PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Will the FTC Remain a Leader on Privacy and Security?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 29, 2018

FTC and Privacy and Security

In an unprecedented transition, the FTC just got a full slate of 5 new commissioners, three Republicans and two Democrats:

Joe Simons (Chairman) – R
Noah Phillips – R
Christine Wilson – R
Rohit Chopra – D
Rebecca Slaughter – D

FTC LogoIt is difficult to predict how the FTC will approach privacy.  The new commissioners will be inheriting some high-profile investigations (Equifax and Facebook), and they will also be inheriting the legacy of the FTC as serving as the leading privacy regulator in the United States.  There are some, such as Berin Szóka, who argue that the FTC’s power needs to be reigned in.   In contrast, I posit that just the opposite is in order: the FTC must pursue a bold enforcement agenda.

The reason is that we don’t live in an isolated world. The European Union (EU) has seized the scepter of leading regulator of multinational companies. Nearly every chief privacy officer at a large multinational company tells me that their focus is 90% or more on the General Data Protection Regulation (GDPR) — the massive and rigorous privacy regulation in the EU that will start being enforced on May 25 of this year.  Effectively, for many companies, the regulators they are paying attention to are across the pond.

The US shouldn’t let itself fade into irrelevance. For years, the FTC has been working to convince the EU that there really is meaningful privacy regulation in the US — and I believe that this effort made a difference.  Perhaps it didn’t convince all EU policymakers, but it definitely had an effect on some policymakers.  This was how the US was able to establish the Privacy Shield Framework, built in the smoldering ashes of the Safe Harbor Arrangement that the European Court of Justice demolished in one swift stroke.

Continue Reading

GDPR Humor: A Collection of GDPR Cartoons and More

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 26, 2018

GDPR Humor - TeachPrivacy GDPR Training 02

Feeling stressed out about GDPR?  I can help!  Here are all of my GDPR cartoons and attempts at GDPR humor in one post.  It’s much better to laugh than to cry . . .

Continue Reading

FERPA Whiteboard and FERPA Interactive Whiteboard

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 26, 2018

FERPA Whiteboard

Recently, I created two new FERPA training resources, including a FERPA Whiteboard.

FERPA Whiteboard

I created a 1-page visual summary of FERPA, which I call the FERPA WhiteboardThe idea was to summarize FERPA in a concise and visually-engaging way.  You can download a PDF handout version here.  We’ve been licensing it to many organizations for training and awareness purposes.FERPA Whiteboard

FERPA Interactive Whiteboard

I subsequently created a new training module — an interactive version of the FERPA Whiteboard — the FERPA Interactive Whiteboard When people click on each topic, the program provides brief narrated background information, presented in a very understandable and memorable way.  Trainees can learn at their own pace.  This program is designed to be very short — it is about 5 minutes long.

It can readily be used on internal websites to raise awareness and teach basic information about FERPA.  It can also be used in learning management systems.

Continue Reading

Artificial Intelligence, Big Data, and Humanity’s Future: An Interview with Evan Selinger

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 25, 2018

Re engineering Humanity

Recently published by Cambridge University Press, Re-Engineering Humanity explores how artificial intelligence, automated decisionmaking, the increasing use of Big Data are shaping the future of humanity. This excellent interdisciplinary book is co-authored by Professors Evan Selinger and Brett Frischmann, and it critically examines three interrelated questions. Under what circumstances can using technology make us more like simple machines than actualized human beings? Why does the diminution of our human potential matter? What will it take to build a high-tech future that human beings can flourish in?  This is a book that will make you think about technology in a new and provocative way.

Continue Reading

Cartoon: GDPR Experts

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 24, 2018

Cartoon GDPR Experts - TeachPrivacy GDPR Training 02 medium

This cartoon makes fun of the fact that these days, there seem to be so many GDPR experts.  There are, indeed, many experts who know a lot about GDPR.  The problem is that there are a lot more “experts” out there who know only a little about GDPR.

Continue Reading

GDPR: Days Away Yet Miles to Go

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 22, 2018

GDPR Compliance - TeachPrivacy GDPR Training 01

May 25, 2018 is just around the corner.  That’s the date when GDPR enforcement starts.  Many organizations are scrambling to address GDPR compliance. But many still don’t even know what GDPR is.  A recent survey [link no longer available] conducted of EU citizens and EU companies reveals some interesting details about GDPR preparation and compliance on the other side of the pond.  For EU consumers, 90% believe that the GDPR is “good for consumers.”

GDPR compliance efforts by companies in the EU remain rather limited.  And I’m putting it nicely.  The survey reveals a rather low amount of knowledge about the GDPR and not enough preparation:

GDPR Survey 01

 

Continue Reading

The Cambridge Handbook of Consumer Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 21, 2018

Cambridge Guide to Consumer Privacy - Selinger Polonetsky Tene 03

Evan Seligner, Jules Polonetsky, and Omer Tene have just published a terrific edited volume of essays called The Cambridge Handbook of Consumer PrivacyThis is a truly impressive collection of writings by a wide array of authors from academia and practice. There’s a robust diversity of viewpoints on wide-ranging and cutting-edge issues.  The book has a hefty price tag, but it is a terrific resource.    

Cambridge Guide to Consumer Privacy - Selinger Polonetsky Tene 02

I have a blurb on the back of the book. This is what I wrote:

The Cambridge Handbook of Consumer Privacy is a magnificent collection of essays – each one short, engaging, and thought-provoking. The broad range of topics covers the most important and vital issues in consumer privacy, and these essays will be relevant for years to come. The authors are a superb assembly of the leading scholars and practitioners from diverse fields and perspectives. This book is a true feast of ideas.

Below is the table of contents.  I found a few of these essays on SSRN, where they are available for free, and I am linking to the ones I found.Continue Reading

Cartoon: Dark Web

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 16, 2018

Cartoon Dark Web - TeachPrivacy Security Training 03 medium

I hope you enjoy my latest cartoon about passwords on the Dark Web.  These days, it seems, login credentials and other personal data are routinely stocking the shelves of the Dark Web.  Last year, a hacker was peddling 117 million LinkedIn user email and passwords. And, late last year, researchers found a file with 1.4 billion passwords for sale on the Dark Web. Hackers will have happy shopping for a long time.

Continue Reading

Should Privacy Law Regulate Technological Design? An Interview with Woodrow Hartzog

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 12, 2018

Blueprint Privacy 03

Hot off the press is Professor Woodrow Hartzog’s new book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (Harvard Univ. Press 2018). This is a fascinating and engaging book about a very important and controversial topic: Should privacy law regulate technological design?

Continue Reading

In re Zappos: The 9th Circuit Recognizes Data Breach Harm

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 9, 2018

Data Breach Harm and Standing: Increased Risk of Future Harm

In In re Zappos.com, Inc., Customer Data Security Breach Litigation (9th Cir., Mar. 8, 2018), the U.S. Court of Appeals for the 9th Circuit issued a decision that represents a more expansive way to understand data security harm.  The case arises out of a breach where hackers stole personal data on 24 million+ individuals.  Although some plaintiffs alleged they suffered identity theft as a result of the breach, other plaintiffs did not.  The district court held that the plaintiffs that hadn’t yet suffered an identity theft lacked standing.

Standing is a requirement in federal court that plaintiffs must allege that they have suffered an “injury in fact” — an injury that is concrete, particularized, and actual or imminent.  If plaintiffs lack standing, their case is dismissed and can’t proceed.  For a long time, most litigation arising out of data breaches was dismissed for lack of standing because courts held that plaintiffs whose data was compromised in a breach didn’t suffer any harm.  Clapper v. Amnesty International USA, 568 U.S. 398 (2013).  In that case,  the Supreme Court held that the plaintiffs couldn’t prove for certain that they were under surveillance.  The Court concluded that the plaintiffs were merely speculating about future possible harm.

Early on, most courts rejected standing in data breach cases.  A few courts resisted this trend, including the 9th Circuit in Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010).  There, the court held that an increased future risk of harm could be sufficient to establish standing.

Continue Reading