Registration is now open for PEP’s Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security. The Symposium will be held Friday, May 10, 2019 in the Founders Hall Auditorium at GMU’s Scalia Law School.

Continue reading “Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security”

On March 12, 2019, PEP Director Jane Bambauer testified before the Senate Judiciary Committee on the likely impact of GDPR and the CCPA on innovation and consumer welfare. Following her testimony, Senator Lindsey Graham requested that Jane expand her testimony by answering a series of written questions. Jane provided her responses on April 3, 2019.

You can read the Committee’s questions and Jane’s responses here.

On Tuesday, March 12, 2019, PEP Director Jane Bambauer will give testimony to the Senate Judiciary Committee on The Perils of Privacy as Property: The Likely Impact of GDPR and the CCPA on Innovation and Consumer Welfare.

You can read Jane’s prepared testimony here.

This dispatch of the PEP report takes a fly-over view of the year that just came to a close. Here are a few of the most important developments in policy and research related to privacy, data security, and data stewardship.

Story of the Year

Cambridge Analytica

News that Cambridge Analytica collected data on millions of Facebook users and exploited it to perform political consulting services has caused a seismic shift in privacy debates. For many observers, the scandal moved our attention to the particulars of data ownership over to more fundamental questions about the nature of data-related harm. Most of the observations from civil society describe that harm in terms of manipulation and deceit. For example, a report by the New America Foundation summarizes the Cambridge Analytica events and other related scandals this way:

“The central theme in these scandals is the power of the major digital media platforms to track, target, and segment people into audiences that are highly susceptible to manipulation. These companies have all profited enormously from this market structure, and they have done little to mitigate potential harms.”

Continue reading “PEP 2018 Year in Review”

In his new white paper, Are Firms and Consumers Investing Enough in Data Security?, Program on Economics & Privacy affiliated scholar, Sasha Romanosky surveys the cybersecurity terrain and shows the gaps in the tool set used to assess cyber risks and resulting harms in order to answer the question of whether firms and consumers take enough care to protect personal information.

Many consumer advocates and security and privacy professionals have concluded that companies are not spending enough on IT security. Their assessments are buttressed by the numerous reported cyber incidents and data spills over the past decade. Clearly, these security breaches, privacy intrusions, and software vulnerabilities show that companies are not spending enough to protect consumers’ data and produce safe applications. But there are two problems with this conventional wisdom. First, it ignores the consumer in the model of optimal data security. And second, it wrongly assumes that the right level of security investment would eliminate data breaches altogether.

This white paper helps correct the discussion on both counts.

Read the full report here.

The Federal Trade Commission is hosting a series of hearings on Big Data to air and understand our current evidence base. Last week, the hearings on “Competition and Consumer Protection in the 21^st Century” were held at American University Washington College of Law. (You can watch the speakers here.) This post will provide a summary of the first panel of the hearings, which I thought was one of the highlights of the event.

Continue reading “The PEP Report – November 2018”

by Jane Bambauer

Welcome to the inaugural PEP Report, an occasional (roughly monthly) roundup of news, research, and events related to privacy and economics.

A lot is happening this year, including upcoming public hearings at the FTC on big data and consumer protection and the recent passage of California’s Consumer Privacy Protection Act. Future PEP Reports will focus on those developments. For now, I would like to highlight research presented at the 46^th TPRC Conference on Communications, Information, and Internet Policy.

TPRC recently took place at American University Washington College of Law. (NB: It’s called TPRC because it used to stand for the Telecommunications Policy Research Conference, but the scope has since expanded to include the Internet, of course.) As usual, TPRC brought together a great lineup of papers from multiple disciplines tackling current and future problems in communications policy. Below are my thoughts on some of my favorite papers.

One note about the conference over all: TPRC has had a Privacy/Security track for several years now, but some of my favorite papers were in other tracks, and had only brief discussions of privacy law. This is telling. Too often, the authors of privacy papers are not forced to be in conversation with researchers who are trying to optimize the utility of information and communications technologies, and vice versa. In the future, I would love to see authors and audiences of privacy and data use papers in the same room so that tensions can be aired, acknowledged, and accounted for.

Click below to read about some of my favorite privacy-related papers from TPRC

Continue reading “The PEP Report – October 2018”

American University College of Law will host the TPRC Research Conference on Communications, Information, and Internet Policy on September 21-22. This is a terrific, multidisciplinary conference. If you are writing a student note or other research paper about Internet policy and would like to attend, please send me an email at jyakowit@gmu.edu. As an academic sponsor, PEP can send one student to the whole conference for free.

For more information and the program agenda, visit the TPRC website here:

http://www.tprcweb.com/