The Nexus of Privacy Profile picture
Sep 8, 2022 105 tweets 54 min read Read on X
The FTC #ANPRforum on Commercial Surveillance and Data Security is live!

Streaming at kvgo.com/ftc/commercial…

More about the rulemaking: ftc.gov/legal-library/… Image
Josephine Liu of agency staff highlights 3 important questions:
1) Which practices are used to surveil consumers?
7) How should the FTC identify and evaluate commercial surveillance harms or potential harms?
8) which areas or kinds of harms has the FTC failed to address?
Encourages people to submit comments via regulations.gov, and notes that comments from individuals are very valuable

Also, including evidence is helpful!
Commissioner Slaughter encourages commenters to question current business models, and also encourages industry to engage to avoid unnecessarily burdensome regulations. #ANPRforum
The "industry perspectives" panel is moderated by @oliviersylvain, and includes @jason_kint, @MarshallCErwin, Paul Martino of National Retail Fundation, and @RFinlayPAI@ #ANPRforum . .
@oliviersylvain @jason_kint @MarshallCErwin @jason_kint: not all data collection and use are the same. Consumers expect sites to use data to tailor their experiences. But using it an different context -- like behavioral advertising -- violates consumer expectations.
@oliviersylvain @jason_kint @MarshallCErwin @jason_kint cites @ssnstudy's research that behavioral advertising only has a 3% benefit. FYI @swodinsky I know this is one of your favorite topics!
@MarshallCErwin: technical improvements are needed, but not enough. Also need regulations. Highlights "dark patterns", aka malicious design patterns: where users are being tricked into handing over their data. #ANPRforum

Erwin highlights the need for higher levels of transparency. Today the system's opaque, hard to show systematic harms. FTC needs transparency to be able to regulate algorithmic discrimination. #ANPRforum
Paul Martino notes that NRF is also a founding member of the the Main Street "Privacy" Foundation. Suggests that consumers should be empowered to opt out, because businesses need to be able to use data without getting permission up front.
@RFinlayPAI of Partnership on AI, a non-profit partnership of academic, civil society, industry, and media organizations. Stresses that even though they're on the panel, and get a lot of funding from industry, they're not an industry org. #ANPRforum

partnershiponai.org/funding/
First question: what are the best practices? Finlay: the use of documentation and benchmarks across the AI and ML lifecycle. Cites @timnitGebru and @mmitchell_ai @rajiinio et al.s work. Part of that is thinking about the impact of the system and mechanisms. #ANPRforum
@timnitGebru @mmitchell_ai @rajiinio Martino suggests that the "global privacy control" could frustrate consumer choice. What if customers have already opted in to something, does GPC from browser override it? Thinks specific choice should override general default choice, although agrees GPC is useful. #ANPRforum
@timnitGebru @mmitchell_ai @rajiinio Martino suggests that a "notice and cure" mechanism has been used effectively in state privacy laws. But wait a second, CA had a right to cure ... and they got rid of it! CO put a two-year sunset on their right to cure! WA's AG calls right to cure "anti-consumer"! #ANPRforum
Others are live-tweeting the FTC forum as well. Here's @TonyaJoRiley's thread

Martino pushes back on Kint's suggestion that the internet is a consequence-free zone for large companies. Meh. Companies like Meta (who bailed on today's forum) pay nine-digit fines as a cost of doing business. #ANPRforum
Finlay challenges the approach of collecting more data to improve algorithmic fairness: bumps into concerns about privacy. Methods to ensure privacy and security of the data are still experimental. Need to consider power and information asymmetries. #ANPRforum
Kint reiterates that context is important, and having a popup come up every time you visit a site that you're subscribing to is annoying. Martino agrees; the retail experience (where you're going to buy something) is different than sites where the consumer is the product
Up next: advocates panel, moderated by Rashida Richardson.

Richardson is the author of the incredibly-useful "Defining and Demystifying Automated Decision Systems". #ANPRforum

papers.ssrn.com/sol3/papers.cf…
@CaitrionaFitz of @EPICprivacy with a very strong statement, noting how the way Google treats email would be illegal if it were physical mail. Highlights impact greatest on marginalized communities. Urges FTC to issue Section 5 ruling. #ANPRforum
@harlanyu of @TeamUpturn notes that some of the techniques are new, but the underlying discrimination is not. Also talks about disparate adverse impacts. "Discrimination is often clearly unfair." #ANPRforum
@harlanyu @TeamUpturn @KarenKornbluh talks about threats to people seeking abortions, and problems of national security exceptions. "It's clear that the current consent framework is insufficient." Also cites asymmetries. #ANPRforum
@harlanyu @TeamUpturn @KarenKornbluh @SpencerOverton of @JointCenter ("America's Black Think Tank") notes how targeting can enable discrimination. Cites Meta's housing discrimination case, which they've once again settled. #ANPRforum

justice.gov/opa/pr/justice…
I say "once again" because Facebook has repeatedly promised to fix this ad discrimination problem, and hasn't. Pro Publica first reported it in 2016, and there was an earlier settlement in 2019 (I think) #ANPRforum
@staceygraydc agrees with other panelists that FTC should use authority to limit discrimination, which means establishing many of today's current prevalent business practices are unfair. Should require consent for sensitive info, disallow incompatible secondary uses. #ANPRforum
@staceygraydc But what compatible secondary uses should be allowed?

Consent and de-identification should both be relevant but not dispositive. FTC could help be defining standards for de-identification. #ANPRforum
What commercial surveillance practices are most concerning? Fitzgerald: widespread surveillance of internet browsing.
Harms: include data brokers and mass collection of location data. "A single SDK can be found in hundreds of apps." #ANPRforum
Gray agrees. Notes that there's consensus on the need to reform advertising, but no consensus on how. EU has been grappling with this, encourages FTC to engage with EU regulators and learn from successes and failures.

Richardson says that's happening. #ANPRforum
Overton concerned about ad discrimination, both in terms of targeting and delivery. Advertisers, regulators, and the public don't fully understand how these items work. Not transparent.
Yu: a whole dissertation could be written on this! Only 5% of eviction filings result in evictions, often just landlord pressuring tenant. But once it's on record, people can be denied future renting opportunities. Primarily affects Black people, especially Black women.
Yu discusses similar issues in criminal areas. Harms manifest themselves in different ways -- to Black and brown people, women, LGBTQ people, and other marginalized groups.
Richardson asks more about harms and risks falling more on different groups -- including intersectional risks.

Overton: online discrimination reinforces the existing disparities. Also, voter deception and voter suppression. FYI @digitalsista #ANPRforum
@digitalsista Overton talks about Russian social media manipulation and digital voter suppression in the 2019 election. Great points! #ANPRforum
Fitzgerald talks about online proctoring. Facial recognition performs worse for Black people, and even worse for Black women. Encourages FTC to specifically include students. #ANPRforum
Yu: the most harmful practices aren't necessarily new or complicated. It's easy for employers to do an online background check, or a "skills test" that embeds racist and sexist assumptions. So also continue to examine well-entrenched practices! #ANPRforum
Overton highlights the importance of transparency. "A Black woman doesn't know she's not getting shown ads for lucrative jobs." Color-blindness alone is not the answer. We have to recognize that digital advertising can play a role in developing community, getting out vote, etc
Yu: would like to see the FTC look at what a company should do for good faith efforts to avoid disparate outcomes? We'd like to see more companies do this, and show their work publicly. "They can't be scared to look and measure." #ANPRforum
Kornbluh notes the importance of FTC rules -- ethical guidelines aren't enough, sometimes you need a lawyer telling you that you have to do something. #ANPRforum
Gray: FTC could codify that failure to provide notice is an unfair practice.

Which brings us to the general question of notice and consent. Is consumer consent an effective way of evaluating whether a practice is unfair or deceptive? #ANPRforum
Gray talks about the practical impossibiity of submitting opt-out requests to 500 data brokers -- companies people have never heard of. New technologies lead to situations where consent is impossible or (for safety purposes) undesirable - smart city devices, connected vehicles,
Yu: consent means very little from a discrimination perspective. We need a power analysis. People don't have a choice in practice, it's a systemic problem not solvable by individual consumer consent. #ANPRforum
Kornbluh notes that in Europe a service can't be denied if you deny consent. Echoes Yu's point about power analysis. Global consent is problematic when it gets to sensitive information - "I've given consent and now I'm doing a search for abortion information" #ANPRforum
Gray notes that GDPR doesn't require consent for all data collection; it has different lawful bases, consent is one. That puts consent in the proper face. Also an effective framework of "legitimate interests", similar to FTC's unfairness authority. #ANPRforum
And EU has acknowledged the power imbalances with consent. Consent is not considered a legal basis in employment situations, because employers have all the power. Would love to see US regulators learn from that. #ANPRforum
Overton: we should be clear that self-enforcement isn't enough. It's good that Meta did a civil rights audit, but the world's most valuable companies should not have the right to externalize the costs of discrimination on to the most marginalized communities.
Now starting on public comments ... I'm commenting, so I'm a bit distracted ... please follow some of the other great tweeters on the hashtag!
And here's the extended version of my comments

thenexusofprivacy.net/comments-for-f…
@autistichoya Washington state represents! Maya Morales of @wapeopleprivacy notes that commercial data surveillance amplifies and also obscures who is even responsible for racial inequity, discrimination, and slipping away of our rights. #ANPRforum

Some great points from @cherikies on student privacy -- highlighting the issues from companies like PowerSchool as well as Google Classroom. More on PowerSchool here and their sibling companies here. #ANPRforum
themarkup.org/machine-learni…
@IdentityWoman highlights the importance of regulations supporting ethical, privacy-respecting approaches to data sharing based on new technologies. Also notes that FTC action can prevent two companies who control mobile handsets from freezing out other wallet makers #ANPRforum
Rick Lane brings up the impact of fintech targeting children — predatory debit cards and digital wallets. It's a great point, and he's right that nobody else had mentioned it. #ANPRforum

Jake Dockter of Portland encourages FTC to work with groups like @ACREcampaigns and @lucyparsonslabs, highlights the disastrous effects on communities of surveillance working with law enforcement. #ANPRforum
@ConnectEdProf urges investigation of third-party partnerships of data protection. If I heard her correctly, she said that people from ed tech companies are getting appointed as "school officers" and getting unfettered access to data? Yikes! #ANPRforum
@techchildrights of @hrw also focuses on edtich They audited EdTech companies (internationally I think) who sent data to US ad tech companies. Suggests that behavioral advertising targeted at children should be banned. #ANPRforum
Evan Colvin notes that nobody's talked about credit rating agencies, who (from what he can tell) seem to be exempted from CA and CO law. Highlighting some of the risks, he asks FTC to include them in their rulemaking. #ANPRforum
@ehasbrouck focuses on importance of "subject access rights" -- getting to see they data companies have. Notes that jurisdictional problems between FCC and DOT over transformation carriers are severe, and have pointed out since 2009, but there's been no progress. #ANPRforum
@StephanieCCIA notes that algorithmic issues are addressed in ADPPA legislation ... but doesn't mention how weak they are (in response to lobbying from CCIA members, perhaps?). More on that here. #ANPRforum

thenexusofprivacy.net/adppa-impact-a…
@StephanieCCIA My extended comments today look at how ADPPA's algorithmic impact assessments stack up against @AJLUnited's recommendations from "Who Audits the Auditors". ADPPA falls far short on all 6 recommendations. #ANPRforum

thenexusofprivacy.net/comments-for-f… 1  ADPPA doesn't require in...
Ed Reed's makes a good point on the need for trusted OS's.

@HumblxScience: "Big tech uses algorithmic memorization to get around regulations." It's "beyond unreasonable" to socialize risk to consumers. #ANPRforum

Ridhi Shetty of @CenDemTech also making some great points about harmful effects of behavior advertising targeting children, and urges FTC to consider impact on disability and LGBTQ communities. #ANPRforum
@chesterj1 of @DigitalDemoc talks about the impacts of today's surveillance marketing, and how the surveillance industry gets around regulation -- something that this rulemaking must address. #ANPRforum

And here's @ehasbrouck's written comments. #ANPRforum

hasbrouck.org/articles/Hasbr…
Rich Jones calls for commercial surveillance to be criminalized. Notes that Facebook payed $100K as part of the housing settlement - one minute of their revenue. "There are no benefits to the public. Society would be freeer and happier if it were criminalized." #ANPRforum
@leoniehaimson also focuses on student privacy - including data collected in surveys that's used to steer students to careers in discriminatory ways. Recommends parents should have to consent to collecting student data, probhits use of student data for advertising. #ANPRforum
@leoniehaimson asks FTC to use their authority to audit practices of ed tech companies. #ANPRforum

Elif Kiesow Cortez notes that with international action on privacy, it's a great time for FTC to act. Concrete recommendations and tools can encourage companies to compete on who offers more privacy. #ANPRforum
BREAKING: The Chamber of Commerce doesn't want the FTC to regulate! OMG who would have predicted?????
Also they don't like the term "commercial surveillance." The FTC should wait on Congress, which is easier for the Chamber to lobby. #ANPRforum
@zubair_shafiq of @ucdavis highlights research highlighting security vulnerabilities of "smart speakers" and voice assistants. The Commission should strongly consider regulating these. #ANPRforum
Shafiq also notes that companies are shifting to new techniques for cross-site and cross-device tracking. "Many companies are actively attempting to thwart regulations." #ANPRforum
Jen Fernback of Temple talks about privacy as dignity. Congress has failed to act -- and ADPPA will fail in the Senate, because it exempts de-identified data. "Some state rules are stronger than ADPPA." FTC needs to act. #ANPRforum
Oh yay, something to look forward to: FTC September 15 agenda is up

Vasuki Pasumarty with some great points about how definitional and process differences affect disabled people. Also notes that in a post-Roe environment strong protection is needed for mental health information including trauma. #ANPRforum

Somebody from @Workday talks about ADPPA and how great the impact assessments are because they don't require third-party involvement. Because, y'know, we should TOTALLY trust Facebook to evaluate themselves! #ANPRforum
Hmm, I wonder if one of the reasons @Workday likes ADPPA is that it completely exempts employee data, including benefits. #ANPRforum
@AttorneyNora of @freepress talks about examples of algorithmic discrimination -- such as this one, where a widely used health care algorithm discriminated against Black people. #ANPRforum
@AttorneyNora notes that civil rights and consumer rights groups strongly support this rulemaking, and are eager to building a record of harms for rules that address these discriminatory problems #ANPRforum
And now somebody else from the advertising industry is talking about how wonderful "data-driven" advertising is. Y'know what, I'm thrashed, I'm gonna give the last word to @AttorneyNora!
Still, other than laughably predictable positions from some industry folks, really outstanding comments at the #ANPRforum. Looking forward to see how things play out!
A few more links to add ... here's @IdentityWoman's detailed comments. #ANPRforum

identitywoman.net/ftc-on-commerc…
@alfredwkng has a short thread on one of the key takeaways from #ANPRforum: commercial surveillance companies and trade associations don't like the term "commercial surveillance".

I mentioned CCIA earlier, but forgot to mention who their members are. A picture is worth 1000 words.

And @alfredwkng also has some thoughts about the "patchwork" of state laws TechNet complained about at the #ANPRforum -- after having helped create.

Here's the US Chamber of Commerce's comments. BREAKING: "The business community takes issue with the Commission unfairly referring to its potential rules as those concerning “commercial surveillance.”" 🤣🤣🤣

uschamber.com/technology/dat…
And @janethaven of @datasociety highlighting that transparency is not enough. #ANPRforum

[Totally agree -- my written comments discussed ADPPA's algorithmic impact requirements weaknesses in several other areas in addition to transparency.]

datasociety.net/announcements/…
There hasn't yet been a lot of press that I can find yet on the FTC #ANPRforum. Kudos to @martyswant at @Digiday for covering it!

digiday.com/marketing/the-…
And Jessica Lyons Hardcastle, also in @TheRegister
theregister.com/2022/09/09/dat…
@threadreaderapp please unroll again, if it's not too much trouble

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with The Nexus of Privacy

The Nexus of Privacy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NexusOfPrivacy

Apr 5, 2023
My Health My Data (HB 1155 ) is on the Senate floor! #waleg

tvw.org/video/senate-f…
Currently discussing Sen. Mullet's amendment 298, which would significantly narrow the definition of consumer health data. @Dhingrama did a great job of discussing how this amendment would leave a lot of data unprotected. Padden supports, demands roll call.
@Dhingrama Short also opposes. Amendment 298 fails, 22-26

Up next Mullet moves 299, which incorporate 298 + strips per se clause with private right of action. Fails on a voice vote.
Read 34 tweets
Apr 4, 2023
My Health My Data heads to the Senate floor!

Washington privacy legislation update, April 4 #waleg

TL:DR: the vote on ESHB 1155 may be as early as tomorrow. And the stakes are high!

privacy.thenexus.today/my-health-my-d…
A quick summary:

- Republicans are likely to continue to vote against My Health My Data's protections for our health data and pregnant people

- Corporate Democrats are pressing to weaken the bill

- Privacy advocates continue to push to strengthen it. #waleg A quick note about gender  As far as I know all the corporat
The full post has details on the background of how we got here, a look at potential floor amendments, and a preview of what's next if the Senate does indeed pass an amended version of ESHB 1155.

privacy.thenexus.today/my-health-my-d…
Read 29 tweets
Feb 15, 2023
Coming up at 8:00 am: the Senate ENET committee hearing on SB 5356, regulating use of Automated Decision Systems (ADS) by government agencies. #waleg

Signins for the hearing: 793 Pro, 19 Con

Here's the live video stream.

tvw.org/video/senate-e…
"What are Automated Decision Systems and why you should care?", a webinar Washington state Chief Privacy Officer Katy Ruckle and I did last year, has background.

The 2021 Washington state ADS Workgroup report goes into a lot more detail. government agency leads, researchers (including me!), and representatives from advocacy organizations came up with consensus recommendations for a path forward.

watech.wa.gov/sites/default/…
Read 31 tweets
Feb 13, 2023
Today's Nexus of Privacy News Mega-Roundup: data brokers selling American's mental health data, state and federal #privacy legislation, news from across the pond ...

Here's a short thread of highlights. See the full newsletter for much more!

privacy.thenexus.today/privacy-news-f…
Our top story: @itsjhk of @DukeCyberPolicy reports on data brokers buying and selling mental health data. @jshermcyber has a good summary here.

And @drewharwell has a good story in the @washingtonpost on the Duke report on data brokers buying and selling mental health data.

washingtonpost.com/technology/202…
Read 9 tweets
Jan 24, 2023
Staring at 10:30 am: the House Civil Rights & Judiciary hearing, incliuding #MyHealthMyData and the #ShieldLaw.

Live video stream: tvw.org/video/house-ci…

"A much more favorable environment", my #waleg privacy overview, has more about both these bills

privacy.thenexus.today/wa-privacy-mor…
#MyHealthMyData (HB 1155), from @SlatterVandana and @Dhingrama, provides strong protections to consumer health data. It

- requires opt-in consent before companies collect, use, or share data
- prohibits sales of health data
- restricts geofencing around health facilities
Read 56 tweets
Jan 23, 2023
The Senate Transportation committee's hearing on SB 5105 #DigitalDriversLicences starts at 4:00. I'll be live-tweeting. #waleg

Here's the video: tvw.org/video/senate-t…

And here's the "bill report", with a quick summary: lawfilesext.leg.wa.gov/biennium/2023-…
Signins on #DigitalDriversLicenses are overwhelmingly CON -- including @ResistenciaNW @ACLU_WA and @IndivisEastside. @wapeopleprivacy is signed up to testify OTHER, as am I.

app.leg.wa.gov/csi/Home/getOt…
@ACLU's."Identity Crisis: What Digital Driver’s Licenses Could Mean for Privacy, Equity, and Freedom" has more on the risks of #DigitalDriversLicenses.

aclu.org/report/identit…
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(