Public Policy

WPF Comments to OMB regarding public participation draft memorandum

The World Privacy Forum has filed comments to the U.S. Office of Management and Budget in response to its Request for Feedback on Draft Guidance: Broadening Public Participation and Community Engagement with the Federal Government. WPF made three specific suggestions to OMB regarding how Privacy Act notices might be managed in a way that facilitates better feedback from those interested specifically in Privacy Act of 1974 notices, which have meaningful bearing on matters relating to data governance, privacy, and data protection.

WPF Comments to OMB regarding AI and Privacy Impact Assessments

The World Privacy Forum has filed detailed comments to the U.S. Office of Management and Budget (OMB) in response to its Request for Information on Privacy Impact Assessments. Specifically, OMB requested information about how the U.S. Federal government should update or adjust its requirements for Privacy Impact Assessments (PIAs) in regards to changes to data ecosystems brought about by Artificial Intelligence (AI). WPF provided substantive recommendations regarding administrative provisions of the Privacy Act, scalable automated AI governance tools for privacy and trustworthy AI, ensuring nimble processes for privacy and AI assessments, and ensuring balanced, skillful socio-legal-technical decisionmaking.

Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.

WPF comments on European Commission proposal for new Health Authority

The European Commission has proposed the creation of a new European Health Emergency Preparedness and Response Authority, HERA. WPF provided comments regarding the proposal, urging the Commission to ensure from the outset that HERA will fulfill its mission with a focus on data interoperability and will include specific data governance ...

NIST report documents undeniable demographic effects in face recognition systems

WPF Press Release: NIST has issued extensive scientific documentation of demographic effects in face recognition systems in its new report, Face Recognition Vendor Test Part 3: Demographic Effects. The detailed findings in the NIST report are troubling. World Privacy Forum calls on the face recognition industry to accept, acknowledge, and address the new NIST findings, and calls for new multistakeholder work as well as significant safety guardrails.

WPF calls on Secretary of Homeland Security to provide formal notice and comment and address substantive concerns regarding the CBP biometric entry and exit program

The World Privacy Forum sent a detailed letter (PDF, 18 pages) September 18, 2018 to the Secretary of Homeland security outlining our substantive concerns regarding the US Department of Homeland Security (DHS) Customs and Border Protection (CBP) and Transportation Security Administration (TSA) biometric [1]entry and exit program. The World Privacy ...

Analysis & Report | Redress Revisited: Has the Privacy Shield Agreement Between the U.S. and the EU Been Fatally Undermined by President Trump’s Executive Order 13768?

This analysis is an in-depth look at the January 2017 Executive Order 13768, Enhancing Public Safety in the Interior of the United States, and its interaction with two laws, the Privacy Act of 1974 and the Judicial Redress Act of 2015. Regardless of the reasons underlying why the order was written, a key question this analysis considers is if the order damages the EU-US Privacy Shield agreement, and what that means.

United States' Postal Service "Informed Delivery" plan puts consumers at risk

The US Postal Service's new Informed Delivery system has the potential to impact every household in the United States that receives mail. It's important, and there are plenty of privacy issues. The World Privacy Forum wrote extensive comments to the United States Postal Service warning it about certain consumer privacy and security risks of its Informed Delivery service. Here's more information about Informed Delivery, and why it may create new phishing risks.

WPF asks Office of Management and Budget to re-evaluate plan to request social media account information on entry/exit forms; requests pilot study

The World Privacy Forum filed comments today with the US Office of Management and Budget regarding a US Customs and Border Protection agency proposal to request social media account information from arriving and departing travelers on entry/exit forms. Earlier this year, WPF wrote comments to CBP directly and urged the agency to drop its proposal to request social media profile information from travelers on these key entry/exit forms due to procedural and policy concerns.

WPF urges US Customs and Border Protection to change course on asking for social media accounts

The World Privacy Forum filed comments today with the US Customs and Border Protection agency regarding a proposal to request social media account information from arriving and departing travelers on entry/exit forms. WPF urged CBP to drop its proposal to request social media profile information from travelers on these key ...

WPF Files Comments on Federal Proposal for Human Subject Research (Common Rule)

The Nuremberg Code, an extraordinary document around ethics and research on human subjects written after the research abuses that took place during World War II, is akin to a global Emancipation Proclamation for human research subjects. The Nuremberg Code's 10 principles remain a timeless rendering of thought on what should be in place prior to any entity conducting research on human subjects, and this code forms the philosophical foundation of a regulation in the US known as the Common Rule. We have written extensive comments on the US proposal that will update the Common Rule...

WPF files comments on federal information handling to the Office of Management and Budget

The World Privacy Forum filed comments today on the Office of Management and Budget's proposed revision to a document that advises Federal agencies on how to handle the information they store. The document, OMB Circular A-130, Managing Information as a Strategic Resource , establishes policies for the management of federal ...

Public Comments: WPF files comments urging the SEC to protect asset-level data privacy of consumers

The World Privacy Forum submitted comments to the Securities and Exchange Commission today requesting that the SEC do more to protect the privacy of consumers' asset information. Asset information -- the financial information attached to mortgages, car loans, and other consumer borrowing activities-- is very attractive to the consumer data industry. We would be happier with the current SEC proposal if it were practical to keep all sensitive asset-level data under the direct control of the Commission or, perhaps, the Consumer Finance Protection Bureau. Direct involvement by a federal agency, while no guarantee of a better outcome for data subjects, would provide better and clearer accountability for maintenance of the data as well as the possibility of meaningful enforcement.

Pam Dixon writes about India's National ID Card in May/June issue of Foreign Policy Magazine

India's national biometric ID card -- In the May/June, 2013 issue of Foreign Policy Magazine, Pam Dixon writes about the privacy issues related to India's national biometric ID card. In the piece, Mission Creep, Dixon discusses how government-issued biometric ID cards that serve as national ID cards and as the basis for employment and financial transactions create profound civil liberties and privacy challenges that are neither easily or well-constrained by government policy.

Public Comments: April 2013 - FAA must clarify and enhance drone privacy practices

Commercial drone privacy – In comments filed with the FAA, the World Privacy Forum urged the agency to establish a robust privacy committee to focus on drone privacy and to clarify the applicability of the Privacy Act of 1974 to UAS test site operators. WPF also requested the FAA conduct mandatory Privacy Impact Assessments and provide a FIPS-compliant privacy notice. ”We have offered our comments to the FAA with the acknowledgement that everyone has much to learn in the area of commercial drone privacy. Our suggestions to the FAA seek to increase general knowledge about drones and their effect on privacy,” said Pam Dixon.

WPF to Speak on a Global Perspective on Consumer Privacy at FTC- IAPP Privacy Conference Workshop

Privacy in India and Developing Economies -- World Privacy Forum Executive Director Pam Dixon will present WPF's research and India privacy videos at the FTC - IAPP Global Privacy Conference workshop Wednesday, March 7. The session, Global Perspectives on Consumer Privacy, is the first session of its kind at IAPP or the FTC focused on privacy in developing economies. WPF has researched privacy extensively in India, and has documented a number of key privacy issues in a video series. So far, 5 videos in the series have been released. All of the videos were shot on location in India and feature Pam Dixon, with videographer Blake Hamilton. These videos offer a rare and early glimpse into privacy interactions and issues in India. WPF will be releasing one more video on biometric ID cards in India.

NTIA drafting process ongoing

Mobile Privacy -- The World Privacy Forum attended the NTIA Multistakeholder meeting as one of the core drafters of the code of conduct being considered by the NTIA Multistakeholder process. WPF and the other drafters are accepting comments from all stakeholders in preparation of the next iteration of the draft.

World Privacy Forum: California, Don’t Weaken Californian’s Health Privacy Laws

July 21, 2012 San Diego, California -- Today the World Privacy Forum filed comments on California's plan to harmonize existing California state law to federal health privacy laws. California's health privacy law, the CMIA, offers Californian's stronger privacy protections than national level health privacy laws. WPF urges California to reconsider its plan to weaken Californian's privacy. Executive director Pam Dixon said "The harmonization plan coming out of California's Department of Health and Human Services is not in harmony with California patients and their health privacy."

Public Comments: May 2012 - WPF Asks Presidential Commission to Protect Genetic Privacy

WPF filed comments with the Presidential Commission for the Study of Bioethics today urging the Commission to recognize the need for enhanced genetic privacy protections in a digital world. WPF noted that "The increasing identifiability of genetic data presents major privacy issues for research activities that must be acknowledged and addressed." WPF suggested four key ways that Certificate of Confidentiality programs could be enhanced for privacy protection, and urged the Commission to speak out about the importance of protecting patient privacy in research activities involving genetic information. "The Commission should advocate providing patients with reasonable controls over research uses of their data as electronic records develop and spread throughout the health care system." Public comments may be submitted to the Commission until May 25, 2012.

WPF Asks Presidential Commission to Protect Genetic Privacy

Genetic Privacy | Bioethics -- WPF filed comments with the Presidential Commission for the Study of Bioethics today urging the Commission to recognize the need for enhanced genetic privacy protections in a digital world. WPF noted that "The increasing identifiability of genetic data presents major privacy issues for research activities that must be acknowledged and addressed." WPF suggested four key ways that Certificate of Confidentiality programs could be enhanced for privacy protection, and urged the Commission to speak out about the importance of protecting patient privacy in research activities involving genetic information. "The Commission should advocate providing patients with reasonable controls over research uses of their data as electronic records develop and spread throughout the health care system." Public comments may be submitted to the Commission until May 25, 2012.

Public Comments: April 2012 - WPF asks that the full Consumer Privacy Bill of Rights be applied to MS Process

WPF filed two sets of comments with the US Department of Commerce regarding the MultiStakeholder Process and the privacy topics to be taken up. The first set of comments were WPF's formal filing of the joint Civil Society MultiStakeholder Principles on behalf of WPF and the American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers' Union, Consumer Watchdog, Electronic Frontier Foundation, National Consumers' League, Privacy Rights Clearinghouse, and US PIRG. The second set of comments were WPF's own comments to the Department. WPF urged the Department to employ a fair process, choose focused topics, and to apply the full range of the Consumer Privacy Bill of Rights to each topic.