Privacy Act

• FPF Develops Checklist & Guide to Help Schools Vet AI Tools for Legal Compliance
  FPF’s Youth and Education team has developed a checklist and accompanying policy brief to help schools vet generative AI tools for compliance with student privacy laws.
• Vetting Generative AI Tools for Use in Schools is a crucial resource as the use of generative AI tools continues to increase in educational settings.
• With these resources, FPF aims to provide much-needed clarity and guidance to educational institutions grappling with these issues.
• Check out the LinkedIn Live with CEO Jules Polonetsky and Youth & Education Director David Sallay about the Checklist and Policy Brief.

Today, the Future of Privacy Forum (FPF) filed comments with the Federal Trade Commission (Commission) in response to its request for comment on the Children’s Online Privacy Protection Act (COPPA) proposed rule. Read our comments in full. As technology evolves, so must the regulations designed to protect children online, and FPF commends the Commission’s efforts [?]

• 21 February 2024
  The Australian Information Commissioner has commenced an investigation into the personal information handling practices of HWL Ebsworth Lawyers (HWLE), arising from a data breach notified to the Office of the Australian Information Commissioner (OAIC) on 8 May 2023.
• The OAIC’s investigation is into HWLE’s acts or practices in relation to the security and protection of the personal information it held, and the notification of the data breach to affected individuals.
• In line with the OAIC’s Privacy regulatory action policy, the OAIC will await the conclusion of the investigation before commenting further.
• Under the Notifiable Data Breaches scheme in the Privacy Act, in certain circumstances organisations are required to take such steps as are reasonable to notify affected individuals of an eligible data breach and do so as soon as practicable.

• Consumers are not too happy with these requests and some even look for ways to avoid them.
• These pop-ups are in response to recent data protection and privacy regulations, such as the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act.

Commodification of user data

• Almost every website — both for-profit and not-for-profit — commodifies user data.
• Within the first three seconds of opening a web page, over 80 third parties on average have accessed your information.
• The usage of user data by third parties can be helpful, as it is an easy way for companies to earn money and it can easily connect consumers to any resources they are looking for.

The impact of privacy policies

• Previously, we analyzed the privacy implications of website monetization strategies and the prediction of website trustworthiness by observing their third-party usage.
• Recently, our focus has shifted to studying the impact of data regulation on consumers and websites to understand the impact of new privacy policies.
• We collected third-party utilization of the most popular 100,000 websites globally when California’s Consumer Privacy Act (CCPA) went into effect.

Learning from past mistakes

• In Canada, where privacy regulation is not yet finalized, there is an opportunity to learn from the mistakes of other regulators.
• As our research has found, opt-in policies are counterproductive in addressing third-party data-sharing concerns and can harm competition.
• Instead, we recommend using a mix of policies that are used in a more precise manner, rather than the currently preferred one-size-fits-all policies.

• Hooman Hidaji receives funding from the Social Sciences and Humanities Research Council of Canada.
• Ram Gopal receives funding from The Gillmore Centre for Financial Technology at the Warwick Business School.