Privacy Ethics

WPF advises that DHS biometric collection proposal needs scientific, factual, ethical, and human rights basis, urges creation of transparent multistakeholder process to work on ethical guidelines regarding childrens' biometrics

The World Privacy Forum filed comments with DHS regarding its proposed new rules regarding biometric collection, and asked DHS to reconsider the rule and to apply the science, ethics, and international conventions regarding the protection of victims of human trafficking to the rule prior to moving forward. WPF found that ...

WPF Comments about Privacy and Big Data: Ethical Framework and Rights Essential

The World Privacy Forum filed comments with the U.S. Department of Commerce in response to its Request for Comments about big data, privacy, and the Consumer Privacy Bill of Rights. The White House Big Data report recognized that Big Data “raises considerable questions about how our framework for privacy protection applies in a big data ecosystem” and has the potential to “eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace.” This is among our concerns as well, and our comments focused on understanding big data's benefits while drawing attention to where there are significant privacy risks that need to be addressed.

WPF urges Big Data approach that addresses vulnerable populations

The World Privacy Forum's recent public comments to the White House regarding Big Data focus on using a foundation of Fair Information Principles to address issues connected to bias, error, and privacy regarding big data as applied to vulnerable populations. The comments also discuss large medical research data sets, and ...

The Scoring of America: Op Ed for IAPP & FTC Alternate Scoring Conference

This op ed was originally published Wednesday, March 19 2014 in IAPP for the FTC Alternate Scoring Conference. In our modern sea of data, the resources to examine all relevant information regarding a decision is no longer feasible, so we use shortcuts. Consumer scores built using predictive analytics and fed by large datasets are the modern-day shortcuts to understanding individual consumer behavior. That’s why new and unregulated consumer scores abound. They are used widely in today’s world to predict consumers’ behavior, spending, health, fraud, profitability, and much more. These scores rely on petabytes of information coming from newly available data streams, and some old ones.

New Privacy Resource: The Origins of Fair Information Practices

Chris Hoofnagle of Berkeley Law has just published arguably the single most important archive in privacy today: it is the transcripts of six of the HEW meetings in the early 197os that formed the origins of today's Fair Information Practices. FIPs have now for 40 years formed the cornerstone of most of the privacy laws passed globally. Long lost to the dust of time, the original hearing transcripts have never been available online, and even access to the paper versions have not been widely available.

WPF files comments on Genomic Data Sharing, urges broad privacy protections

WPF filed comments today asking The National Institutes of Health to make changes to its draft Genomic Data Sharing Policy for sharing, for research purposes, of large-scale human and nonhuman genomic data. The World Privacy Forum comments focus on human genomic privacy. "We are most concerned in our comments that the NIH find a full range of privacy protections for genomic data to be used for research. We are interested in a full arsenal from encryption to certificates of confidential to civil and criminal penalties for misuse. Consent -- as alluring as the idea is -- cannot by itself carry all of the privacy water," said Pam Dixon, executive director of the World Privacy Forum.

Public Comments: May 2012 - WPF Asks Presidential Commission to Protect Genetic Privacy

WPF filed comments with the Presidential Commission for the Study of Bioethics today urging the Commission to recognize the need for enhanced genetic privacy protections in a digital world. WPF noted that "The increasing identifiability of genetic data presents major privacy issues for research activities that must be acknowledged and addressed." WPF suggested four key ways that Certificate of Confidentiality programs could be enhanced for privacy protection, and urged the Commission to speak out about the importance of protecting patient privacy in research activities involving genetic information. "The Commission should advocate providing patients with reasonable controls over research uses of their data as electronic records develop and spread throughout the health care system." Public comments may be submitted to the Commission until May 25, 2012.

Public Comments: January 2012 - Regarding Face Facts: A Forum on Facial Recognition

The World Privacy Forum appreciates the opportunity to comment on the issue of facial recognition pursuant to the FTC Face Facts Workshop held on December 8, 2011. [1] The World Privacy Forum spoke on Panel 4 of the workshop, and those comments are already on the record. In these written comments, we would like to submit several key documents for the record and reaffirm several ideas from the workshop. The documents we are including as part of these comments include the World Privacy Forum’s groundbreaking report on digital signage, The One Way Mirror Society. Also included as part of these comments are the consensus privacy principles for digital signage installations that were signed by the leading US consumer and privacy groups.

WPF urges HHS to do more to protect the privacy of people who are medical research subjects

Common Rule | Health Privacy -- The World Privacy Forum filed extensive comments with the US Department of Health and Human Services about its proposed changes regarding the rules governing human subject medical research. In the comments, WPF noted that the HHS approach to privacy for research subjects was incomplete and did not use all Fair Information Practices. WPF strongly urged HHS to revise its proposal on a number of issues, including consent and the use of biospecimens in research. The World Privacy Forum is urging HHS to acknowledge that the realm of health data that is truly non-identifiable has shrunken remarkably, for example, biospecimens with DNA cannot be considered non-identifiable anymore. "In our comments, we are requesting that HHS give individuals the opportunity to make choices about the use of their own health data and specimens," said Executive director Pam Dixon. WPF also stated in its comments that "A central database with identifiable information about participants in human subjects research is a terrible idea." (See p. 21 of WPF comments.)

WPF files comments on deeply flawed SEC plan

Financial privacy and SEC -- The World Privacy Forum filed comments today criticizing the SEC proposed regulations that would release an unprecedented amount of financial details about individual borrowers through the EDGAR database. The WPF was joined by other privacy, consumer, and human rights organizations in its comments, which focused on the privacy issues with the proposed regulations. Pam Dixon, executive director of the WPF, stated in the comments that the SEC's new regulations would "Place on the public record and online the largest amount of personal financial information about borrowers ever disclosed, including information never before made public." The comments also note that the SEC's plan greatly increases the risk of identity theft for individual borrowers whose information will be released publicly.

World Privacy Forum comments on genetic non-discrimination to HHS

Genetic non-discrimination regulations (GINA) -- The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan's web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.

Testimony: The Modern Permanent Record and Consumer Impacts from the Offline and Online Collection of Consumer Information

I am particularly interested in developments related to online and offline data flows of consumer information. Given the advances in technology that have significantly broadened and deepened the scope of consumer data collection practices, and given the new ways that these technologies and practices can shape and impact an individual’s experiences and opportunities, I believe the decisions that this Committee arrives at will be of lasting importance. Given the transition our society is undergoing from analog to digital, it is crucial to question what changes the new environment brings, what new controls it includes, and its meaning for our day-to-day lives. It is especially crucial to carefully examine and to discuss the effects these developments will have for the consumer. We must look for a fair balance between benefit, risk, and harm.

WPF is signatory to the Madrid Declaration; global privacy standards for a global world

Madrid Declaration -- A significant civil society document with more than 100 signatories worldwide has been published in conjunction with the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners. The document, known as the Madrid Declaration, affirms support for the complete canon of fair information practices as expressed by the OECD, affirms support of privacy as a fundamental human right, and warns that "the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies."

Public Comments: April 2009 Proposed Rule to Implement Title II of the Genetic Information Nondiscrimination Act of 2008

The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loophole in consumer protection in the regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way as to prevent information leakage through billing and other activities.

When opting out is hard to do: World Privacy Forum sends letter to FTC about data broker companies offering mail-based opt outs

Data broker opt out issue -- The World Privacy Forum sent a letter to the Federal Trade Commission asking it to look into four companies offering online consumers the ability to opt out, then asking those consumers to use a variety of postal-mail-based methods to do so.

Public Comments: December 2008 - GINA – Genetic Information Nondiscrimination Act

In response to a Request for Information (RFI) from U.S. federal agencies regarding the recently passed GINA (Genetic Information Nondiscrimination Act), the World Privacy Forum filed a detailed response with suggestions on what aspects of GINA need clarification. The comments focus on a number of privacy issues the RFI raised, including model privacy notices and the issue of what the GINA statute calls "incidental collection" of genetic information. Currently, GINA states that some kinds of information are exempted from being considered as regulated for medical underwriting purposes. For example, medical information gleaned about patients for underwriting purposes from medical databases is regulated. But medical information gleaned about patients for underwriting purposes from, for example, marketing lists containing robust patient information may be unregulated if the law is not clarified in the regulatory process. The World Privacy Forum urged HHS and the Department of Labor to substantially clarify what constitutes "incidental collection," and urged the agencies to consider lists containing identifiable patient information to be considered in the same category as a "medical database."

World Privacy Forum urges more attention to the protection of research study participants

Human Subjects Research Protection (OHRP) -- The World Privacy Forum filed comments today with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that"nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study." OHRP will be accepting comments until Sept. 29.

Public Comments: September 2008 - World Privacy Forum urges more attention to the protection of research study participants

Human Subjects Research Protection (OHRP) -- The World Privacy Forum filed comments with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that "nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study."