PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Video: Dark Patterns – A Conversation with Elkina, Ross, and Solove

Dark Patterns LI Live 03

Please check out the conversation I had with Alexandra Ross and Elena Elkina about dark patterns.

A “dark pattern” is a term coined in 2010 by  Harry Brignull, who defined it as “a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.” The California Privacy Rights Act (CPRA) defines a “dark pattern” as  “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation.”

Elena is a co-founder of Aleada Consulting, a woman and minority owned privacy consulting firm in Silicon Valley which helps clients a wide array of important privacy matters (data mapping, DPIAs, DSARs, compliance with HIPAA, CCPA, GDPR, etc.). Alexandra is Director, Senior Data Protection, Use & Ethics Counsel at Autodesk. She is also the founder of The Privacy Guru.

For more background about dark patterns, please see my recent post for Dark Patterns Reading List and Resources. In this post, I provide a list of useful articles, writings, websites, videos, and other resources on dark patterns.

Also check out Elena’s blog post about dark patterns and the CPRA: New Privacy Regulations – California’s Dark Patterns Ban

Continue Reading

Podcast Interview with Information and Privacy Commissioner of Ontario on Privacy and Children

Teaching kids about privacy

On this podcast, Info Matters, I chat with Patricia Kosseim, Information and Privacy Commissioner (IPC) of Ontario, Canada about kids and privacy and my children’s book on privacy, THE EYEMONGER.

Episode Summary: Parents, kids, teachers, this one’s for you! Explaining privacy in a way that kids can understand — concepts and tools you can use to start discussing this very important topic from a young age. Conversation with international privacy expert Daniel Solove with highlights from his children’s book The Eyemonger.

If you’re interested in children’s privacy, I created a page of resources about children’s privacy for educators and parents here.

Continue Reading

Upcoming LinkedIn Live Conversation on Dark Patterns

LinkedIn Live Conversation on Dark Patterns

I will be having a LinkedIn Live session on Tuesday, May 11, at 1 PM Eastern:

Dark Patterns: A Conversation with Elena Elkina, Alexandra Ross,
and Daniel Solove

Tuesday, May 11 at 1 PM Eastern

I’ll be speaking with:

Elena Elkina

Elena is a a co-founder of Aleada Consulting, a woman and minority owned privacy consulting firm in Silicon Valley which helps clients a wide array of important privacy matters (data mapping, DPIAs, DSARs, compliance with HIPAA, CCPA, GDPR, etc.).

Alexandra Ross

Alexandra is Director, Senior Data Protection, Use & Ethics Counsel at Autodesk.

Watch it here. It’s free.

UPATE: The video is archived here.

Continue Reading

Talking to Kids About Privacy Event

FPF and Common Sense Media Event - Talking to Kids About Privacy
I will be speaking at an event organized by the Future of Privacy Forum (FPF) and Common Sense Media about talking to kids about privacy.  There is a great lineup of speakers.

Talking to Kids About Privacy
May 13 from 12:00-1:00 Eastern

The event site is here. You can register here.

Speakers

  • Rob Girling, Co-Founder, Artefact Group
  • Sonia Livingstone, Professor of Social Psychology, London School of Economics and Political Science (LSE)
  • Kelly Mendoza, Vice President, Education Programs, Common Sense Media
  • Anna Morgan, Head of Legal, Deputy Commissioner, Irish Data Protection Commission (DPC)
  • Daniel Solove, Professor of Law, George Washington University Law School; Founder, TeachPrivacy

Moderator

  • Amelia Vance, Director, Youth and Education Privacy, Future of Privacy Forum (FPF)

If you’re interested in children’s privacy, I created a page of resources about children’s privacy for educators and parents here.

Continue Reading

Upcoming Book Reading of The Eyemonger at World Bank Event

I will be speaking on May 19th at 4:30pm EST at a virtual book reading of my children’s book, THE EYEMONGER.

The event is hosted by the World Bank Data Privacy Office and the World Bank Group Family Network.

How to Be a Privacy Superhero: Defeating Spooky Eyes and Internet Spies
Virtual Book Reading of The Eyemonger
Wed, May 19, 2021, from 4:30 PM to 5:30 PM EST

To attend, RSVP here. After you RSVP, a Zoom link will be sent to you.

If you’re interested in children’s privacy, I created a page of resources about children’s privacy for educators and parents here.

Continue Reading

Dark Patterns Reading List and Resources

Dark Patterns List of Resources

Dark patterns are starting to receive increased regulatory attention, which is a welcome development in the evolution of privacy law. Here’s a dark patterns resource and reading list.

What Are “Dark Patterns”?

Harry Brignull coined the term “dark pattern” in 2010, defining it as “a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.” He now has a site devoted to dark patterns.

Regulating Dark Patterns

Dark patterns are increasingly becoming a focus of regulation. Regulators have long been reluctant to regulate technological design, but increasingly the reality is becoming clear: To effectively protect privacy, design must be regulated. The term “dark patterns” is catching on, and regulators are increasingly emboldened to regulate. It’s far more palatable to try to stop “dark patterns” than it is to restrict certain “technological designs.”

Under the California Privacy Rights Act (CPRA), the use of dark patterns to obtain consent will render consent invalid. A dark pattern is “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation.” The privacy bill pending in the State of Washington seeks to restrict dark patterns. The FTC will be holding a dark patterns workshop later this month.

Dark Patterns Reading List and Resources

Here’s a list of resources about dark patterns that are worth attention:

Continue Reading

Cartoon: Data Ethics

Cartoon Data Ethics - TeachPrivacy Privacy Training 01 small

This cartoon is about “data ethics,” a term for when companies make an effort to review the ethical ramifications of their activities involving personal data. I generally applaud looking at ethics broadly because it avoids being unduly constrained in its focus by narrow conceptions of privacy.  But there often isn’t sufficient rigor in the analysis of data ethics.

Ultimately, companies are formed to make a profit. We must not forget their true nature. A tiger can snuggle with you like a kitten, but it is still a tiger. Corporations can act ethically, but their nature is to make profits. When profits conflict with ethics, it’s hard for companies to resist the pull of their nature. This is why regulation is a necessity.

We should reward companies for acting ethically. But just as with the snuggly tiger, we shouldn’t ever let our guard down.

Continue Reading

TeachPrivacy Data Privacy Law Fellowship

Data Privacy Law Fellowship TeachPrivacy 01

The TeachPrivacy Data Privacy Law Fellowship is a part-time fellowship for recent law school graduates. The Fellowship is virtual, so fellows can work from any location.

Data Privacy Law Fellows help Professor Daniel Solove research, draft, and update scripts for training courses and do research for resources, guides, and other materials. TeachPrivacy has 150+ courses on various federal, state, and international privacy laws (GDPR, HIPAA, FERPA, GLBA, CCPA, TCPA, CAN-SPAM, CASL, LGPD, and many more). Fellows also assist with researching new developments in the law to keep scripts up-to-date. Additionally, fellows help with researching for blog posts and with the company’s social media. Generally, Professor Solove hires recent graduates who have taken a privacy law class or who have otherwise acquired a background in privacy law.

TeachPrivacy is a computer-based training company founded and run by Professor Daniel Solove. TeachPrivacy produces privacy and security compliance training for hundreds of companies, hospitals, health plans, universities, government agencies, and other organizations around the world, including many Fortune 500 multinationals.

Requirements:

  • JD at US law school or foreign law school
  • Strong interest in privacy issues
  • Desire to pursue a career in privacy law

Recommended:

  • Information privacy law coursework
  • Experience in  privacy law (internships, etc.)

The Fellowship has no formal duration, but most fellows work for 6-18 months. Former Data Privacy Fellows now work at large law firms, prominent companies, industry associations, and many other prestigious organizations.

To apply, please send your resume and transcript to inquiry@teachprivacy.com.

Continue Reading

Cartoon: Video Recording

Cartoon Video Social Media - TeachPrivacy Privacy Training 02 small

This cartoon focuses on video recording – how people readily whip out their phones to record events involving people in distress. The “bystander effect” is often invoked to describe the phenomenon of why people watch an emergency unfold without trying to help the victim. Perhaps there should be a modern update to the “bystander effect” called the “video recording effect” to describe how people will take videos of people in distress rather than help them.

In an interesting article, Why Do People Film Others in Distress Instead of Helping Them?, Angela Lashbrook discusses research on the bystander effect (it’s not as strong a phenomenon as many accounts say it is) as well as the effects of surveillance and video recording on people’s behavior. The research points in many different directions.

Continue Reading

Cartoon: HIPAA Right to Access

Cartoon HIPAA Access - TeachPrivacy HIPAA Training 02

This cartoon is about the HIPAA right to access medical records. Obtaining access to one’s medical records is currently like a scavenger hunt. Patients have to call and call again, wait seemingly forever to get records, and receive them via ancient means like mail and fax. There have been several articles (here, here, and here) about healthcare providers clinging desperately to their antiquated fax machines. According to a study in 2019, 90% of healthcare providers still use faxes.

Many healthcare providers cite to HIPAA as a reason to deny patient’s requests to be emailed their records.  But ironically, HIPAA says the opposite – providers must email patients their records if patients request them via email.

We’re well into the 21st Century now, and access to our health data should be much easier. HIPAA should do more than provide a right to access. It should encourage access and improve the ease of access.

Continue Reading