In December 2017, the U.S. Department of Education and the Federal Trade Commission held a workshop focused on ed tech and student privacy. The workshop brought together a wide range of stakeholders interested in protecting student privacy – business, education, and consumer advocates.

On November 13, I participated in the Federal Trade Commission’s workshop on Ethics and Common Principles in Algorithms, Artificial Intelligence, and Predictive Analytics along with James Foulds, an Assistant Professor at the University of Maryland, Baltimore County, Rumman Chowdhury, the Global Lead for Responsible AI at Accenture Applied Intelligence, Martin Wattenberg, a Senior Research Scientist at Google, Erika Brown Lee, Senior VP & Assistant General Counsel at MasterCard, and Naomi Lefkovitz, a Senior Privacy Policy Advisor at the National Institute of Standards and Technology.  The following commentary is based on my remarks and the discussion at the panel. In 2017, SIIA published its Ethical Principles for Artificial Intelligence and Data Analytics as a guide for companies as they develop and implement advanced data analytic systems.  There are many other such ethical principles including the famous Belmont principles of respect for persons, benefic ...

At yesterday’s FTC hearing on the business of big data I outlined some of the important uses of big data and analytics. SIIA companies are industry leaders using analytics and big data to improve business methods and processes.  Among their innovative uses of data are the use of these techniques to:  

The Federal Trade Commission (FTC) signaled they are serious about enforcing current law with the announcement of the $650,000 fine and 20-year consent decree settling a complaint brought against toy maker, VTech, for violating the Children’s Online Privacy Protection Act (COPPA). VTech will pay the fine and is required to not violate COPPA.  It also must implement a comprehensive data security program subject to independent audits for 20 years. The FTC found that VTech, through its internet-connected toys, collected personal information from children under 13 without providing appropriate notice nor obtaining proper consent from the child’s parent. VTech, according to the complaint, did not use reasonable security measures required by COPPA despite stating they do in the available privacy policy. The toy maker suffered a major security breach in 2015 where hackers accessed unencrypted parent and child personal information, including photos and chat logs. ...

Last week, President Trump signed a congressional resolution to roll back the Federal Communication Commission’s (FCC) broadband privacy rules adopted in 2016.  The response has been a loud outcry that privacy on the internet is dead.  On the contrary, the vast majority of the internet is still under substantial regulation by the Federal Trade Commission (FTC).

In 2014, the Federal Trade Commission (FTC) celebrated its 100-year anniversary, marking over a century as the lead consumer watchdog based on its broad authority established by Sec. 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” The Commission has demonstrated that after a century, their Section 5 authority is flexible enough to keep pace with rapid technological evolution.  For instance, as SIIA has highlighted in a recent policy paper, the FTC settlement with TRENDnet demonstrated that the FTC’s regulatory authority is indeed applicable to the Internet of Things (IoT).  The FTC v. Wyndham demonstrated that while data security is not explicitly identified in Section 5, the FTC’s unfairness authority includes the ability to protect consumer data from data breaches. While there is little question of the critical value of the FTC as the lead regulator and enforcer of consume ...

comments, cross device tracking, ftc more

SIIA joined with 11 other industry organizations today to express strong concerns with the direction and potential impact of the National Institute of Standards and Technology’s (NIST) recently proposed privacy risk management framework.  Specifically, in their draft Internal Report, “Privacy Risk Management for Federal Information Systems”, NIST puts forward a privacy risk management framework with privacy engineering objectives and a privacy risk model.  The draft report is intended to offer a methodology to federal agencies to enable them to identify, calculate and account for privacy risks in their systems.

Late last week, SIIA hosted a lunch event “Re-Thinking Privacy in the Connected World” that focused on reevaluating popular understandings of the privacy cost/benefit analysis of data-driven innovation and the Internet of Things (IoT). So often discussion of these technologies and analytic methods demonize data collection as a risk to personal privacy and security. But our speakers gave us a more balanced understanding of the complex relationship between technology, data and privacy.  They underscored that while there may be fundamental right to privacy, privacy is not monolithic, but based on a diverse and evolving set of expectations.  And they rebutted the notions that enhancing privacy can be accomplished merely by limiting data collection, or that more data equals less privacy, which calls for more regulation. more

SIIA applauds the Alliance of Automobile Manufacturers and the Association of Global Automakers for adopting a set of privacy principles for vehicle technologies and services. These principles, released on Thursday November 13, are a responsible step toward protecting the information collected by connected cars, and they reflect an important movement of strong corporate commitments to data privacy. Data has become essential for improving auto safety, reducing traffic congestion, increasing auto efficiency and powering other advanced services for 21st Century drivers. By bolstering consumer confidence, these principles will help make certain these advancements can continue. They cover transparency, choice, respect for context, data minimization, de-identification, retention, data security, integrity, access and accountability. In particular, they put limits on the use of geolocation information for marketing purposes and provide consumers with access to collected information. These ... more