellow Mike Hintze at [email protected].
