The authors argue that such a right may be unconstitutional in Canada: it would most likely infringe upon freedom of expression in a way that cannot be demonstrably justified under the Canadian Constitution. They also argue that the legal framework in Quebec addresses some of the privacy and reputational concerns that a RTBF is meant to address through a “public interest” test, although they acknowledge that there are some limits to this framework.
The Top 10: Student Privacy News (March-April 2017)
The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Approximately every month, we post “The Top 10,” a blog with our top student privacy stories.
The Future of Privacy Forum is headed to IAPP! Next week in DC, FPF has several events happening at IAPP, including a panel with the U.S. Department of Ed, “Privacy + Ed Tech = Awesome” (4/20 at 9:30am), and a Peer-to-Peer Roundtable on K-12 privacy (4/19 at 3:30pm). Also check out:
Rachel Krinsky Rudnick from University of Connecticut for a Peer-to-Peer Roundtable on Privacy in Higher Ed (4/19 at 12:30pm)
If you didn’t manage to get one of the sold-out tickets to FPF’s Tech Lab (4/18 at 5:30pm), you can still see some of FPF’s Connected Toys and learn more about our work at IAPP booth 92 (4/19 and 4/20)
FPF also is on IAPP panels about “Practical Data De-ID” (4/18 at (9:30am), “Open Data vs Privacy” (4/19 at 2pm), “Highly Integrated Personalized Experiences” (4/19 at 4:30pm), “Location Data and Consumer Privacy” (4/20 at 9:30), and “New Developments in Privacy for the Connected Car” (4/20 at 3pm).
The Top 10
The first federal student privacy bill of 2017 has arrived! Senators Markey and Hatch have re-introduced the “Protecting Student Privacy Act,” an amendment to FERPA.
The U.S. Department of Education (USED) is requesting comments until April 19th on a proposal to electronically match USED applications for financial assistance with U.S. Citizenship and Immigration Services (USCIS) data to confirm the immigration status of alien applicants for or recipients of financial assistance under title IV of the Higher Education Act. Privacy advocates have raised concerns about allowing any connection of these databases.
Common Sense Media’s Privacy Initiative has released their follow-up survey measuring whether 1,121 vendors have encryption support. While there has been measured improvement since their October 2016 survey, roughly 40% of websites still do not enforce encryption.
Alberta (Canada) is dealing with the difficult issue of privacy for students versus their parents: The Education Minister of Alberta says that parents should not be told if children join gay-straight alliances. This issue was raised in the U.S. in 2016 in the context of the ACLU model student privacy legislation, which said that schools should not disclose information in student records to parents if that information could potentially harm the child.
USED’s audit of IES found that the agency needs to “tighten its processes to ensure researchers know how to safeguard student privacy.” Shortly afterwards, the House Committee on Government and Oversight Reform sent a letter to Secretary DeVos on March 30, asking for detailed information about how USED will improve the department’s cybersecurity.
The Consortum for School Networking (CoSN) has released a set of “fundamental resources to help [schools] protect against cyberthreats and develop effective security programs.” CoSN also released their annual K-12 IT Leadership Survey, and cybersecurity is one of the three top priorities identified along with mobile learning and broadband capacity.
The Berkman Klein Center has released “Privacy & Student Data: Companion Learning Tools,” five scenarios of ed tech adoption at various grade levels to help schools and districts train teachers and others on student data privacy.
REL Northeast & Islands has released a report on “Analyzing student-level disciplinary data” for districts to help them answer important questions about the use of disciplinary actions.
Student immigration data was a major topic yet again:
New York City announced that immigration agents will not be allowed in schools without warrants;
Civil rights groups asked California’s attorney general to investigate school districts that require parents to provide children’s SSNs, citizenship status and other sensitive info such as when they entered the country; and
Some school boards changed their rules for sharing student information with law enforcement organizations;
FPF commends NHTSA for its work to introduce a Vehicle to Vehicle (V2V) Communications system that takes privacy seriously in both the design and implementation of the system. We agree that great gains in road safety can result from broad-scale application of crash avoidance technologies like V2V. Overall, FPF supports NHTSA’s approach to consumer privacy and the seriousness with which NHTSA has engaged this topic, working with partners to design a system that includes multiple technical, physical, and organizational controls to help limit potential privacy impacts on consumers. In our comments, FPF describes measures that could help clarify or bolster these privacy safeguards.
FPF is encouraged by NHTSA’s “privacy by design” approach to building this system, by taking privacy into account throughout the entire engineering process from the earliest design stages to the operation of the system. We also commend NHTSA for working with partners in order to implement layers of technical, policy and physical controls to mitigate potential privacy impacts of the V2V system; we agree that the proposed rule’s ongoing privacy risk analysis is a crucial component of the V2V system.
FPF recommends that NHTSA:
improve the contemplated privacy notice in terms of content, usability, and delivery mechanisms, and undertake the proposed consumer education efforts;
retain the proposed rule’s approach to defining Personally Identifiable Information—an approach that is consistent with the Federal Trade Commission and other Federal entities’ definitions;
work with other regulators and partners to identify any protective technical or legal control that could limit third party collection, aggregation, or sale of V2V data, including considering encryption or higher Pseudonym Certificate rotation rates;
consider what sorts of consumer privacy controls are appropriate (e.g. opt-out), when such choices are appropriate, and how such choices can be presented in the context of the operators’ relationships with vehicles and service providers;
ensure oversight and accountability mechanisms for the security entity within the proposed rule’s credential management system;
continue to study and mitigate the residual privacy risks created by the proposed rule.
This NPRM is an important step toward safer roads, and our analysis indicates that the proposed Rule includes thoughtful, careful privacy protections in a complex system. We urge the Administration to consider our recommendations and outstanding questions to improve the final regulation. We thank NHTSA for recognizing the importance of privacy in the context of V2V technologies, and look forward to remaining engaged as the rulemaking advances.
'Successful smart city leaders will be smart on privacy'
In a piece for Samsung Public Information Display, Jules Polonetsky and Kelsey Finch share what they have learned from working with smart city and community stakeholders to navigate complex issues and integrate digital services in privacy-protective ways. The authors explain:
“If city leaders, technology providers, community organizations, and other stakeholders work together to address core privacy issues and principles, they will be able to leverage the benefits of a data-rich society while minimizing threats to individual privacy and civil liberties.”
We are pleased to announce that Margaret Honda has joined FPF as Director of the Research Coordination Network! In this role, Margaret oversees a new community of privacy academics and industry practitioners whose goal is to advance the privacy research agenda through collaboration.
Before joining FPF, Margaret worked at Forrester Research, Inc., a technology market research firm, during which time she held various senior management positions and created and implemented new product offerings focused on developing meaningful executive-level customer engagement strategies. Margaret earned her Bachelor of Science degree in Health Management and Policy from the University of New Hampshire.
We are pleased to announce that Mary C. Wright has joined FPF as Membership Development Specialist! As the primary handler of the relationship between FPF and its stakeholders, Mary manages the FPF member database, ensures members are enrolled in the appropriate groups and subgroups, and works with FPF leadership to ensure we are providing value to members and stakeholders.
Mary is a native of Colorado, bringing a solid history in development, program management and hospitality where she built key relationships, executed strategic plans and managed national accounts. After serving 10 years as a marketing and event fundraising professional, Mary spent the last 15 years as an executive development officer raising money for non-profit organizations, Big Brothers Big Sisters, NAACP and the Carson Scholars Fund. Mary is a graduate of the University of Northern Colorado.
On April 11, Windows Users Get Improved Privacy Protections from Microsoft
FPF is pleased to see the major privacy advances in Microsoft’s upcoming update to Windows 10. The Creator’s Update version of Windows 10 will provide a new privacy dashboard, allows users to limit telemetry information sent back to Microsoft, provides a detailed look at the telemetry information collected, and makes it easy for users to understand what data is collected when they choose basic or advanced installations. People already running a version of Windows 10 will get a notification to schedule the Creators Update and choose privacy settings.
For each setting, Microsoft has provided a detailed description with the option to learn more about the information collected and how it is used. If you choose to turn all of these settings off (limiting the amount of data collected), you will be shifted to “basic” mode and your privacy settings screen will look like the image below.
The basic level now sends about 50 percent less data back to Microsoft, but does not eliminate all transmission of data, as the company requires a minimum amount of data for security and other essential debugging purposes.
EU Policymakers and US Civil Society Groups Meet to Discuss Trans-Atlantic Privacy Issues
FPF’s Vice President of Policy, John Verdi, attended a meeting with Věra Jourová, the European Union’s Commissioner for Justice, Consumers, and Gender Equality. The meeting between EU policymakers and US civil society groups focused on an open, robust discussion of trans-Atlantic privacy issues, including the US/EU Privacy Shield program.
Shedding Light on Smart City Privacy
Today, the Future of Privacy Forum is releasing a new tool for municipal and technology leaders: a visual guide “Shedding Light on Smart City Privacy.” This tool will help citizens, companies, and communities understand the technologies at the heart of smart city and smart community projects – and their potential impact on privacy. It also connects stakeholders with guidance documents, best practices, and other resources designed to help them implement new technologies in privacy-protective ways.
Cities and communities generate data through a vast and growing network of connected technologies that power new and innovative services ranging from apps that can help drivers find parking spots to sensors that can improve water quality. Such services improve individual lives and make cities more efficient. While smart city technologies can raise privacy issues, sophisticated data privacy programs can mitigate these concerns while preserving the benefits of cities that are cleaner, faster, safer, more efficient, and more sustainable.
Shedding Light on Smart City Privacy highlights the wide range of connected technologies and services appearing throughout our communities – everything from streetlights that measure air and noise pollution to smart electric grids to buses that re-route based on demand. The visual guide also provides important context to these new technologies and services, allowing visitors to sort technologies and services based on what sectors they might serve, what other technologies enable them, and who within their communities might use or deliver them.
The visual guide also describes some of the top privacy concerns raised by smart city technologies and services, both for individuals and for communities. It describes key tools for mitigating those risks, including robust privacy programs, transparency and consent, de-identification, vendor management, and data minimization.
Finally, the tool also acts as a central repository for privacy-related guidance documents, best practices, reports, codes of conduct, and other resources that can help local policymakers, technologists, and citizens navigate these complex issues and integrate digital services in privacy-protective ways.
As cities and communities become more connected, it is critical that they learn to leverage the benefits of a data-rich society while minimizing threats to individual privacy and civil liberties. Our new guide provides a useful tool to help all smart city and community stakeholders hold important discussions and make informed decisions about their privacy policies and practices.
The wide range of connected technologies and services appearing throughout our communities – everything from streetlights that measure air and noise pollution to smart electric grids to buses that re-route based on demand.
Data privacy concerns raised by these new technologies and services, including surveillance, data spills, unexpected uses, open data, discrimination, and data quality.
Data privacy tools that help mitigate these risks, including robust privacy program management, transparency and consent, local storage, data minimization, vendor management, and de-identification.
Privacy-related guidance documents, best practices, codes of conduct, reports, and other resources that can help local policymakers, technologists, and citizens navigate complex privacy issues.
Future of Privacy Forum Releases Interactive Tool for Understanding the Technologies Powering Smart Cities
FOR IMMEDIATE RELEASE
March 31, 2017
Contact: Melanie Bates, Director of Communications, [email protected]
Future of Privacy Forum Releases Interactive Tool for Understanding the
“As cities and communities become more connected, it is critical that they learn to leverage the benefits of a data-rich society while minimizing threats to individual privacy and civil liberties,” Finch said. “Our new guide provides a useful tool to help all smart city and community stakeholders hold important discussions and make informed decisions about their privacy policies and practices.”
Shedding Light on Smart City Privacy highlights the wide range of connected technologies and services appearing throughout our communities – everything from streetlights that measure air and noise pollution to smart electric grids to buses that re-route based on demand. The visual guide also provides important context to these new technologies and services, allowing users to sort technologies and services based on what sectors they might serve, what other technologies enable them, and who within their communities might use or deliver them.
The visual guide also acts as a central repository for privacy-related guidance documents, best practices, reports, codes of conduct, and other resources that can help local policymakers, technologists, and citizens navigate these complex issues and integrate digital services in privacy-protective ways. The guide can be accessed at fpf.org/2017/03/30/smart-cities/.
###
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
Chasing the Golden Goose: What is the path to effective anonymisation?
Searching for effective methods and frameworks of de-identification often looks like chasing the Golden Goose of privacy law. For each answer that claims to unlock the question of anonymisation, there seems to be a counter-answer that declares anonymisation dead. In an attempt to de-mystify this race and un-tangle de-identification in practical ways, the Future of Privacy Forum and the Brussels Privacy Hub joined forces to organize the Brussels Privacy Symposium on De-identification – “Identifiability: Policy and Practical Solutions for Anonymisation and Pseudonymisation”. The event brought together researchers from the US and the EU, having academic, regulatory and industry background, discussing their latest solutions for such an important problem. Discussion of the selected research papers was preceded by the presentation of an overview report on “Preserving the Utility of Data and Privacy of Individuals” by Deutsche Telekom.
This contribution (published in Privacy In Germany (PinG2017)) looks at the work of invited researchers in detail, puts it in context and aggregates its results for the essential debate on anonymisation of personal data. The overview shows that there is a tendency to stop looking at anonymisation/identifiability in binary language, with the risk-based approach gaining the spotlight and the idea of a spectrum of identifiability already generating practical solutions, even under the General Data Protection Regulation.
The Brussels Privacy Symposium was made possible with the generous support of our Lead Founding Sponsor Deutsche Telekom and additional support from our Founding Sponsors Information Technology Industry Council, Microsoft, SAP, and TomTom. The Brussels Privacy Symposium is supported by a grant from the National Science Foundation.
We are pleased to announce that Mary C. Wright has joined FPF as Membership Development Specialist! As the primary handler of the relationship between FPF and its stakeholders, Mary manages the FPF member database, ensures members are enrolled in the appropriate groups and subgroups, and works with FPF leadership to ensure we are providing value to members and stakeholders.
