George Mason University Antonin Scalia Law School

PEP Director James Cooper Speaks at FTC Workshop – “The Future of the COPPA Rule”

On Monday, October 7, 2019  PEP Director James Cooper spoke at a public workshop hosted by the Federal Trade Commission that discussed updating the Children’s Online Privacy Protection Rule. You can watch the full afternoon session here. Tune in at 3:30:00 to hear Director Cooper speak on Panel 4: “Uses and Misuses of Persistent Identifiers.”

“I worry about undervaluing  information flows to kids. . . Kids shouldn’t deserve any less First Amendment protections than grownups. . . . Once we start thinking about using COPPA as a tool to restrict advertising to kids, then I do think we’re getting into First Amendment land.”

Read the full transcript here.

Cooper spoke alongside alongside Harry Jho, Katharina Kopp, Jonathan Mayer, Kate O’Loughlin and Julia Tama on the panel. The panel was moderated by Mark Eichorn, an Assistant Director in the Division of Privacy & Identity Protection, and Laura Hosken, an Economist in the Bureau of Economics at the FTC.

Call for Papers: 2019 – 2020 Privacy Fellowship

The Program on Economics & Privacy (PEP) at George Mason University Antonin Scalia Law School invites applications for the 2019 – 2020 Privacy Fellowship. We seek authors to develop and present original work that focuses on the law and economics of issues surrounding the increasing regulatory scrutiny of online platforms. Issues of interest include, but are not limited to:

Continue reading “Call for Papers: 2019 – 2020 Privacy Fellowship”

Durable Privacy Legislation: An Evidence-Based Privacy Law that Works for the People

Public demand for stronger privacy laws has reached a critical point, and congress is likely to pass sweeping, cross-technology and cross-industry privacy legislation for the first time in US history. This is an exciting juncture for information policy, but also a perilous one. Poorly constructed privacy laws can frustrate the interests of the people they are meant to protect.

In her newest white paper, PEP Director Jane Bambauer explains why an evidence-based privacy law would not look like the GDPR or the CCPA, and offers the contours (and even model language) of a statutory scheme that would better serve the modern American consumer.

You can read the full paper and model legislation here.

Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security

Registration is now open for PEP’s Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security. The Symposium will be held Friday, May 10, 2019 in the Founders Hall Auditorium at GMU’s Scalia Law School.

Continue reading “Seventh Annual Public Policy Symposium on the Law & Economics of Privacy and Data Security”

PEP Director Jane Bambauer Provides Further Testimony to Senate Judiciary Committee

On March 12, 2019, PEP Director Jane Bambauer testified before the Senate Judiciary Committee on the likely impact of GDPR and the CCPA on innovation and consumer welfare. Following her testimony, Senator Lindsey Graham requested that Jane expand her testimony by answering a series of written questions. Jane provided her responses on April 3, 2019.

You can read the Committee’s questions and Jane’s responses here.

PEP 2018 Year in Review

This dispatch of the PEP report takes a fly-over view of the year that just came to a close. Here are a few of the most important developments in policy and research related to privacy, data security, and data stewardship.

Story of the Year

Cambridge Analytica

News that Cambridge Analytica collected data on millions of Facebook users and exploited it to perform political consulting services has caused a seismic shift in privacy debates. For many observers, the scandal moved our attention to the particulars of data ownership over to more fundamental questions about the nature of data-related harm. Most of the observations from civil society describe that harm in terms of manipulation and deceit. For example, a report by the New America Foundation summarizes the Cambridge Analytica events and other related scandals this way:

The central theme in these scandals is the power of the major digital media platforms to track, target, and segment people into audiences that are highly susceptible to manipulation. These companies have all profited enormously from this market structure, and they have done little to mitigate potential harms.”

Continue reading “PEP 2018 Year in Review”

Cambridge Analytica and the Meaning of Privacy Harm

In 2014 and 2015, the research company Cambridge Analytica was able to amass a database of information on 87 million Facebook users, based on the survey results of just a few hundred thousand personality quiz participants. The company then used this data to try to get political consulting clients. In her new white paper, Program on Economics & Privacy Director Jane Bambauer argues that while almost everyone agrees that something went wrong here, defining the harm such that it can elucidate the best course for public policy is an exceedingly difficult task.

This issue raises multiple concerns, each deserving of careful consideration, but which have divergent implications for how policymakers should respond. Professor Bambauer’s paper uses the Cambridge Analytica episode to explore why the meaning of a privacy-related harm is so difficult to define and why lawmakers are wise to proceed with caution as they develop new privacy laws.

You can read the full paper here.

Are Firms and Consumers Investing Enough in Data Security?

In his new white paper, Are Firms and Consumers Investing Enough in Data Security?, Program on Economics & Privacy affiliated scholar, Sasha Romanosky surveys the cybersecurity terrain and shows the gaps in the tool set used to assess cyber risks and resulting harms in order to answer the question of whether firms and consumers take enough care to protect personal information.

Many consumer advocates and security and privacy professionals have concluded that companies are not spending enough on IT security. Their assessments are buttressed by the numerous reported cyber incidents and data spills over the past decade. Clearly, these security breaches, privacy intrusions, and software vulnerabilities show that companies are not spending enough to protect consumers’ data and produce safe applications. But there are two problems with this conventional wisdom. First, it ignores the consumer in the model of optimal data security. And second, it wrongly assumes that the right level of security investment would eliminate data breaches altogether.

This white paper helps correct the discussion on both counts.

Read the full report here.