Latest

WPF Executive Director to serve as Senior Rapporteur for ID4Africa workshops regarding policy and regulatory challenges for digital identity and privacy and data protection in ID systems

The World Privacy Forum is pleased to announce Executive Director Pam Dixon has been invited to serve as the Senior Special Rapporteur for two workshops at the 2023 ID4Africa Annual General Meeting which will take place in Nairobi, Kenya 23-25 May. ID4Africa is regarded as the single most important gathering of identity experts and authorities in the world. The focus of Dixon's rapporteur work will include policy and regulatory challenges for digital identity: the African perspective (Workshop 2), and privacy and data protection in identity systems (Workshop 4)...

Emerging Technologies, Human Subject Research, and the Common Rule: High level overview of the 2023 OHRP Research Community Forum

Earlier this month, WPF attended a joint conference focused on the shifting dynamics of how the Common Rule that governs human subject research in the US will be interpreted amidst new technological shifts such as AI. The department of Health and Human Services is seeking to define what the next steps and new policy frameworks should be to ensure the Common Rule protects individuals in current and future research environments. Details on the presentations, conversations, and key takeaways in the post.

WPF Key Reports

WPF has written numerous ground breaking reports. The reports listed here are good key reference points for our work, as each report has been impactful and has changed the public dialogue. In some cases, laws were changed based on our findings or recommendations, particularly when there were pronounced and unambiguous ...

Kate Kaye joins WPF as Deputy Director

The World Privacy Forum is delighted to announce that award-winning technology journalist Kate Kaye will join WPF as its deputy director. As a longstanding technology journalist, Kate has been at the forefront of emerging technology, data privacy, and governance issues. Her reporting exposed the earliest forms of online political microtargeting ...

FTC takes first enforcement action under its Health Breach Notification Rule; also takes action against misrepresentation of HIPAA compliance

The FTC announced its first enforcement action under its Health Breach Notification Rule . This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the " ...telehealth and prescription ...

NIST releases milestone AI Risk Management Framework to foster trustworthy AI ecosystems

This week has been an important one for U.S. policy regarding rights-preserving artificial intelligence and how to manage, define, and improve AI in practical implementations. There are two significant news items. First, the National Institute of Technology and Standards (NIST) has released its milestone AI Risk Management Framework (1.0) for ...

WPF advises HHS on confidentiality of patient records re: alcohol and drug treatment records

The World Privacy Forum (WPF) submitted comments on an important Notice of Proposed Rulemaking that proposes modifications of the protection requirements for substance use disorder (SUD) treatment records. Currently, health records regarding treatment for Substance Use Disorders receive special protections under what is called Part 2 regulations , or, 42 ...

Statement of Pam Dixon at the FTC Open Commission Meeting regarding health privacy statements and consumer confusion

Thank you Chair and Commissioners. The profusion of health apps, websites and digital tools that provide consumers with assistance and insights about their health is a positive development. However, it has come at the cost of increasing privacy risks. One of these risks is that consumers are confused about when and where federal health privacy protections apply to their health information.

India's Ministry of Electronics and IT has opened a consultation on its freshly proposed comprehensive privacy legislation, DPDP 2022

After many study commissions and multiple serious attempts at a comprehensive data privacy bill, India's Ministry of Electronics and Information Technology has proposed a new draft privacy bill, and has opened a public consultation regarding the draft until 17 December 2022. The Ministry states that the proposed bill, the Digital ...

WHO Health Data Collaborative Meeting: high level overview

Last week, the World Health Organization held an in-person meeting of its health data collaborative leadership, its first face-to-face meeting of this group in four years. WPF attended as a constituency co-chair. Attendees included: members of the Ministries of Health and partner representation from Kenya, Malawi, Cameroon, Botswana, and Nepal; ...

How New Procedural Controls Using the Privacy Act of 1974 Can Improve the Protections of Reproductive Health Information Held by Federal Agencies

September 2022 By Robert Gellman and Pam Dixon Download this Report Executive Summary This report suggests specific procedural and substantive ways that the Executive Branch can revise implementation of the Privacy Act of 1974 to restrict and more carefully administer some disclosures of reproductive health information by federal agencies to ...

Identity ecosystems are a central aspect of global digitalization; the principle of Do No Harm must be a policy priority and commitment

Identity is a data-rich resource that acts as a key to connect all levels of emerging digital ecosystems. All forms of ID carry some risk, but digital forms of ID, or “dematerialized ID,” cuts across all sectors and links copious data about individuals, their behaviors, financial status, associates, and potentially even political and religious views. Over time, distinct patterns emerge from the linked data and create new kinds of risks for individuals and groups. As the world becomes increasingly and intensely digitalized, we can expect challenges in the identity space to grow apace unless proactive attention is given to identifying and mitigating the current and future risks.

WPF advises Secretary's Advisory Committee on Human Research Protection regarding its proposed AI Framework

WPF recently reviewed and provided recommendations regarding a proposed AI Framework meant to apply to medical research involving human subjects. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD -- software as a medical device -- grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. For this reason, WPF was pleased to review and provide recommendations to the Secretary's Advisory Committee on Human Research Protections, SACHRP, on its proposed AI Framework.

WPF urges HHS to clarify the harms of medical identity theft for victims

WPF has urged HHS to clarify the intersection between HIPAA compliance and harms resulting from medical identity theft in its response to the Request for Information from the Office of Civil Rights of the Department of Health and Human Services regarding implementation of the HITECH Act. WPF has a long history of work on the issue of medical identity theft, which has informed its response to HHS.

ISPI Forum on Digital Transformation, WPF speaker 

The Italian Institute for International Political Studies (ISPI) will be holding a High Level Forum on Digital Transformation in connection with OECD. The event will be held 16 May 2022 in hybrid format. WPF will be speaking about what risks exists for consumers arising from illicit use of their personal ...

OECD Going Digital Horizontal Project: news and event

WPF’s Executive Director Pam Dixon will be presenting at an upcoming OECD Workshop on the topic of data stewardship, access, sharing, and control in regards to national data strategies. WPF will be speaking as a organizational member of the formal civil society stakeholder group at OECD (CSISAC). https://www.oecd.org/digital/going-digital-project/ ). This ...