2nd Annual McGowan Forum on Ethics: The Challenge of Big Data
On October 26, 2017, John Verdi, FPF’s Vice President of Policy, served as a panelist for the National Archives Foundation’s 2nd Annual McGowan Forum on Ethics: The Challenge of Big Data. The panel discussed the ethical responsibility of those who compile and track citizens’ personal data. The conversation focused around what responsibility corporations and governments have to protect their customers and be transparent in regard to possible data hacks.
The session was moderated by Kim Hart, the Technology Editor at Axios. Other panelists included Neil Chilson, Acting Chief Technologist, Federal Trade Commission; Marc DaCosta, Co-founder and Chairman, Enigma; and Michelle De Mooy, Director of the Privacy & Data Project at the Center for Democracy & Technology.
Thank you for hosting, National Archives Foundation! You can watch full event below.
Video
TEDx Wilmington: What's Driving the Connected Car? Data, It Turns Out.
On Tuesday, October 17, 2017, Lauren Smith, FPF Policy Counsel, presented at the TEDx Wilmington Salon, Who’s in the Driver’s Seat? The Transformation of Transportation. The TEDx included an exciting line up of the leading voices in the connected car space, including FTC Commissioner Maureen Ohlhausen. Lauren’s talk was titled, What’s Driving the Connected Car? Data, It Turns Out, and emphasized the importance of responsible data management in autonomous vehicles. FPF staff and friends gathered at our offices in Washington, DC to watch Lauren’s presentation. She explained:
“I am going to argue that in a world where 94% of car crashes are caused by human error, the case is so much stronger for opting in and sharing data with your car than even your phone—something we have all already chosen to do. As with smartphones your car will need to collect information, and sometimes send it, in order to enable these features. And as with smartphones, the companies involved will need to safeguard your privacy in order for you to use and trust the technology. The truth is that yes, your car will be learning more about you, but what it learns may save your life.”
The new infographic explains how education research “is about answering questions,” “support[ing] individual students,” “inform[ing] better decisions,” “build[ing] knowledge for the future,” and helping “students and schools succeed.” The new “roadmap” resource discusses how “safeguarding student information is paramount to successful [state education agency and] research partnerships,” and provides practical tips on improving privacy and security (page 13) and engaging and being transparent with the public about state research efforts (page 11).
FPF looks forward to continuing to work with DQC on education research and student privacy issues.
DQC’s roadmap is part of a larger conversation about how best to protect student privacy while promoting data-driven research that can improve education outcomes. It is crucial for researchers to embrace privacy safeguards and review mechanisms beyond traditional institutional research boards (IRBs) in some circumstances. It is also important for researchers to articulate the value of data and communicate with stakeholders regarding privacy-protective practices. Stakeholder support can make or break data driven education initiatives. Two of the best ways to to earn stakeholder trust are to implement meaningful privacy protections and communicate effectively with the community.
FPF-CAN Speaker Series featuring Mary Madden and Michele Gilman
The FPF-Capital Area Academic Network invites you to join us for a roundtable discussion featuring Mary Madden (Researcher, Data & Society Institute) and Michele Gilman (Venable Professor of Law and Director of Clinical Education, University of Baltimore School of Law). Mary and Michele will discuss their latest research: “Privacy, Poverty and Big Data: A Matrix of Vulnerabilities for Poor Americans.”
On Wednesday, October 25, 2017, from 3:00 – 4:00pm, Mary and Michele will share their research with us and engage in a discussion about their findings. An opportunity to network with the authors and fellow attendees will follow the discussion from 4:00 – 5:00pm. Please R.S.V.P. to reserve your seat — space is limited.
This event is supported by the National Science Foundation under Grant No. 1654085
About the Research:
This Article examines the matrix of vulnerabilities that low-income people face as a result of the collection and aggregation of big data and the application of predictive analytics. It reports on original empirical findings from a large, nationally-representative telephone survey with an oversample of low-income American adults, and highlights how these patterns make particular groups of low-status Internet users uniquely vulnerable to various forms of surveillance and networked privacy-related problems. In particular, a greater reliance on mobile connectivity, combined with lower usage of privacy-enhancing strategies, may contribute to various privacy and security-related harms. The Article then discusses three scenarios in which big data—including data gathered from social media inputs—is being aggregated to make predictions about individual behavior: employment screening, access to higher education, and predictive policing. As policymakers consider reforms, the Article urges greater attention to impacts on low-income persons and communities.
About the presenters:
Mary Madden is a veteran technology researcher, writer and public speaker, having studied trends in American internet users’ behaviors and attitudes for more than a decade. She is currently leading a Data & Society initiative to understand the privacy and security experiences of low-socioeconomic status populations. Supported by a grant from the Digital Trust Foundation, the project will provide freely accessible survey data to researchers working in this area and will seek to answer key questions that can help ground current policy conversations and debates about privacy and security in the digital age.
Mary is also an Affiliate at the Berkman Center for Internet and Society at Harvard University where she has collaborated with the Berkman Center’s Youth and Media Project to apply quantitative and qualitative research methods to study adolescents’ technology use and privacy management on social media. Prior to her role at Data & Society, Mary was a Senior Researcher for the Pew Research Center’s Internet & American Life Project. She is a nationally recognized expert on privacy and technology, trends in social media use, and the impact of digital media on teens and parents. Mary is also a member of the National Cyber Security Coalition’s Data Privacy Day Advisory Committee and the Research Advisory Committee for the Future of Music Coalition’s Artist Revenue Streams Project.
Michele Gilman is the Venable Professor of Law and Director of Clinical Education at the University of Baltimore School of Law. Professor Gilman teaches in the Civil Advocacy Clinic, where she supervises students representing low-income individuals and community groups in a wide range of litigation, legislation, and law reform matters. She also teaches evidence, federal administrative law, and poverty law. Professor Gilman writes extensively about privacy, poverty, and social welfare issues, and her articles have appeared in journals including the California Law Review, the Vanderbilt Law Review, and the Washington University Law Review. She is a co-director of the Center on Applied Feminism, which works to apply the insights of feminist legal theory to legal practice and policy. She received her B.A. from Duke University, and her J.D. from the University of Michigan Law School.
The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Approximately every month, we post “The Top 10,” a blog with our top student privacy stories. This blog is cross-posted at studentprivacycompass.org.
The FTC and Department of Education are hosting a Workshop on Student Privacy and Ed Tech on December 1st to discuss open questions about how the Rule implementing COPPA applies in the school context and intersects with FERPA. The general public is invited to attend in person or via webcast. They are seeking public comments before the workshop that are due November 17.
The Data Quality Campaign released their annual report on state legislation on education data, including student privacy. According to DQC, “26 states passed 53 new laws focused on student data during the 2017 legislative session — with most legislative activity focusing on privacy concerns.” Stay tuned for FPF’s upcoming white paper diving in on this year’s new student privacy state legislative trends.
EdSurge published a great article on a recent California panel with two companies that had “high-profile breaches” in 2017, a data privacy expert, and a district representative.
Jules Polonetksy, Future of Privacy Forum’s CEO, was featured on WashingTech Tech Policy Podcast’s Episode 107. The show is hosted by Joe Miller and focuses on the top tech law and policy debates driving the tech and communications sectors. Episode 107 centered around online privacy issues and where U.S. privacy law and policy now stand in light of recent data breaches. Jules also discussed what consumers can do to protect their data. Given the recent Equifax data breach, he explained the importance of freezing your credit to prevent bad actors from opening accounts in your name. Listen to the full interview at the link below.
“The Federal Education Rights and Privacy Act (FERPA) broadly prohibits schools from disclosing student records without the written consent of the parent or student,” said Amelia Vance, FPF Policy Counsel. “In this Guide, we highlight two key best practices when responding to federal requests for student data: 1) consult legal counsel to determine your obligations; and 2) carefully align the amount and types of data you collect about students to the programs and services you provide,” said Vance.
The Guide notes that some schools collect student immigration status or other data that can be used to imply immigration status. “If schools collect student immigration status data, it is considered part of the student record and is protected by FERPA,” Vance said. The Guide explains that schools may only disclose this information with consent or in response to a valid court order or subpoena.
In addition to the Guide, FPF has released an accompanying blog with a list of supplemental resources and articles.
###
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
Law Enforcement Access to Student Records: What Is the Law?
By Mia Little and Amelia Vance
In the current political climate, schools have expressed a great deal of concern about government agencies – including law enforcement – requesting student data in order to identify and deport undocumented students. With the repeal of the Deferred Action for Childhood Arrivals (DACA) program last month, it is important that schools – and the companies that serve them – understand their legal options and when they may be required to disclose student personal information to law enforcement.
Schools should only be collecting the information they need to help students, and, if the disclosure of that information could cause a greater harm than benefit to students, schools should consider deleting that information.
The publication emphasizes issues that schools and third-party service providers must consider before disclosing student data in response to law enforcement requests. First, schools and service providers should proactively review the information they collect to align the amount and types of data to the programs and services they provide. Schools should only collect the information they need to help students, and, if the disclosure of that information could cause a greater harm than benefit to students, schools should consider deleting that information if hey are not legally obligated to retain it. Second, schools and service providers should consult legal counsel to determine their legal obligations to students and law enforcement when presented with a request for student data. Federal civil rights laws and the Supreme Court decision Plyler v. Doe require states to provide equal access to public education for undocumented children, and schools cannot use any information collected about race, ethnicity, national origin, or English proficiency to discriminate against students.
Under the Family Educational Rights and Privacy Act (FERPA), schools and service providers may be required to disclose certain student data if presented with a valid and narrowly tailored warrant, court order, or subpoena. However, schools cannot disclose information they do not have. For example, if your school does not need to collect immigration status data, then don’t collect it. If your school must collect sensitive data to better serve students, then please note that a student’s immigration status is likely considered part of their education record and is therefore protected under FERPA.
With that said, if your school does collect sensitive data that could be used to determine a student’s immigration status, you should know that schools and service providers have legal obligations to both students and law enforcement. Under FERPA, schools that receive funding from the U.S. Department of Education are obligated to protect student privacy. FERPA offers privacy protection for student education records, but some exceptions may apply to disclosures to law enforcement. However, it is very important for schools to know that, if they are compelled to turned over student records to law enforcement, FERPA typically requires that schools notify the student or parent prior to disclosure unless a court has ruled otherwise.
Service Providers should always insist on appropriate legal process before disclosing FERPA protected data to law enforcement. Under FERPA, service providers are only allowed to (re)disclose student data on behalf of the school; and if service providers engage in any unauthorized disclosure, they may also risk penalties under the Electronic Communications Privacy Act (ECPA), which is a federal law designed to prevent unauthorized access to private electronic communications. In any case, it’s important for schools to verify that their contracts with service providers include a requirement that they be notified about a record request from law enforcement.
Overwhelmingly, every expert FPF talked to recommended that schools and service providers should always consult legal counsel prior to the disclosure of student records to law enforcement without consent. You can read our new publication here for more information, and we list additional helpful resources below. If this all sounds overwhelming, then it’s important to remind you of the number one best practice: strive to minimize legal risks on the back end by limiting the amount and types of data you collect about students on the front end.
***
Mia Little is a 3L at the American University Washington College of Law and an intern at FPF. Amelia Vance is the Education Policy Counsel for FPF.
Artificial Intelligence, Machine Learning, and Ethical Applications
FPF and IAF to Host Event at 39th International Conference of Data Protection and Privacy Commissioners Discussing Key Technologies and Impacts for Privacy, Data Protection, and Responsible Information Practices
Technologists have long used algorithms to manipulate data. Programmers can create software that analyzes information based on rules and logic, performing tasks that range from ranking web sites for a search engine to identifying which photos include images of the same individual. Typically, software performs this analysis based on criteria selected and prioritized by human engineers and data scientists. Recent advances in machine learning and artificial intelligence support the creation of algorithmic software that can, with limited or no human intervention, internally modify its processing and criteria based on data.
Machine learning techniques can help hone algorithmic analysis and improve results. However, reduced human direction means that AI can do unexpected things. It also means that data protection safeguards should ensure that algorithmic decisions are lawful and ethical – a challenge when specific algorithmic criteria may be opaque or not practical to analyze. Increasingly, technologists and policymakers are grappling with hard questions about how machine learning works, how AI technologies can ethically interact with individuals, and how human biases might be reduced or amplified by algorithms that employ logic but lack human intuition.
On September 25, 2017, FPF and IAF will bring together technologists, policymakers, and privacy experts to discuss:
How machine learning and artificial intelligence work;
How these emerging technologies can support better outcomes for users of online services, patients with mental health conditions, and systems designed to combat bias;
The challenges and implications raised by machine learning and artificial intelligence in the context of efforts to support legal, fair, and just outcomes for individuals; and
How these emerging technologies can be ethically employed, particularly in circumstances when artificial intelligence is used to interact with people or make decisions that impact individuals.
Presenters include:
Rich Caruana, Senior Researcher, Microsoft
Stan Crosley, IAF Senior Strategist
Andy Chun, Associate Professor, Department of Computer Science, and Former Chief Information Officer, City University of Hong Kong
Yeung Zee Kin – Deputy Data Protection Commissioner, Singapore
Sheila Colclasure, Chief Privacy Officer and Global Executive for Privacy and Public Policy, Acxiom
Peter Cullen, IAF Executive Strategist
John Verdi, FPF Vice President of Policy
The event will be held from 3:30pm – 5:00pm (15:30 – 17:00) in Kowloon Room II (M/F) of the conference venue in Hong Kong. Registration is not required. For more information, please contact John Verdi at [email protected] or Peter Cullen at [email protected]. Please also look out for other side events from our colleagues at IAPP, Nymity, and OneTrust.
FPF Welcomes New Team Members
The Future of Privacy Forum is delighted to welcome several new members to our team!
Carson Martinez
Carson Martinez is our new Policy Fellow. Carson started working at FPF in early August on the emerging areas of privacy and data protection. She is working in consumer genetics and organizing the upcoming event: “Refining Privacy to Improve Health Outcomes” Symposium. Specifically, she will work on issues surrounding health data, particularly where it is not covered by HIPAA. These non-HIPAA health data issues include consumer-facing genetics companies, wearables, medical “big data” and medical device surveillance. Finally, she will also be assisting with the operation of the Genetics Working Group.
Carson was previously an Intern at Intel with the Government and Policy Group, working on health, technology, and policy. Before joining Intel, Carson was an intern for the International Neuroethics Society, and a Research Assistant for both Data-Pop Alliance and New York University. Carson graduated from Duke University with a Master’s Degree in Bioethics and Science Policy with a concentration in Technology and Data Policy. She earned her Bachelor’s Degree in Neuroscience with minors in Philosophy and Psychology from New York University. Carson is also a Certified Information Privacy Professional/United States (CIPP/US).
Chanda Marlowe
Chanda Marlowe is our inaugural Christopher Wolf Diversity Law Fellow. FPF established the Fellowship in dedication to the vision and commitment of Christopher Wolf, founder of the Future of Privacy Forum. Chris has worked throughout his life to fight discrimination, bigotry, and bias. At FPF, Chris has led our work on understanding the uses of Big Data to fight discrimination, representing FPF at the 2013 White House Big Data Workshops and collaborating with the Anti-Defamation League on a Big Data project and workshop. The Fellowship is designed to equip recent law school graduates with the skills to succeed in the privacy profession, and at the conclusion of the Fellowship to provide private and public employers with privacy professionals of diverse backgrounds.
Chanda is returning to FPF after working as our Law and Policy Intern last summer. She has also been working for the past two years as the Roy H. Park M.S. Fellow for the UNC School of Media and Journalism. Chanda will be focusing on consumer and commercial privacy issues including general data management, de-identification, privacy ethics, algorithms, the Internet of Things, and Connected Cars. She will working on proposed regulatory actions, research and analysis of European privacy issues, and tracking consumer privacy legislation. Previously, Chanda was a Litigation Intern for ACLU of Northern California, a Judicial Extern for the Honorable Judge Wanda Bryant, and an Internal Communications Intern for the Volvo Group.
Chanda received her Juris Doctorate from the UNC School of Law. She obtained her Master’s Degree in Communication and Journalism from the UNC School of Media and Journalism. Chanda earned her M.A. in Teaching from UNC at Chapel Hill, where she also earned her B.A. in English Language and Literature.
Lindsey Barrett
Lindsey Barrett is our new Georgetown Policy Fellow. She will be working closely with FPF’s Student Data Privacy Project and will also be leading the 2017 Privacy Papers for Policymakers annual awards event. Lindsey worked for FPF as a Legal Intern in 2016.
In law school, Lindsey worked with Facebook as a Privacy and Public Policy Extern, as a Research Assistant for the Georgetown Center on Privacy and Technology, and was the co-founder and Managing Editor of the Georgetown Law Technology Review. Lindsey also has experience working as a Legal Intern for the Senior Adviser for Privacy at the Office of Management and Budget, and for the Office of International Affairs at the U.S. Department of Justice. Lindsey currently serves as the Updates Editor for the American Bar Association Internet of Things Committee.
Matthew Green Jr.
Matthew Green Jr. is our new Communications Intern. Matthew studies Public and Mass Communications at The College of New Jersey, with minors in Marketing and Journalism. He previously worked in marketing and sales for The AroundCampus Group as an Outside Sales Representative and for the Shiloh Community Development Corporation as a Communications Intern. Matthew will be working closely with Melanie Bates, the Director of Communications, on public outreach through various media platforms. He will assist with social media development, monthly newsletter production, FPF website maintenance, and various other marketing and public relations projects.
Maria Little
Maria Little is our new Legal Intern. Maria is studying to get her Juris Doctor at the American University Washington College of Law where she is an active member of the Intellectual Property Law Society as well as the Junior Editor for the National Security Law Brief. She earned her Master’s Degree in Intelligence Analysis from Johns Hopkins University and a Bachelor of Arts in International Studies from Middlebury College.
Maria worked this past summer as a Google Public Policy Fellow for the Open Technology Institute. Before that, she worked at the Office of the Director of National Intelligence General Counsel as a Legal Intern and for the U.S. Department of Defense as an Intelligence Oversight Officer/Data Scientist.
Amy Oliver
Amy Oliver is a volunteer attorney with the policy team, focusing on a wide variety of issues related to consumer privacy and emerging technology. Prior to joining FPF, Amy served as a career attorney for the U.S. Department of Justice for 16 years. With a Doctorate of Law Degree from the American University Washington College of Law, she has a wealth of experience and expertise in law and government policy. At American University, she was involved with the Appellate Advocacy Clinic and the Administrative Law Journal as the Editor. Amy received a Master’s Degree in International Law from the University of New South Wales Australia and a Bachelor’s Degree in History from the University of Delaware. Amy is also a Certified Information Privacy Professional/United States.
