Call for Papers: 2019 – 2020 Privacy Fellowship

The Program on Economics & Privacy (PEP) at George Mason University Antonin Scalia Law School invites applications for the 2019 – 2020 Privacy Fellowship. We seek authors to develop and present original work that focuses on the law and economics of issues surrounding the increasing regulatory scrutiny of online platforms. Issues of interest include, but are not limited to:

Continue reading “Call for Papers: 2019 – 2020 Privacy Fellowship”

Durable Privacy Legislation: An Evidence-Based Privacy Law that Works for the People

Public demand for stronger privacy laws has reached a critical point, and congress is likely to pass sweeping, cross-technology and cross-industry privacy legislation for the first time in US history. This is an exciting juncture for information policy, but also a perilous one. Poorly constructed privacy laws can frustrate the interests of the people they are meant to protect.

In her newest white paper, PEP Director Jane Bambauer explains why an evidence-based privacy law would not look like the GDPR or the CCPA, and offers the contours (and even model language) of a statutory scheme that would better serve the modern American consumer.

You can read the full paper and model legislation here.

Registration Now Open for PEP’s Seventh Annual Privacy & Data Security Symposium!

Registration is now open for PEP’s Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security. The Symposium will be held Friday, May 10, 2019 in the Founders Hall Auditorium at GMU’s Scalia Law School.

Click here for the Symposium agenda and to register.

Continue reading “Registration Now Open for PEP’s Seventh Annual Privacy & Data Security Symposium!”

PEP Director Jane Bambauer Provides Further Testimony to Senate Judiciary Committee

On March 12, 2019, PEP Director Jane Bambauer testified before the Senate Judiciary Committee on the likely impact of GDPR and the CCPA on innovation and consumer welfare. Following her testimony, Senator Lindsey Graham requested that Jane expand her testimony by answering a series of written questions. Jane provided her responses on April 3, 2019.

You can read the Committee’s questions and Jane’s responses here.

PEP 2018 Year in Review

This dispatch of the PEP report takes a fly-over view of the year that just came to a close. Here are a few of the most important developments in policy and research related to privacy, data security, and data stewardship.

Story of the Year

Cambridge Analytica

News that Cambridge Analytica collected data on millions of Facebook users and exploited it to perform political consulting services has caused a seismic shift in privacy debates. For many observers, the scandal moved our attention to the particulars of data ownership over to more fundamental questions about the nature of data-related harm. Most of the observations from civil society describe that harm in terms of manipulation and deceit. For example, a report by the New America Foundation summarizes the Cambridge Analytica events and other related scandals this way:

The central theme in these scandals is the power of the major digital media platforms to track, target, and segment people into audiences that are highly susceptible to manipulation. These companies have all profited enormously from this market structure, and they have done little to mitigate potential harms.”

Continue reading “PEP 2018 Year in Review”

Cambridge Analytica and the Meaning of Privacy Harm

In 2014 and 2015, the research company Cambridge Analytica was able to amass a database of information on 87 million Facebook users, based on the survey results of just a few hundred thousand personality quiz participants. The company then used this data to try to get political consulting clients. In her new white paper, Program on Economics & Privacy Director Jane Bambauer argues that while almost everyone agrees that something went wrong here, defining the harm such that it can elucidate the best course for public policy is an exceedingly difficult task.

This issue raises multiple concerns, each deserving of careful consideration, but which have divergent implications for how policymakers should respond. Professor Bambauer’s paper uses the Cambridge Analytica episode to explore why the meaning of a privacy-related harm is so difficult to define and why lawmakers are wise to proceed with caution as they develop new privacy laws.

You can read the full paper here.

Are Firms and Consumers Investing Enough in Data Security?

In his new white paper, Are Firms and Consumers Investing Enough in Data Security?, Program on Economics & Privacy affiliated scholar, Sasha Romanosky surveys the cybersecurity terrain and shows the gaps in the tool set used to assess cyber risks and resulting harms in order to answer the question of whether firms and consumers take enough care to protect personal information.

Many consumer advocates and security and privacy professionals have concluded that companies are not spending enough on IT security. Their assessments are buttressed by the numerous reported cyber incidents and data spills over the past decade. Clearly, these security breaches, privacy intrusions, and software vulnerabilities show that companies are not spending enough to protect consumers’ data and produce safe applications. But there are two problems with this conventional wisdom. First, it ignores the consumer in the model of optimal data security. And second, it wrongly assumes that the right level of security investment would eliminate data breaches altogether.

This white paper helps correct the discussion on both counts.

Read the full report here.

The PEP Report – November 2018

The Federal Trade Commission is hosting a series of hearings on Big Data to air and understand our current evidence base. Last week, the hearings on “Competition and Consumer Protection in the 21st Century” were held at American University Washington College of Law. (You can watch the speakers here.) This post will provide a summary of the first panel of the hearings, which I thought was one of the highlights of the event.

Continue reading “The PEP Report – November 2018”