Posts Under: Privacy & Data Security

SIIA Moderates IAPP Public Records Panel: Differences to be Sure, But Areas of Consensus Emerge

On May 3, Sara DePaul, SIIA’s Senior Director for Technology Policy, moderated a panel at the IAPP’s Global Privacy Summit 2019 in Washington DC on “Balancing Transparency and Privacy in Open Access to Public Records.” The panel featured the views of Cindy Van Ort, Chief Privacy Officer of Thomson Reuters; Chris Calabrese, Vice President for Policy at the Center for Democracy and Technology; and David Cuillier, Associate Professor at the University of Arizona School of Journalism. The panelists engaged in a spirited discussion and found a few high-level points of consensus, such as: that the use of public records confer important social benefits, that open access and use can yield the potential for harmful results that should be accounted for, and that the treatment of public records by privacy laws can raise First Amendment concerns that must be balanced by policymakers. They differed, however, in whether and how a privacy law should apply to public records dat ...

more

Congress Should Pass a Strong Federal Privacy Law that Protects Consumers, Promotes Innovation, and Enables the Use of Publicly Available Information

On March 12, the Senate Judiciary Committee held a hearing on “GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation.” The Committee heard from witnesses representing industry, consumer organizations, and academia, who discussed a broad range of issues to inform a federal privacy law: from meaningful consumer controls to the successes and failures of other privacy frameworks to beefed up enforcement by the FTC . One important topic that was not discussed was the importance of publicly available information and how it should be treated by a federal privacy law. As SIIA explained in recent comments to the Senate, the social benefits and public policy principles promoted by the processing of public data are tangible, indisputable, and balanced. Public data is used to provide choice and access to credit for personal finances, to enable credit for business expansion to grow our economy, and to promote public safety. Moreover, the free flow o ...

more

French Data Protection Authority (DPA - CNIL) Google Fine Shows That Regulatory-Industry Cooperation Crucial To Get Privacy Right

On January 21, 2019, the French National Data Protection Commission (CNIL) fined Google Euros 50 million for not complying with the General Data Protection Regulation (GDPR).   There will be a legal challenge, but this blog focuses on the policy considerations surrounding the decision.  There are at least three initial takeaways from the CNIL decision.  First, this enforcement action demonstrates that the GDPR should not be replicated word for word in a possible U.S. federal privacy law.  Some notion of consumer harm should enter the calculation when a fine is considered.  Second, DPAs should be more forthcoming with guidance on how to comply with the GDPR, especially when companies are making a good faith effort to comply with the law.  Third, there is a risk that the one-stop-shop is going to become effectively meaningless.  As U.S. policymakers consider a federal privacy law, this should be a key co ...

more

Ethical Challenges of Artificial Intelligence

On November 13, I participated in the Federal Trade Commission’s workshop on Ethics and Common Principles in Algorithms, Artificial Intelligence, and Predictive Analytics along with James Foulds, an Assistant Professor at the University of Maryland, Baltimore County, Rumman Chowdhury, the Global Lead for Responsible AI at Accenture Applied Intelligence, Martin Wattenberg, a Senior Research Scientist at Google, Erika Brown Lee, Senior VP & Assistant General Counsel at MasterCard, and Naomi Lefkovitz, a Senior Privacy Policy Advisor at the National Institute of Standards and Technology.  The following commentary is based on my remarks and the discussion at the panel. In 2017, SIIA published its Ethical Principles for Artificial Intelligence and Data Analytics as a guide for companies as they develop and implement advanced data analytic systems.  There are many other such ethical principles including the famous Belmont principles of respect for persons, benefic ...

more

Ready for A New Standard in Data Privacy Requirements: Four Steps to Ensure Your Solution is Compliant and How ETIN Can Help

“. . . as education companies we can't just come up with a great product, show it to teachers, and expect to be successful. Our products and services have to help decision makers with their state and federal compliance and intricately defined funding requirements if we are going to be successful. If we don’t know what these are, we can’t get our products accepted.”  — Mitch Weisburgh, Managing Partner, Academic Business Advisors

more

SIIA Participates in Markets & Markets Panel Discussion on Blockchain

I had the honor participate in a September 27 panel discussion in NYC organized by Markets & Markets.  See this agenda for the Markets & Markets “AI & Blockchain Fintech Confex” event.   SIIA views blockchain as part of a continuum of technologies that are and will continue to change the world.  Technologies such as the internet of things (IOT), cloud computing, data-driven innovation, and artificial intelligence are all topics SIIA has provided thought leadership on.  This is why  in January this year, we released an Issue Brief on blockchain and hosted an event with the Congressional Blockchain Caucus.   Many of our Member companies are experimenting with blockchain-based products. Dun & Bradstreet, for instance, provides a unique blockchain identifying number that corresponds to the Data Universal Numbering System (DUNS) number that it offers for companies.   This allows companies that do not know each ot ...

more

The Constitution Has a Role in Informational Privacy Legislation

The General Data Protection Regulation is designed to support the individual’s interest in informational privacy, which the EU recognizes as a fundamental right.  Under that law, the collection, use and transfer of personal information is prohibited unless done with consent of the individual.  It has a de minimis legitimating role for social or business purposes but generally, if the individual revokes consent, processing of information must stop and often the information itself must be deleted. The US works from a different paradigm.  We certainly value privacy as necessary and valuable to ensure both personal dignity and a free and functioning society.  But we focus privacy laws on the prevention and remediation of harm, not on consent.  United States privacy law grew out of the common-law privacy torts: defamation, intrusion on seclusion, disclosure of private facts, false light and the right of publicity.  Thus, for example, the tort of disclo ...

more