Parents Support School Tech and Data, But Want Privacy Assurances: FPF 2016 Parent Survey
In 2015, the Future of Privacy Forum (FPF) set out to gain a better understanding of what public school parents actually know and want concerning the use of technology and collection of data in their children’s schools, as well as their perspectives on the benefits and risks of student data use within the educational system. Media reports routinely quote parents who are afraid or reluctant to support the use of technology, electronic education records, and student data within their own schools or throughout the educational process. The original survey sought to understand the views of parents, the critical stakeholders in the education policy discussion. Results showed that parents were generally aware of and understood the technology used in their children’s schools, but lacked knowledge of many of the specific laws and practices that provide guidelines and important protections for children’s information.
Since we reached those conclusions, the public conversation on this topic has barely slowed. Therefore, this year we returned to parents to find out – has their understanding grown? Have their concerns changed? And we had new questions to ask, as technology is used in ever-expanding ways, and the effects of those newly passed laws begin to be felt.
Today, we are releasing our 2016 survey, Beyond One Classroom: Parental Support for Technology and Data Use in Schools. Largely, our findings parallel those from last year. Unsurprisingly, it remains true that the closer the use of the data is to the individual classroom and to their own child, the more strongly parents support, and desire, the benefits of student data collection and use. As data use becomes less directly tied to students, parents still want to comprehend the benefit to the classroom. Parents support research that can be used in a school or classroom to directly benefit students.
What changed from last year to now? Technology use is spreading, fast. Almost eighty percent of parents are now using school-related technology to keep up with their child’s educational progress, and ninety percent of children are using technology provided or recommended by their school.
In addition, parents increasingly see the value school districts gain from the use of a variety of personal data – with growing percentages saying that in addition to categories like grades and attendance, it is appropriate for schools to use data concerning disciplinary records and participation in school lunch programs. Even more noteworthy, parents may be seeing the value of broader research based on analysis that necessarily includes traditionally “sensitive” information. Support for the collection and use of parents’ marital status, family income, and social security numbers all increased significantly; perhaps most importantly, over half of parents of school age children now agree that race and ethnicity are data that is appropriate for collection and use by schools. The use of this type of data, appropriately controlled and protected, is critical for research that identifies potentially discriminatory policies and practices, and it is heartening to see that parents appreciate the value this data can provide when it is used responsibly.
One new finding was that nearly all parents of school age children believe they should be informed with whom and for what purpose their child’s record is being shared. In addition to schools telling parents when the record is shared for educational purposes, we also asked about an increasing trend from state laws that may be limiting the rights of parents: while schools have the ability to share the educational record with partner vendors for core educational functions, parents may want to protect their ability to authorize use of their child’s electronic record to external third parties – for example, for tutoring programs, non-school-sponsored educational clubs or activities, or financial aid and advance educational programs.
However, many state laws are being written that either prohibit this parental control altogether, or narrowly limit it to colleges and prospective employers only. Those leaving the school system for their next opportunity are not the only ones who may wish to use their own record for expanded purposes, and parents overall want this ability. Some want it via “opt-in,” others prefer “opt-out” or by direct request only, but less than half agree that it should be limited to colleges and employers only, or prohibited altogether. Policymakers should take note and instead of legislating this limitation, should leave it to schools and their communities to make this decision for themselves. As FPF’s Jules Polonetsky and Brenda Leong wrote in a recent article on this topic, “Parents, as those most in-tune with their individual child’s needs, have the right to be an active partner and make the final decision about additional sharing and use of their child’s information.”
An important area that remains a prime target for better communication and awareness is helping parents understand current laws and practices that protect student data. Slightly fewer parents than last year felt confident that they know what federal laws currently protect student data, or what those laws require. This is such a clear issue that advocates and educators at all levels should focus part of their future outreach on making parents aware of these existing requirements. The FPF Parent Guide To Student Privacy, written in cooperation with the National PTA and ConnectSafely, can be a great start in providing parents with that information. The Foundation for Excellence in Education recently released a “Student Data Privacy Communications Toolkit” that provides districts and states with templates for webpage content, letters to send home to parents, and many other key ways to communicate.
Overall, our 2016 survey showed the increasing prevalence of technology use by both parents and students, increasing levels of support by parents of the appropriate collection and use of data by schools, and continued strong belief in the possibilities of technology to improve their child’s educational opportunities. The goals for educators, advocates, and policymakers remain to communicate policies clearly; establish transparent practices; and work with parents as key partners in the educational system to achieve the best learning outcomes for our children.
Beyond One Classroom was produced with funding provided from the Bill & Melinda Gates Foundation.
Brenda Leong is senior counsel and director of operations at the Future of Privacy Forum. Amelia Vance is policy counsel for education privacy at the Future of Privacy Forum.
Uber and Location Permission
Uber recently announced that its iOS app will require access to location data either “Always” or “Never.” Given some of the confusion about the change, we are writing to help consumers better understand what Uber modified and why.
For context, it is important to understand how smartphone location permissions work. Until 2014, on the two major smartphone platforms—iOS and Android—granting the location permission to an app meant that app had access to that user’s location at all times, whether or not the app was open.
In 2014, with the rollout of iOS 8, Apple created new location permission options, which allowed iOS app developers to offer users the option to permit location access “While Using the App” in addition to the preexisting options of “Never” or “Always.”
Under iOS 8 and until recently, Uber provided users with all three options. When users selected the “While Using the App” option, Uber only received location data when the app was actually open and in the foreground of a user’s phone – i.e. when a user was actively calling an Uber or checking the location of the vehicle on the map.
As a result, key information about how far riders were from the vehicle they were seeking to meet was not available to the company. The only location information available was the pin denoting the location the rider chose originally when hailing the Uber. If the rider minimized the app or switched to a different app and then exited their building around the corner from the main door, or if they were down the block or across the street from the pin’s location, accurate location information was not available to help the Uber driver find them.
Similarly, at drop-off, for riders using the “While Using the App” option, Uber did not receive information about whether the user was dropped off at the intended location-any route information was garnered solely from the driver’s phone. For example, if the map led the driver to a location where users had to cross a dangerous street and walk around the building to actually get to the entrance, or need to wave down the driver to get picked up again because they were not taken to the intended location, that information is today usually not available to Uber; this lack of data limits Uber’s ability to correct the error for future passengers.
Because of these shortcomings, Uber is now asking users to allow the company to access location information when riders may not have the app in the foregrounds of their phone – specifically from the time of hailing the Uber to 5 minutes after drop off. Although doing so technically grants Uber access to location “Always”, the company has committed to access location only for specified purposes: to improve pickups, drop offs, customer service and to enhance safety.
Some critics have objected to Uber’s change, focusing on the fact that the company will be able to collect user location for 5 minutes after drop off. Some Uber users want to keep where they are heading after drop off confidential or don’t want that information stored in a database. Perhaps so, but those users would be far wiser to turn off location settings for their phone entirely, given the number of apps that could be collecting their location information. Riders can still do so when exiting the car, or they can choose to “Never” share their location with Uber and instead type in their location and destination.
Location information is often sensitive and users should think carefully before allowing apps to access location data. Many apps don’t need location data and request it simply to share it with advertising companies or other third parties. But here, the convenience and service improvements intended by this change promise real value for riders.
What apps are getting your location and are they collecting it “Always” or only “When Using the App”? On iOS, checking Settings/Privacy/Location Services to find this information and to revoke permission from any app that doesn’t have a good reason to be collecting your location.
FPF and FOSI understand that connected toys are creating opportunities for interactive play and education, but also creating new privacy and security challenges. Toys that can become a child’s closest friend, play games, and provide advice through the use of sophisticated cloud-based computing and personal information are raising questions about how to ensure families can make appropriate choices about how data is collected and used. Learn more about Kids & The Connected home below.
Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots
FOR IMMEDIATE RELEASE
December 1, 2016
Contact:
Melanie Bates, Future of Privacy Forum, 202-596-9837, [email protected]
Emma Morris, Family Online Safety Institute, 202-775-0158, [email protected]
Kids & The Connected Home: Privacy in the Age of
Connected Dolls, Talking Dinosaurs, and Battling Robots
Connected toys can raise privacy concerns, particularly when they use children’s personal information
The Children’s Online Privacy Protection Act (COPPA) applies to many connected toys, helping to ensure that parents are in control of their kids’ data
COPPA does not apply to general connected home devices that serve families
Leading companies should go beyond legal requirements to build trust in toys that can connect to online services
The connected toy marketplace is still young, and many toymakers could take additional steps to make their data practices clear and to better secure children’s data
FPF and FOSI understand that connected toys are creating opportunities for interactive play and education, but also creating new privacy and security challenges. Toys that can become a child’s closest friend, play games, and provide advice through the use of sophisticated cloud-based computing and personal information are raising questions about how to ensure families can make appropriate choices about how data is collected and used.
“At FPF, we recognize the benefits that connected home technologies can provide to individuals, families, and kids,” said Jules Polonetsky, FPF’s CEO. “We also know that privacy issues can make or break adoption of connected home tech – particularly questions about whether kids’ privacy and security are sufficiently safeguarded. Children are playing with dolls that listen and talk, interactive animals, and apps that link toys to digital services. As connected toys become more popular, it is important for toymakers to be transparent about their data practices and to mitigate security risks. Federal law provides key safeguards, but more can be done to build trust.”
“The new world of connected toys offers an extraordinary range of opportunities for learning, exploring and just plain fun,” said Stephen Balkam, FOSI’s Founder and CEO. “However, data is the difference between these ‘smart’ toys and traditional ones. Parents need to be aware of how a toy collects, shares, and stores their child’s information. Industry must ensure the safety and security of that data and find innovative and effective ways to inform parents of how their child’s information is being used.”
Kids & The Connected Home describes the current landscape of connected toys, identifying what distinguishes them from conventional toys and other smart toys. The white paper analyzes existing regulations under COPPA that have established important safeguards for information collected from children, and how those regulations apply. Stacey Gray, FPF Policy Counsel, points out that shopping for connected toys often happens in retail stores, where COPPA does not require a privacy disclosure.
“Parents should be able to understand at the point of sale—before bringing it home to their child—whether or not they will later be asked to consent to the toy’s collection of their child’s personal information,” Stacey said. “A full privacy policy on the box is not likely to be helpful, but some sort of cue will help parents decide before purchasing whether they are comfortable with the toy or whether they would like to do more research.” As a prime example, Kids & The Connected Home cites a packaging label notice on Fischer-Price’s connected toy, Smart Toy.
The report also provides several leading privacy and security practices that can help companies build trust, such as: 1) Determine when local processing, remote processing, and third-party sharing is appropriate, and mitigate security risks for the selected approach to data processing; 2) Ensure that strong encryption standards prevent the toy from communicating with unauthorized devices or servers; and 3) Do not use passwords that cannot be changed by users, and do not share a single default password between toys.
On July 20, 2016, FPF, FOSI, and Christian Science Monitor Passcode hosted Kids & the Connected Home in Washington, DC. This event featured discussion by a diverse group of industry experts about kids, connected toys and devices, and privacy. In Kids & The Connected Home, FPF & FOSI discuss and expand upon the issues raised at that event, which concerned the emergence of connected toys and their social and legal implications. Throughout, the report addresses key questions that animate the discussion around children and the connected home:
Connected Toys. Does COPPA apply to connected toys? And does the screen-less nature of many connected toys suggest that an update to COPPA may be required to adequately address privacy concerns?
Connected Homes. Does COPPA apply to general connected home devices that serve families?
Parental Controls. Do parents have appropriate controls and information to make well-informed decisions regarding their children’s interactions with the connected home and toys? If not, how can this be addressed?
Data Security. How do we ensure that connected toys are sufficiently secure?
“Trust is a crucial precondition for widespread adoption of connected toys,” said John Verdi, FPF’s VP of Policy. “Parents must be satisfied that the digital products they invite into their homes will safeguard children’s privacy and keep information secure.”
###
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
The Family Online Safety Institute (FOSI) is an international, non-profit organization which works to make the online world safer for kids and their families. FOSI convenes leaders in industry, government and the non-profit sectors to collaborate and innovate new solutions and policies in the field of online safety. Through research, resources, events and special projects, FOSI promotes a culture of responsibility online and encourages a sense of digital citizenship for all. Learn more about FOSI by visiting www.fosi.org.
FPF Comments on NHTSA’s Federal Automated Vehicles Policy
FPF Comments on NHTSA’s Federal Automated Vehicles Policy
Today, the Future of Privacy Forum (FPF) submitted comments regarding the Department of Transportation’s National Highway Traffic Safety Administration Request for Comment on the Federal Automated Vehicles Policy guidance published in the Federal Register on September 23, 2016.
FPF commended NHTSA for their forward-looking Federal Automated Vehicles Policy guidance and its acknowledgement that privacy will play a key role in promoting trust in connected vehicles. FPF believes that the Guidance and its emphasis on privacy is an important first step in building that trust.
Automated vehicle technologies hold tremendous potential to transform the safety and convenience of the vehicles in which we ride. According to NHTSA’s research, a full 94 percent of the 35,092 fatalities in U.S. motor vehicle accidents last year could be attributed to human error. NHTSA is right to recognize that evolving technologies can reduce the number of accidents on our roads, and also have the potential to increase mobility for the elderly and Americans with disabilities who may be constrained from driving altogether. FPF applauds NHTSA for releasing guidance that will create guidelines that enable these technologies to enter the market, while retaining the flexibility necessary for them to evolve and improve along the way.
Some safety technologies under development may hinge on the ability of cars to detect and understand what is around them better than a human driver. In addition, decisions that were previously manual or mechanized may now be algorithmic, relying on data inputs collected from each of the many new kinds of sensors and computing being built into vehicles.
As we welcome these new technologies, it is critical that at the front-end of the connected car revolution, we build responsible data practices into connected cars—just as we have in other new and unfamiliar technologies that have disrupted other sectors. Being optimistic about the benefits of new data uses does not mean we need to be naive about the risks. As highly automated vehicles develop and as we better understand the nature of the data and what is needed for these vehicles to operate, we also need to be sensitive to the privacy concerns that develop.
But it is nearly impossible today to anticipate today the full range of the privacy questions or concerns that will arise given the diversity of technologies, uses, and models being considered today, and those we can not yet imagine. This is especially true as these new technologies begin to transform the relationship of consumers to vehicles altogether, such as through fleet-based and other models.
As these policies do advance, it will be critical to ensure alignment between Federal, State, and self-regulatory guidance for the automated vehicle ecosystem. Consistency between federal, state, and self-regulatory regimes in this space are critical given that automotive companies design systems at a national and global level. Patchwork legislation could impede interoperability or render vehicles incapable of driving across state lines. Instead, NHTSA should encourage states to follow NHTSA’s example in issuing guidance that can be easily updated in light of rapidly evolving technology, rather than adopting this guidance as law at this time.
Privacy Papers 2016: Spotlight on the Winning Authors
Today, FPF announced the winners of the 7th Annual Privacy Papers for Policymakers (PPPM) Award. This Award recognizes leading privacy scholarship that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad.
From a record number of nominated privacy-related papers published in the last year, five were selected by Finalist Judges, after having been first evaluated highly by a diverse team of academics, advocates, and industry privacy professionals from FPF’s Advisory Board. Finalist Judges and Reviewers agreed that these papers demonstrate a thoughtful analysis of emerging issues and propose new means of analysis that can lead to real-world policy impact, making them “must-read” privacy scholarship for policymakers.
by Jennifer Daskal, Associate Professor, American University Washington College of Law
Jennifer Daskal is an Associate Professor of Law at American University Washington College of Law. She teaches and writes in the fields of criminal law, national security law, and constitutional law. From 2009-2011, Daskal was counsel to the Assistant Attorney General for National Security at the Department of Justice and, among other things, served on the Secretary of Defense and Attorney General-led Detention Policy Task Force. Prior to joining DOJ, she was the senior counterterrorism counsel at Human Rights Watch, worked as a staff attorney for the Public Defender Service for the District of Columbia, and clerked for the Honorable Jed S. Rakoff. She spent two years before joining WCL’s faculty as a national security law fellow and adjunct professor at Georgetown Law Center.
Daskal is a graduate of Brown University, Harvard Law School, and Cambridge University, where she was a Marshall Scholar. Recent publications include The Un-Territoriality of Data, 326 Yale L.J. 326 (2015); Pre-Crime Restraints: The Explosion of Targeted, Non-Custodial Prevention, 99 Cornell L. Rev. 327 (2014); After the AUMF, 5 Harvard Nat’l Sec. L. J. 115 (2014) (co-authored with Steve Vladeck); and The Geography of the Battlefield: A Framework for Detention and Targeting Outside the ‘Hot’ Conflict Zone, 171 Penn. L. Rev. 1165 (2013). Daskal has published op-eds in the New York Times, Washington Post, International Herald Tribune, L.A. Times, and Salon.com, and she has appeared on BBC, C-Span, CNN, MSNBC, and NPR, among other media outlets. She is an Executive Editor of and regular contributor to the Just Security blog.
by Joshua A. Kroll, Engineer, Security Team, Cloudflare; Joanna Huey, Princeton University; Solon Barocas, Princeton University; Edward W. Felten, Princeton University; Joel R. Reidenberg, Stanley D. and Nikki Waxberg Chair in Law, Fordham University School of Law; David G. Robinson, Upturn; and Harlan Yu, Upturn
Joshua Kroll is an Engineer working on cryptography and Internet security at the web performance and security company Cloudflare. He is also an affiliate of the Center for Information Technology Policy at Princeton University, where he studies the relationship between computer systems and human governance of those systems, with a special focus on accountability. His previous work spans cryptography, software security, formal methods, Bitcoin, and cybersecurity policy. He holds a PhD in Computer Science from Princeton University, where he received the National Science Foundation Graduate Research Fellowship in 2011.
by Danielle Keats Citron, Professor of Law, University of Maryland Carey School of Law
Danielle Keats Citron is the Morton & Sophia Macht Professor of Law at the University of Maryland Francis King Carey School of Law. Her work focuses on information privacy, cyber law, automated systems, and civil rights. She received the 2005 “Teacher of the Year” award.
Professor Citron is the author of Hate Crimes in Cyberspace (Harvard University Press 2014). Cosmopolitan and Harper’s Bazaar nominated her book as one of the “Top 20 Best Moments for Women” in 2014; Boston University Law Review held an online symposium on her book in 2015. Her current work focuses on the privacy policymaking of state attorneys general. Professor Citron’s scholarship has appeared, or is forthcoming, in Boston University Law Review (twice), California Law Review, George Washington Law Review, Hastings Law Journal, Michigan Law Review (twice), Minnesota Law Review, Notre Dame Law Review, Southern California Law Review, Washington University Law Review, Washington Law Review (twice), Washington & Lee Law Review, U.C. Davis Law Review, and others. Her opinion pieces have been featured in The Atlantic, New York Times, TIME, CNN, Guardian UK, New Scientist, and Slate. She has appeared on National Public Radio, HBO’s John Oliver Show and the New York Times video series. She is a technology contributor at Forbes.com and a member of Concurring Opinions.
by Kirsten Martin, Assistant Professor of Strategic Management & Public Policy, George Washington University School of Business; and Helen Nissenbaum, Professor, Media, Culture, and Communication & Computer Science, New York University
Kirsten Martin is an assistant professor of strategic management & public policy at the George Washington University’s School of Business. She is the principle investigator on a three-year grant from the National Science Foundation to study online privacy. Martin is also a member of the advisory board of the Future Privacy Forum and the Census Bureau’s National Advisory Committee for her work on privacy and the ethics of “big data.” Martin has published academic papers in Journal of Business Ethics, First Monday, Business and Professional Ethics Journal, and Ethics and Information Technology and is co-author of the textbook Business Ethics: A managerial approach. She has written teaching cases for the Business Roundtable Institute for Corporate Ethics including cases on Google in China as well as Bailouts and Bonuses on the financial crisis. She is regularly asked to speak on privacy and the ethics of big data.
Martin earned her BS in engineering from the University of Michigan and her MBA and PhD from the University of Virginia’s Darden Graduate School of Business. Her research interests center on online privacy, corporate responsibility, and stakeholder theory.
Before beginning her academic career, Martin worked at Sprint Telecommunications developing corporate strategy and Internet solutions. She also provided information system consulting services for Anderson Consulting (currently Accenture) to clients in the coal, pharmaceutical, telecommunication, and oil and gas industries.
Helen Nissenbaum is Professor of Media, Culture, and Communication, and Computer Science, at New York University, where she is also Director of the Information Law Institute. Her eight books include Obfuscation: A User’s Guide for Privacy and Protest, with Finn Brunton (MIT Press, 2015), Values at Play in Digital Games, with Mary Flanagan (MIT Press, 2014), and Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford, 2010). Her research has been published in journals of philosophy, politics, law, media studies, information studies, and computer science. Grants from the National Science Foundation, Air Force Office of Scientific Research, and the U.S. Department of Health and Human Services Office of the National Coordinator have supported her work on privacy, trust online, and security, as well as studies of values embodied in design, search engines, digital games, facial recognition technology, and health information systems.
Recipient of the 2014 Barwise Prize of the American Philosophical Association, Prof. Nissenbaum has contributed to privacy-enhancing software, including TrackMeNot (for protecting against profiling based on Web search) and AdNauseam (protecting against profiling based on ad clicks). Both are free and freely available.
Nissenbaum holds a Ph.D. in philosophy from Stanford University and a B.A. (Hons) from the University of the Witwatersrand. Before joining the faculty at NYU, she served as Associate Director of the Center for Human Values at Princeton University.
Risk and Anxiety: A Theory of Data Breach Harms
(Full paper available pending publication)
by Daniel Solove, Professor of Law, George Washington University Law School; and Danielle Citron, Professor of Law, University of Maryland Carey School of Law
Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, schools, healthcare institutions, and other organizations. An internationally-known expert in privacy law, Solove has been interviewed and quoted by the media in several hundred articles and broadcasts, including the New York Times, Washington Post, Wall Street Journal, USA Today, Chicago Tribune, the Associated Press, ABC, CBS, NBC, CNN, and NPR.
He has written numerous books including Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011), Understanding Privacy (2008), The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale 2007), and The Digital Person: Technology and Privacy in the Information Age (NYU 2004). He has also written several textbooks including Information Privacy Law (Aspen, 5th ed. 2015), Privacy Law Fundamentals (IAPP, 3d ed. 2015), Privacy and the Media (Aspen, 2d ed. 2015), Privacy, Law Enforcement, and National Security (Aspen, 1st ed. 2015), Consumer Privacy and Data Protection (Aspen, 1st ed. 2015), and Privacy, Information, and Technology (Aspen Publishing, 3rd ed. 2012). All of these books were co-authored with Paul M. Schwartz.
Additionally, Professor Solove has written more than 50 law review articles in the Harvard Law Review, Yale Law Journal, Stanford Law Review, Columbia Law Review, NYU Law Review, Michigan Law Review, U. Pennsylvania Law Review, U. Chicago Law Review, California Law Review, Duke Law Journal, and many others. He has also written shorter works for Wired, Scientific American, the Washington Post, and several other magazines and periodicals.
Danielle Keats Citron is the Morton & Sophia Macht Professor of Law at the University of Maryland Francis King Carey School of Law. Her work focuses on information privacy, cyber law, automated systems, and civil rights. She received the 2005 “Teacher of the Year” award.
Professor Citron is the author of Hate Crimes in Cyberspace (Harvard University Press 2014). Cosmopolitan and Harper’s Bazaar nominated her book as one of the “Top 20 Best Moments for Women” in 2014; Boston University Law Review held an online symposium on her book in 2015. Her current work focuses on the privacy policymaking of state attorneys general. Professor Citron’s scholarship has appeared, or is forthcoming, in Boston University Law Review (twice), California Law Review, George Washington Law Review, Hastings Law Journal, Michigan Law Review (twice), Minnesota Law Review, Notre Dame Law Review, Southern California Law Review, Washington University Law Review, Washington Law Review (twice), Washington & Lee Law Review, U.C. Davis Law Review, and others. Her opinion pieces have been featured in The Atlantic, New York Times, TIME, CNN, Guardian UK, New Scientist, and Slate. She has appeared on National Public Radio, HBO’s John Oliver Show and the New York Times video series. She is a technology contributor at Forbes.com and a member of Concurring Opinions.
The Finalist Judges also selected four papers for Honorable Mention on the basis of their uniformly strong reviews from the Advisory Board.
Ambiguity in Privacy Policies and the Impact of Regulation, by Professors Joel Reidenberg, Fordham University School of Law, Jaspreet Bhatia, Carnegie Mellon University, Travis Breaux, Carnegie Mellon University, and Thomas B. Norton, Fordham University
The winning authors have been invited to join FPF and Honorary Co-Hosts Senator Edward J. Markey, Congressman Joe Barton, and Congresswoman Diana DeGette, to present their work at the U.S. Senate with policymakers, academics, and industry privacy professionals. This annual event will be held on January 11, 2017, the day before the Federal Trade Commission’s PrivacyCon. FPF will subsequently publish a printed digest of summaries of the winning papers for distribution to policymakers, privacy professionals, and the public. To RSVP, please visit privacypapers.eventbrite.com.
This Year's Five Must-Read Privacy Papers: The Future of Privacy Forum Announces Recipients of Annual Privacy Award
FOR IMMEDIATE RELEASE
November 16, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
This Year’s Five Must-Read Privacy Papers: The Future of Privacy Forum Announces Recipients of Annual Privacy Award
Washington, DC – Today, the Future of Privacy Forum (FPF) announced the winners of the 7th Annual Privacy Papers for Policymakers (PPPM) Award. The PPPM Award recognizes leading privacy scholarship that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad. The winners of the 2017 PPPM Award are:
Accountable Algorithms, by Joshua A. Kroll, Engineer, Security Team, Cloudflare; Joanna Huey, Princeton University; Solon Barocas, Princeton University; Edward W. Felten, Princeton University; Joel R. Reidenberg, Stanley D. and Nikki Waxberg Chair in Law, Fordham University School of Law; David G. Robinson, Upturn; and Harlan Yu, Upturn
Privacy of Public Data, by Kirsten Martin, Assistant Professor of Strategic Management & Public Policy, George Washington University School of Business; and Helen Nissenbaum, Professor, Media, Culture, and Communication & Computer Science, New York University
Risk and Anxiety: A Theory of Data Breach Harms, by Daniel Solove, Professor of Law, George Washington University Law School; and Danielle Citron, Professor of Law, University of Maryland Carey School of Law
From a record number of nominated privacy-related papers published in the last year, these five were selected by Finalist Judges, after having been first evaluated highly by a diverse team of academics, advocates, and industry privacy professionals from FPF’s Advisory Board. Finalist Judges and Reviewers agreed that these papers demonstrate a thoughtful analysis of emerging issues and propose new means of analysis that can lead to real-world policy impact, making them “must-read” privacy scholarship for policymakers.
The Finalist Judges also selected four papers for Honorable Mention: Biometric Cyberintelligence, by Professor Margaret Hu, Washington & Lee University School of Law; Ambiguity in Privacy Policies and the Impact of Regulation, by Professors Joel Reidenberg, Fordham University School of Law, Jaspreet Bhatia, Carnegie Mellon University, Travis Breaux, Carnegie Mellon University, and Thomas B. Norton, Fordham University; Data Driven Discrimination at Work, by Professor Pauline Kim, Washington University in Saint Louis School of Law; and Friending the Privacy Regulators, by Professor William McGeveran, University of Minnesota Law School.
“Policymakers are grappling with privacy issues that are more sophisticated than ever, and academic scholarship can provide a much-needed source of innovative thinking and new ideas,” said Jules Polonetsky, FPF’s CEO. “Through this Award, we aim to bring the very best of academic privacy scholarship to the people who are crafting real-world policy. These are the ‘must-reads’ for any well-informed policymaker who wants to make a difference in privacy.”
The winning authors have been invited to join FPF and Honorary Co-Hosts Senator Edward J. Markey and Congressman Joe Barton and Congresswoman Diana DeGette, Co-Chairs of the Congressional Bi-Partisan Privacy Caucus,to present their work at the U.S. Senate with policymakers, academics, and industry privacy professionals. This annual event will be held on January 11, 2017, the day before the Federal Trade Commission’s PrivacyCon. FPF will subsequently publish a printed digest of summaries of the winning papers for distribution to policymakers, privacy professionals, and the public.
PPPM is free, open to the general public, and widely attended. To RSVP, please visit privacypapers.eventbrite.com.
###
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
Advisory Board Reviewers for PPPM 2016
Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad. The Award showcases work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
Winning Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals. This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
FPF would like to extend a special Thank You to our 2016 Advisory Board Reviewers, including:
Projjol Banerjea, zeotap
Eduard Bartholme, Call For Action
Allison Cohen, Toyota
Heather Federman, Macy’s
Olga Garcia-Kaplan, Novitex Enterprise Solutions
Lauren Gelman, BlurryEdge Strategies
Rita Heimes, International Association of Privacy Professionals (IAPP)
Mike Hintze, Hintze Law
Sarah Holland, Google
Susan Israel, Loeb & Loeb LLP
Manoj Lamba, ClassDojo
David Medine, Consultative Group to Assist the Poor
Catherine Tucker, MIT Sloan School of Management
Susannah Wesley, Edelman
Heather West, Mozilla
Michael Zimmer, UW-Milwaukee School of Information Studies
Thank you for all your hard work!
Spotlight on PPPM Judges
This week, the Future of Privacy Forum (FPF) will announce the winners of the 2016 Privacy Papers for Policymakers Award. Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad.
The goal of the Award is to advance academic-industry collaboration in support of the National Privacy Research Strategyby showcasing work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
How are PPPM papers chosen?
Papers are identified via our annual Call for Nominations, as well as from leading privacy research centers and submissions to the Privacy Law Scholars Conference (with authors’ permission).
Submissions receive an initial ranking from a diverse team of academics, consumer advocates, and industry privacy professionals from the FPF Advisory Board, with each submission being evaluated in the categories of: (1) Originality; (2) Applicability to policymaking; and (3) Overall quality of writing.
Finally, winners are selected by a panel of Finalist Judges who select the scholarship they feel should receive the Privacy Papers for Policymakers Award. Winning scholarship represents the “must-read” privacy papers of the year for policymakers. Leading Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals.
This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
Finalist Judges:
Our Finalist Judges for 2016 include representatives from FPF, as well as one representative from each of our three audiences: Academia, Industry Privacy Professionals, and Consumer Advocates.
Judges include Jules Polonetsky, CEO, Future of Privacy Forum; Christopher Wolf, Founder and Board Chair, Future of Privacy Forum; Mary Culnan, Professor Emeritus, Bentley University, and Board Vice President, Future of Privacy Forum; Virginia Lee, Director – Global Privacy, Starbucks; and John Breyault, Vice President of Public Policy, Telecommunications and Fraud, National Consumers League.
More on our PPPM Judges:
Jules Polonetsky
CEO, Future of Privacy Forum
Jules serves as CEO of the Future of Privacy Forum. Jules previous roles have included serving as Chief Privacy Officer at AOL and before that at DoubleClick, as Consumer Affairs Commissioner for New York City, as an elected New York State Legislator and as a congressional staffer, and as an attorney. Jules serves on the Advisory Board of the Center for Copyright Information. He has served on the boards of a number of privacy and consumer protection organizations including TRUSTe, the International Association of Privacy Professionals, and the Network Advertising Initiative. From 2011-2012, Jules served on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. In 2001, Crain’s NY Business magazine named Jules one of the top technology leaders in New York City. Jules is a regular speaker at privacy and technology events and has testified or presented before Congressional committees and the Federal Trade Commission.
Mary Culnan
Professor Emeritus, Bentley University
Vice President, Future of Privacy Forum Board of Directors
Dr. Mary J. Culnan is Professor Emeritus at Bentley University. She also serves as a Senior Research Fellow in the Center for IT and the Global Economy (CITGE) at the Kogod School of Business, American University. Mary has testified before Congress, the Massachusetts Senate, and other government agencies on a range of privacy issues. Mary’s primary research interest is governance of privacy and security. She has also conducted research on how organizations can gain value from social media. Mary’s work has been published in a range of academic journals as well as the New York Times, the Washington Post and the Wall Street Journal. Mary was employed for seven years as a systems analyst by the Burroughs Corporation prior to earning her Ph.D. in management from UCLA. Before joining the faculty at Bentley in fall 2000, she held faculty positions at the University of Virginia, University of California, Berkeley, the American University and Georgetown University.
Christopher Wolf
Founder and Board Chair, Future of Privacy Forum
Christopher Wolf is the founder and Board Chair of the Future of Privacy Forum. Chris is also a senior partner in the Washington, DC office of Hogan Lovells LLP, where he is a leader of that firm’s Privacy and Information Management practice. He has been in private law practice in Washington, DC since 1982. Chris has served as an adjunct law professor on Internet and privacy law, and is a frequent lecturer in continuing legal education programs on the subject.
MSNBC called Chris Wolf a “pioneer in Internet law”, reflecting his involvement in some of the earliest and precedent setting cases involving technology agreements, copyright, domain names, jurisdiction — and privacy. As the ability to collect, store, share and transfer personal information over the Internet increased, privacy became the main focus of Chris’ law practice. And Chris became known as a pioneer in privacy law too. It was for that reason that the prestigious Practising Law Institute (PLI) tapped Chris to be Editor and Lead Author of its first-ever treatise on privacy law. He also is co-editor of the PLI book, “A Practical Guide to the Red Flag Rules”, the identity theft prevention regulations issued by the FTC and financial regulators.
John Breyault
Vice President of Public Policy, Telecommunications and Fraud, National Consumers League
John joined the National Consumers League — America’s oldest consumer organization — in September 2008. His focus at NCL is advocating for stronger consumer and worker protections before Congress and federal agencies on a range of issues including telecommunications and technology policy, fraud, and consumer financial protections. In addition, John directs NCL’s Fraud Center an online hub for consumer education and advocacy related to fraud.
Prior to coming to NCL, John was Research Director at the Telecommunications Research and Action Center (TRAC), a non-profit consumer organization dedicated to promoting the interests of telecommunications consumers. Concurrent with his work at TRAC, John was Director of Research at Amplify Public Affairs (APA) where he helped launch the firm’s Web 2.0-based public affairs practice.
Prior to joining APA, John worked at Sprint in its International Carrier Services Division, at BellSouth in its Government Affairs office and at the American Center for Polish Culture. John has served on numerous Boards and advisory committees including the Federal Communications Commission’s Consumer Advisory Committee, the Commodity Futures Trading Commission’s Technology Advisory Committee and the Board of the Arlington-Alexandria Coalition for the Homeless.
Virginia “Ginny” Lee
Director – Global Privacy, Starbucks
Ginny Lee has worked in the high tech industry for over twenty years. Currently, she is Director – Global Privacy at Starbucks. Prior to this, she was Sr. Attorney – Privacy/Security at Intel Corporation and responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design”. Prior to Intel, Ginny was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Ginny also ran a boutique law practice focused on privacy and intellectual property law. She has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. In addition to her legal experience, Ginny has held positions in engineering and product management and technical support.
Ginny holds a BA in Applied Mathematics from the University of Maine, a MBA from the University of New Hampshire, and a JD from the University Of Maine School Of Law. Ginny is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G) and Manager (CIPM). She is admitted to practice in Maine, Washington and Oregon and is a registered patent attorney.
Thank you to our 2016-17 PPPM Finalist Judges!
Georgetown – FPF: Valuable Partnership and Talent Channel
This August, Stacey Gray was promoted to the position of Policy Counsel at the Future of Privacy Forum (FPF). In this role, she covers Location & Ad Tracking, Big Data, and the Internet of Things. Stacey stays on top of developments in the space, like the new iOS Limit Ad Tracking Feature, and facilitates monthly working group meetings. She has also taken the lead on the highly anticipated Privacy Papers for Policymakers (PPPM) event, and has lent her extensive expertise to events like the 2016 Place Conference.
Stacey first came to FPF as a fellow from Georgetown University Law Center in August 2015, continuing a tradition of Georgetown graduates working fellowships at FPF. Each of the last three years, FPF has taken a top Georgetown student and immersed them in the world of privacy. FPF fellows collaborate with advocates, academics, and companies and handle projects that lead to best practices, white papers, codes of conduct, and the like.
Other FPF fellows to come from Georgetown include Sarah Gordon (September 2013-August 2014), who has worked for Zillow as a Corporate Counsel since her fellowship ended, and Stephany Fan (September 2014-May 2015), who went on to work at Morgan Lewis & Bockius LLP as an Associate.
When Stacey was a fellow, she worked on consumer privacy issues, work that she has continued as a Policy Counsel. “My background is in civil rights,” Stacey said. “As a result, I became interested in privacy through my academic focus on the Fourth Amendment.”
Stacey feels that FPF presents an unusual opportunity. “What strikes me as different about working here is the extent to which our work relies on nuance and technical expertise,” she said. “FPF is not as concerned with ‘taking a position’ as we are with getting to the right answers to important questions. This often means considering all sides of crucial debates, even when they are not necessarily about privacy at all, but about ethics, fairness or discrimination. It also means that among our policy staff we are constantly pushing each other to better understand the issues and engage intellectually with the underlying ideas.”
Stacey says that this has made her experience at FPF “tremendously challenging and rewarding.” Now, Stacey serves as a mentor for our newest fellow from Georgetown, Carolina Alonso. Carolina joined us in September, and has been working on the Student Privacy Pledge, as well as several projects related to kids and the connected home. This includes a joint paper with the Family Online Safety Institute (FOSI), set to be released in December. Carolina also works closely with Stacey on Ad Tech.
Carolina, who grew up in Silicon Valley, and has interned with organizations like Facebook and Yahoo, says FPF is a unique place. “When you join FPF, they expect that you are going to be the expert,” Carolina said. “This is different from school. Everything we do here has a real purpose and a real audience.”
Like Stacey, Carolina feels that her fellowship at FPF has been a valuable experience. “People here are very approachable and friendly. That makes Georgetown-FPF a great partnership.”
We agree. FPF has been fortunate to have a stream of high-level young talent, and we enjoy helping recent graduates build a solid foundation in the privacy field.
