Future of Privacy Forum

On the heels of the Federal Trade Commission’s (“FTC”) third annual “PrivacyCon,” the Future of Privacy Forum hosted its eighth annual “Privacy Papers for Policymakers” event on Capitol Hill—a gathering in which academics present their original scholarly works on privacy-related topics to D.C. policy wonks who may have a hand in shaping laws and regulations at the local, federal, and international level. The goal of the event is, in part, to foster academic-industry collaboration in addressing the world’s current and emerging privacy issues.

FTC Commissioner Terrell McSweeny kicked off the program with a reminder of the unique challenge that has always faced the world of tech policy: the rapid acceleration of the Digital Age and the need for consumer rights to catch up. Commissioner McSweeny opined that the challenge may require some solutions that go beyond privacy—such as individual control over personal data, data portability, and governance by design—and pointed out several ways in which the honored papers may help spur the evolution of existing privacy frameworks:
Continue Reading Future of Privacy Forum: Privacy Papers for Policymakers 2018

Yesterday, several big tech companies that offer educational and school services signed the “Student Privacy Pledge,” introduced by the Future of Privacy Forum (“FPF”) and The Software & Information Industry Association (“SIIA”) to safeguard student privacy as it relates to the collection, maintenance, and use of students’ personal information.  Among the fourteen education tech companies representing the initial group to join SIIA and FPF in introducing the Pledge are Microsoft, Amplify, and Houghton Mifflin Harcourt.  Notably, tech giants Google and Apple were absent from the list of signatories.  As part of the Pledge, effective January 1, 2015, participating companies agree to the following commitments:

  • Not to collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student
  • Not sell student personal information
  • Not to use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of ads to students
  • Not to build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student
  • Not to make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not to make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements
  • Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student
  • Collect, use, share, and retain student personal information only for purposes for which companies are authorized by the educational institution, teacher, or the parent/student
  • Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information is collected and the purposes for which the information maintained is used or shared with third parties
  • Support access to and correction of students’ personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements, or directly, when the information is collected from the student with student/parent consent
  • Maintain a comprehensive security program reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information
  • Require that vendors with whom students’ personal information is shared in order to deliver the educational service are obligated to implement these same commitments
  • Allow a successor entity to maintain the students’ personal information, in the case of a merger or acquisition, provided the successor is subject to these same commitments for previously collected student personal information


Continue Reading Microsoft and Other Leading K-12 School-Service Providers Pledge To Protect Student-Data Privacy

According to a recent study released by the Future of Privacy Forum (FPF), the number of mobile apps with privacy policies has grown rapidly since September 2011. The study examined the top 25 free and 25 paid apps in the Apple iOS, Google Play, and Kindle Fire app stores, for a total of 150 apps. 

Of the apps reviewed, the study found