Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”
All posts in Privacy by Design
Hot off the press is Professor Woodrow Hartzog’s new book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (Harvard Univ. Press 2018). This is a fascinating and engaging book about a very important and controversial topic: Should privacy law regulate technological design?
This cartoon depicts the potential future of the Internet of Things. As more and more devices are connected to the Internet, including ones implanted in people’s bodies, increasing thought must be given to the privacy and security implications. The speed of technological development is moving at a far greater pace than the speed of policy thinking regarding privacy and security.
How will the security of new devices be regulated? The market doesn’t seem to be adequately addressing the security of the Internet of Things. Bad security in devices has externalities beyond the users, as devices can be used as part of botnets to attack other targets.
How will privacy be designed into devices? How will notice and choice work? When privacy is “baked in” to a device, do the engineers have a comprehensive understanding of privacy? How will consumers be able to understand and respond to these design choices?
Should there be special considerations for medical devices or any device that is implantable in a person?
We still await satisfactory answers to these questions . . . but the expansion of the Internet of Things isn’t waiting.
Here’s an earlier cartoon I created regarding the Internet of Things:
By Daniel J. Solove
At my annual event, the Privacy+Security Forum, which was held last month, one of the sessions involved privacy and security in fiction. The panelists had some terrific readings suggestions, and I thought I’d share with you the write-up that they generated for their session. The speakers were:
Peter Winn, Assistant U.S. Attorney, U.S. DOJ and Lecturer, University of Washington School of Law
Heather West, Senior Policy Manager & Americas Principal, Mozilla
Kevin Bankston, Director, Open Technology Institute and Co-Director, Cybersecurity Initiative, New America
Joseph Jerome, Policy Counsel at Future of Privacy Forum
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.” He blogs about various privacy and data security issues. His blog has more than 600,000 followers.
* * * *
Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.
* * * *
Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.
* * * *
Professor Solove’s LinkedIn Discussion Groups
Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:
and Data Security
by Daniel J. Solove
I was fortunate to pick up a copy of The Privacy Engineer’s Manifesto, a new book by Michelle Finneran Dennedy, Jonathan Fox, and Thomas Finneran.
I’ve read a lot of practical “how to” stuff about privacy before that’s vague and not very specific, but this book is so refreshingly detailed, has great depth, and is concrete. It’s a real achievement, and a book that deserves attention.
by Daniel J. Solove
I’m pleased to share with you my new article in Harvard Law Review entitled Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013). You can download it for free on SSRN. This is a short piece (24 pages) so you can read it in one sitting.
Here are some key points in the Article: