Privacy by Design

Privacy by Design – Catalyzing Privacy by Design

January 6-7, 2016 Washington, D.C.

Georgetown University Law Center, McDonough Hall Room 200, 600 New Jersey Avenue Northwest, Washington, DC, United States

Overview

This workshop reviewed the lessons from workshops #1-3 and examine how existing regulatory models, along with other factors, shape organizations’ understanding of privacy problems, approaches, and solutions. Building on workshop-generated insights on the strengths and limitations of current approaches—in terms of concepts, incentives, actors—the workshop considered how well regulatory models respond to privacy-by-design challenges, and identify open research questions. A goal of the overall project was to broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions. Thus, gaining some understanding of the forces that drive the choice of methods, tools, and approaches is a core goal of engagement with industrial innovators. Organizational practices including the development of internal privacy expertise of various sorts and at various levels of the organization, privacy education and training, and mechanisms of accountability may—and from the regulators’ perspective should—comprise part of the privacy-by-design ecosystem with an institution. Legal choices—both substantive and institutional—appear to influence firms’ investments in these features. Building on insights from earlier workshops we identified open research questions about the relationship between regulatory form and other external and internal features of the privacy field, and the expression of privacy in firm practice.

This workshop was one of four aimed at identifying a shared research vision to support the practice of privacy-by-design. They convened both practitioners with direct experience of the challenges in implementing privacy-by-design from a range of fields—software developers, privacy engineers, usability and interaction designers, chief privacy officers—and researchers from an equally broad range of disciplines.

The goals for the four workshops included:

To take stock of the methods, tools, and approaches currently used to design for privacy.
Broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions.
Begin the process of building an interdisciplinary community of researchers to develop broader theoretical foundations, systematic approaches, as well as organizational and regulatory models for supporting the practice of privacy-by-design.

Previous Privacy by Design Workshops
Workshop 1- State of Research and Practice
Workshop 2- Privacy Enabling Design
Workshop 3- Engineering Privacy

Agenda

January 6, 2016 (Wednesday)

07:00 AM	Breakfast \| Hyatt Regency Washington on Capitol Hill Thornton Room A and Lounge - 11th Floor
08:30 AM	Welcome and Introductions Ann Drobnis, Computing Community Consortium Deirdre K. Mulligan, School of Information, UC Berkeley Participant Lightning Round Introductions
09:30 AM	Does Privacy by Design Require Regulatory Intervention? Moderator: David Vladeck, Georgetown University Law Center Stage Setter: Laura Brandimarte, University of Arizona Respondents: Peter Swire, Scheller College of Business, Georgia Institute of Technology Jim Harper, Cato Institute Nico van Eijk, Institute for Information Law (IViR) University of Amsterdam
11:00 AM	Break
11:30 AM	How does Privacy as a Good, and Issues of Measurement, Relate to Regulatory Choices? Moderator: Deirdre K. Mulligan, School of Information, UC Berkeley Panelists: Brett M. Frischmann, Cardozo Law School Priscilla Regan, School of Policy, Government, and International Affairs, George Mason Univ. Andrew Odlyzko, School of Mathematics, University of Minnesota
12:40 PM	Lunch
02:00 PM	Access to Information Necessary to Embed Privacy in Design Moderator: Travis Breaux, CMU Panelists: Sasha Romanosky, Rand Corporation Andrea Matwyshyn, Northeastern University Mary Culnan, Future of Privacy Forum
03:00 PM	Break
03:30 PM	Preferencing Technical or Policy Solutions Moderator: Ira Rubinstein, New York University Panelists: Roger Brownsword, Kings College, London Helen Nissenbaum, New York University John DeLong, National Security Agency Rob Sherman, Facebook Steve Bellovin, Columbia University
04:45 PM	Day 1 Wrap-Up
06:00 PM	Dinner \| Hyatt Regency Washington on Capitol Hill Thornton Room A and Lounge - 11th Floor

January 7, 2016 (Thursday)

07:00 AM	Breakfast \| Hyatt Regency Washington on Capitol Hill Thornton Room A and Lounge - 11th Floor
09:00 AM	Report From Day One
09:30 AM	Lessons from other areas—Security and Environmental Moderator: Fred B. Schneider, Cornell University Panelists: Dennis Hirsch, Capital University David Thaw, Law and Information Sciences, University of Pittsburgh Serge Egelman, International Computer Science Institute
10:30 AM	Relationship Between Design Approaches to Privacy and Shifts in Privacy Regulation Moderator: Nathan Good, Good Research Stage Setting: Chelsea Mauldin, Executive Director at Public Policy Lab Panelists: Bethan Cantrell, Microsoft Jonathan Fox, Intel Noah Kunin, 18F
11:45 AM	Break
12:00 PM	Lunch- Regulators' Perspectives Maneesha Mithal, Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection Lisa Hone, Associate Bureau Chief, Wireline Competition Bureau, Federal Communications Commission
01:30 PM	Professionalism, Professional Identity, and Ethics in Practice Moderator: Annie Anton, Georgia Institute of Technology Stage Setting: Omer Tene, International Association of Privacy Professionals Marc Groman, Senior Advisor on Privacy, Office of Management and Budget Panelists: Frank Dawson, Nokia Corporation Michael Zimmer, School of Information Studies ,Univ. Wisconsin-Milwaukee
03:00 PM	Break
03:30 PM	Working Group Conversations
04:30 PM	Wrap Up and Conclusion

Participants

Participant Lightning Slides

Organizing Committee:

Deirdre K. Mulligan (Chair) University of California, Berkeley

Annie Antón Georgia Institute of Technology

Ken Bamberger University of California, Berkeley

Travis Breaux Carnegie Mellon University

Nathan Good Good Research

Susan Graham University of California, Berkeley and the Computing Community Consortium

Seda Gürses New York University

Susan Landau Worcester Polytechnic Institute

Helen Nissenbaum New York University

Fred Schneider Cornell University

Peter Swire Georgia Institute of Technology

Ira Rubinstein New York University

Ann Drobnis Computing Community Consortium Director

Logistics

The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Participants are asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. CCC will make a hotel reservation for you and send you the confirmation closer to the workshop. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.

In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; and no alcohol will be covered.

For more information, please see the Guidelines for Participant Reimbursements from CCC.

Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).