Home
Use our global calendar of privacy events to locate an event near you.
FILTER BY
The California Consumer Privacy Act (CCPA): An Introduction by its Author and Leading Technologists
In this webinar, you will learn:
- What the key provisions of the law mean to you and your customers:
- “Right to Know”
- “Right to Say No”
- “Right to Have Data Kept Safe”
- How existing and forthcoming technologies make it possible to achieve the intent of the CCPA
- How to build a data privacy culture within your enterprise
Hosted by:
Alastair Mactaggart, Chairman, Californians for Consumer Privacy
Justin Antonipillai, Privacy Expert & CEO, WireWheel
John Ackerly, Security Expert & CEO, Virtru
Jocelyn Aqua, Principal, Regulatory Privacy & Cybersecurity, PwC
Webinar Summary:
- In celebration of Data Privacy Day, “an international effort to empower individuals and businesses to respect privacy, safeguard data and enable trust,” please join us in a webinar where we will discuss the California Consumer Privacy Act (CCPA), a landmark piece of legislation designed to increase consumer rights over personal information, establish that privacy is a human right, and set the minimum bar for national privacy regulations.
- This will be the first in a series of webinars to help educate consumers and businesses about the CCPA, how to get ready for it, and to understand that the CCPA will ultimately protect a fundamental human right, while still enabling and promoting innovation and the growth of small and medium-sized businesses and large enterprises.
- The CCPA is set to go into effect on January 1, 2020 and will help people regain ownership and control over their personal information while helping businesses establish trust by ensuring they safeguard people’s personal information.
- Alastair Mactaggart, the Californians for Consumer Privacy Chairman and a force behind the CCPA, along with Justin Antonipillai, the founder and CEO of WireWheel, and John Ackerly, the founder and CEO of Virtru, will discuss the key sections of the CCPA and how technologies, like those developed by WireWheel and Virtru, are making it possible for the CCPA to fully achieve its vision and goals.
Algorithmic systems are being adopted in a growing number of contexts. Fueled by big data, these systems filter, sort, score, recommend, personalize, and otherwise shape human experiences of socio-technical systems. Although these systems bring myriad benefits, they also contain inherent risks, such as codifying and entrenching biases; reducing accountability and hindering due process; and increasing the information assymmetry between data producers and data holders.
ACM FAT* is an annual conference dedicating to bringing together a diverse community to investigate and tackle issues in this emerging area. Topics of interest include, but are not limited to:
- The theory and practice of fair and interpretable Machine Learning, Information Retrieval, NLP, and Computer Vision
- Measurement and auditing of deployed systems
- Users’ experience of algorithms, and design interventions to empower users
- The ethical, moral, social, and policy implications of big data and ubiquitous intelligent systems
ACM FAT* builds upon several years of successful workshops on the topics of fairness, accountability, transparency, ethics, and interpretability in machine learning, recommender systems, the web, and other technical disciplines.
Privacy Camp will take place on 29 January 2019 in Brussels, Belgium, just before the start of the CPDP conference. Privacy Camp brings together civil society, policy-makers and academia to discuss existing and looming problems for human rights in the digital environment.
Platforms, Politics, Participation
Privacy Camp 2019 will focus on digital platforms, their societal impact and political significance. Due to the rise of a few powerful companies such as Uber, Facebook, Amazon or Google, the term “platform” has moved beyond its initial computational meaning of technological architecture and has come to be understood as a socio-cultural phenomenon. Platforms are said to facilitate and shape human interactions, thus becoming important economic and political actors. While the companies offering platform services are increasingly the target of regulative action, they are also considered as allies of national and supranational institutions in enforcing policies voluntarily and gauging political interest and support. Digital platforms employ business models that rely on the collection of large amounts of data and the use of advanced algorithms, which raise concerns about their surveillance potential and their impact on political events. Increasingly rooted in the daily life of many individuals, platforms monetise social interactions and turn to questionable labor practices. Many sectors and social practices are being “platformised”, from public health to security, from news to entertainment services. Lately, some scholars have conceptualised this phenomenon as “platform capitalism” or “platform society”.
Privacy Camp 2019 will unpack the implications of “platformisation” for the socio-political fabric, human rights and policy making. In particular, how does the platform logic shape our experiences and the world we live in? How do institutional actors attempt to regulate platforms? In what ways do the affordances and constraints of platforms shape how people share and make use of their data?
Participate!
We welcome panel proposals relating to the broad theme of platforms. Besides classic panel proposals we are also seeking short contributions for our workshop “Situating Platforms: User Narratives”.
1. Panel proposals
We are particularly interested in panel proposals on the following topics: platform economy and labour; algorithmic bias; democratic participation and social networks.
Submission guidelines:
- Indicate a clear objective for your session, i.e. what would be a good outcome for you?
- Indicate other speakers that could participate in your panel (and let us know which speaker has already confirmed, at least in principle, to participate).
- Make it as participative as possible, think about how to include the audience and diverse actors. Note that the average panel length is 75 minutes.
- Send us a description of no more than 400 words.
2. “Situating Platforms: User Narratives” submissions
In an effort to discuss situated contexts with regard to platforms, we will have a session on lived practices and user narratives. Individuals, civil society groups or community associations are welcome to contribute in the format of a short talk or show & tell demonstration. Details and the online submission form are here:
Deadline
The deadline for all submissions is 18 November. After the deadline, we will review your submission and let you know by the end of November whether your proposal can be included in the programme. It is possible that we suggest merging panel proposals if they are very similar.
Please send your proposal via email to privacycamp(at)edri.org!
If you have questions, please contact Kirsten at kirsten.fiedler(at)edri(dot)org or Imge at imge.ozcan(at)vub(dot)be.
About Privacy Camp
Privacy Camp is jointly organised by European Digital Rights (EDRi), the Institute for European Studies of the Université Saint-Louis – Bruxelles (USL-B), the Law, Science, Technology & Society research group of the Vrije Universiteit Brussel (LSTS-VUB), and Privacy Salon.
PURPOSE:
- To recognize the year’s leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at United States federal agencies, and for data protection authorities internationally.
- To highlight important work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy solutions.
- To showcase the winning authors and summaries of their work in an annual Privacy Papers for Policymakers Digest, to be distributed to a wide range of United States and international policymakers.
AWARDS EVENT:
FPF will invite winning authors to present their work at an annual event with top policymakers and privacy leaders in Washington, DC on February 6, 2019. FPF will also publish a printed digest of the summaries of the winning papers for distribution to policymakers in the United States and abroad.
COMPILATION:
Each year, winning privacy papers are summarized and compiled into an accessible digest which is showcased to policymakers, privacy professionals, and the public.
EVENT DESCRIPTION
As part of a series of Hearings on Competition and Consumer Protection in the 21st Century announced in June 2018, the Commission will host a hearing to discuss the privacy aspects of Topic 5 on February 12-13, 2019, at the FTC’s Constitution Center building. (Topics 4 and 9, which address big data and artificial intelligence, also have privacy-related components; those topics will be the subject of separate hearings on November 6-8 and November 13-14, respectively. The data security portion of Topic 5 will be the subject of a separate hearing on December 11-12, 2018. The Commission will release information on those hearings separately.)
The Commission welcomes written comments on specific questions to be discussed at the February privacy hearing, as stated below. Interested parties may file pre-hearing comments electronically until December 21, 2018, and the Commission will additionally consider any comments it receives electronically until March 13, 2019. If any entity has provided funding for research, analysis, or commentary that is included in a submitted public comment, such funding and its source should be identified on the first page of the comment.
BACKGROUND AND QUESTIONS FOR COMMENT
The privacy of consumer data is a daily topic of news headlines, public discourse, and policy debates around the globe. Questions abound about consumers’ ability to make informed choices about data collection and use; potential harms to consumers resulting from data collection, sharing, aggregation, and use; the adequacy of existing legal and self-regulatory frameworks to protect consumers from those harms without unduly restraining legitimate business activity; and whether emerging frameworks improve on prior versions.
The Federal Trade Commission last undertook efforts to engage the public in considering data privacy issues in a comprehensive way from 2009-2012. During that time, the Commission held a series of public roundtable discussions, published a draft privacy framework, and obtained and considered more than 450 written public comments. The Commission’s work culminated in 2012 with a comprehensive privacy report.
Technologies and business models have changed significantly since the FTC issued the 2012 report. Consumers have benefited from the proliferation of mobile apps, mobile payment systems, Internet-connected devices (i.e., the Internet of Things), and other innovations. At the same time, consumers have expressed concern about the growing collection and use of their data, and businesses have enhanced their ability to link consumers’ behavior across devices and platforms.
Some jurisdictions have enacted new laws that contain new approaches for addressing privacy risks. The European Union, for example, enacted the General Data Protection Regulation (GDPR) (effective in May 2018), which includes data access, erasure, and portability rights and breach notification requirements. Some states have enacted comprehensive privacy laws or laws that address particular technologies, such as biometrics. For its part, the Commission has not only continued using its broad authority to prohibit unfair and deceptive practices, but also enforces more specific privacy statutes, such as the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act, and the Fair Credit Reporting Act.
In addition, the Administration is working toward development of principles and tools to protect consumer privacy. For example, the National Telecommunications and Information Administration (NTIA) is seeking comment on core privacy principles and the National Institute of Standards and Technology (NIST) is developing a privacy framework to help organizations manage privacy risks.
These rapidly-evolving changes in technology, business models, laws, and policy initiatives suggest that now is the right time for the Commission to re-examine the approach it developed in 2012. This includes addressing fundamental questions about what the goals of policymaking and enforcement in the privacy area should be, as well as the related question of how to define success.
The Commission has long taken a case-by-case approach to privacy, with protections calibrated to the particular law enforced as well as the sensitivity and use of personal information. However, the current approach needs to be examined in light of potential gaps in the Commission’s existing authority, as well as new risks, new opportunities, and new knowledge. Relevant questions include whether current approaches sufficiently protect consumer privacy; whether certain approaches may have unintentionally hindered innovation, growth, or competition, to the detriment of consumers and the economy; whether other approaches might better serve consumers and competition; and, if so, what those approaches should be. Accordingly, the Commission invites comments on the topics listed below, some of which have been examined in prior Commission materials and are being re-examined as part of the 21st Century Hearings initiative. Comments that contain empirical evidence and data are encouraged.
General Questions
- What are the actual and potential benefits for consumers and to competition of information collection, sharing, aggregation, and use? To what extent do consumers today, or are consumers likely to, realize these benefits?
- What are the actual and potential risks for consumers and to competition of information collection, sharing, aggregation, and use? To what extent do consumers today, or are consumers likely to, realize these risks?
- The use of “big data” in automated decisionmaking has generated considerable discussion among privacy stakeholders. Do risks of information collection, sharing, aggregation, and use include risks related to potential biases in algorithms? Do they include risks related to use of information in risk scoring, differential pricing, and other individualized marketing practices? Should consideration of such risks depend on the accuracy of the underlying predictions? Do such risks differ when data is being collected and analyzed by a computer rather than a human?
- Should privacy protections depend on the sensitivity of data? If so, what data is sensitive and why? What data is not sensitive and why not?
- Should privacy protection depend on, or allow for, consumer variation in privacy preferences? Why or why not? What are the appropriate tradeoffs to consider? If desired, how should this flexibility be implemented?
- Market-based injuries can be objectively measured—for example, credit card fraud and medical identity theft often impact consumers’ finances in a directly measurable way. Alternatively, a “non-market” injury, such as the embarrassment that comes from a breach of sensitive health information, cannot be objectively measured because there is no functioning market for it. Many significant privacy violations involve both market and non-market actors, sources, and harms. Should the Commission’s privacy enforcement and policy work be limited to market-based harms? Why or why not?
- In general, privacy interventions could be implemented at many different points in the process of collecting, processing, and using data. For example, certain collections could be banned, certain uses could be opt-in only, or certain types of processing could trigger disclosure requirements. Where should interventions be focused? What interventions are appropriate?
- Should policymakers and other stakeholders attempt to improve accountability for privacy issues within organizations? Why or why not? If so, how? Should privacy risk assessments be mandated for certain companies? Should minimum standards in privacy protections be required?
- How can firms that interface directly with consumers foster accountability of third parties to whom they transfer consumer data?
- What are the effects, if any, on competition and innovation from privacy interventions, including from policies such as data minimization, privacy by design, and other principles that the Commission has recommended?
- Do firms incur opportunity costs as a result of increased investments in privacy tools? If so, what are the tradeoffs between functionality, innovation, and security and privacy protections at the design level?
- If businesses offer consumers choices with respect to privacy protections, can consumers be provided the right balance of information, i.e., enough to inform the choice, but not so much that it overwhelms the decisionmaker? What is the best way to strike that balance and assess its efficacy?
- To what extent do companies compete on privacy? How do they compete? To what extent are these competitive dynamics dictated or influenced by consumer preferences, regulatory requirements, or other factors?
- Some academic studies have highlighted differences between consumers’ stated preferences on privacy and their “revealed” preferences, as demonstrated by specific behaviors. What are the explanations for the differences?
- Given rapidly evolving technology and risks, can concrete, regulated technological requirements – such as data de-identification – help sustainably manage risks to consumers? When is data de-identified? Given the evolution of technology, is the definition of de-identified data from the FTC’s 2012 Privacy Report workable? If not, are there alternatives?
- What should the role of the Commission be in the privacy area? What would define successful Commission intervention? How can the Commission measure success?
Questions About Legal Frameworks
- What are existing and emerging legal frameworks for privacy protection? What are the benefits and drawbacks of each framework?
- What are the tradeoffs between ex ante regulatory and ex post enforcement approaches to privacy protection?
- The U.S. has a number of privacy laws that cover conduct by certain entities that collect certain types of information, such as information about consumers’ finances or health. Various statutes address personal health data, financial information, children’s information, contents of communications, drivers’ license data, video viewing data, genetic data, education data, data collected by government agencies, customer proprietary network information, and information collected and used to make certain decisions about consumers. Are there gaps that need to be filled for certain kinds of entities, data, or conduct? Why or why not?
- Other than explicit statutory exemptions, are there limitations to the FTC’s authority to protect consumers’ privacy? If so, should they be removed? Why or why not? Should more limitations be implemented? Why or why not?
- If the U.S. were to enact federal privacy legislation, what should such legislation look like? Should it be based on Fair Information Practice Principles? How might a comprehensive law based on Fair Information Practice Principles account for differences in uses of data and sensitivity of data?
- Does the need for federal privacy legislation depend on the efficacy of emerging legal frameworks at the state level? How much time is needed to assess their effect?
- Short of a comprehensive law, are there other more specific laws that should be enacted? Should the FTC have additional tools, such as the authority to seek civil penalties?
- How should First Amendment norms be weighed against privacy values when developing a legal framework?
DISABILITY ACCOMMODATION
The FTC Hearings on Competition and Consumer Protection in the 21st Century will accommodate as many attendees as possible; however, admittance will be limited to seating availability. Reasonable accommodations for people with disabilities are available upon request. Request for accommodations should be submitted to Elizabeth Kraszewski via email at [email protected] or by phone at (202) 326-3087. Such requests should include a detailed description of the accommodation needed. Please allow at least five days advance notice for accommodation requests; last minute requests will be accepted but may not be possible to accommodate.
EVENT DETAILS
FTC PRIVACY POLICY
Under the Freedom of Information Act (“FOIA”) or other laws, we may be required to disclose to outside organizations the information you provide when you pre-register. The Commission will consider all timely and responsive public comments, whether filed in paper or electronic form, and as a matter of discretion, we make every effort to remove home contact information for individuals from the public comments before posting them on the FTC website.
The FTC Act and other laws we administer permit the collection of your pre-registration contact information and the comments you file to consider and use in this proceeding as appropriate. For additional information, including routine uses permitted by the Privacy Act, see the Commission’s comprehensive Privacy Policy.
This event is open to the public and may be photographed, videotaped, webcast, or otherwise recorded. By participating in this event, you are agreeing that your image — and anything you say or submit — may be posted indefinitely at ftc.gov or on one of the Commission’s publicly available social media sites.
| Know the impact of the new legislation for online communication The upcoming ePrivacy Regulation (EPV) affects all organizations in the electronic communications sector. Tighter rules on cookies, authorization, use of metadata and tracking techniques have great impact on your business model. The legislative process is in the final stage of negotiations. There are many questions. How the new ePrivacy Regulation affects your organization and where to take into account?At this seminar we bring news pioneers from Brussels and ePrivacy experts together. They talk about the situation, impact, effects and application of the new e-privacy legislation. You will go home with news, insights and knowledge how to prepare for the new legislation. Highlights: What is the latest situation and for which services the EPV application? |
FPF’s monthly Privacy Landscape call is scheduled for next Tuesday, Feb. 19, 2019 from 4pm-5pm ET.
The call will focus on state privacy legislation, with particular attention paid to the California Consumer Privacy Act and Senator Carlyle’s consumer privacy bill in Washington State. We expect a robust discussion and will set aside plenty of time for Q&A.
We are fortunate to be joined by Jim Halpert, Co-Chair of DLA Piper’s Global Data Protection, Privacy and Security Practice and Alex Alben, Washington State’s Chief Privacy Officer. Jim is a trusted voice in innumerable state privacy discussions. Alex has deep insight into the ongoing process re: the proposed Washington Privacy Act, including the just-published substitute bill.
Resources:
California Consumer Privacy Act – https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375&search_keywords=California+Consumer+Privacy+Act+of+2018
Washington State consumer privacy bill – http://lawfilesext.leg.wa.gov/biennium/2019-20/Pdf/Bills/Senate%20Bills/5376.pdf
Dial-in info for US callers and commonly requested international numbers are below. If you need an additional country-specific dial-in, please let me know.
We look forward to hearing from everyone – it promises to be a great call!
Dial-in info:
US Dial-In: 1 (888) 545-0687
Passcode: 5784 622#
Belgium: 0800 389 15
France: 0805 102 857
Germany: 0800 222 2013
Ireland: 1800 936 220
Israel: 1809 212 583
Italy: 800 906 150
Netherlands: 0800 0200 273
Poland 0 0800 121 34 45
UK: 0808 238 9856
The Michigan Technology Law Review is thrilled to announce that the Data Privacy and Portability in Financial Technology Symposium will celebrate MTLR’s 25th anniversary of publication! It will bring together students, professors, lawyers, government representatives, and industry leaders to reflect on the development of financial technology and privacy law and its implications for the future.
The event will include panel discussions on the impact of the GDPR on fintech data portability, designing responsible fintech data practices, and balancing innovation and consumer protection. Kristie Chon of PayPal will deliver a keynote address in the morning and Michael Barr, the Joan and Sanford Weill Dean of Public Policy at the University of Michigan Gerald R. Ford School of Public Policy, will present recent research.
Each new genetic test or medical app generates or collects more and more detailed health data, but may also raise serious issues for medicine, public health. Under what circumstances should a test be used, and how should it be implemented? Should people be allowed to choose or refuse a test, or should it be mandatory, as newborn screening is in some states? How should the data from these tests be used, and should individuals control access to the results of their tests? If test results are released to third parties, such as employers or insurers, what protections should be in place to protect individuals from unfair treatment based on test results, data collected, or genotype?
This Dissonance series event will take a multi-disciplinary look at these issues from a variety of theoretical and applied perspectives. Panelists will include:
Lori Andrews, Professor of Law and Director of the Institute for Science, Law and, Technology at Chicago Kent Law School
Jodyn Platt, Assistant Professor, U-M Medical School
Kayte Spector-Bagdady, Assistant Professor, U-M Medical School, Chief of the Research Ethics Service in the Center for Bioethics and Social Sciences in Medicine (CBSSM)
Denise Anthony, Professor, U-M School of Public Health