Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

Beyond \u3ci\u3eMicrosoft\u3c/i\u3e: A Legislative Solution to the SCA’s Extraterritoriality Problem

The Stored Communications Act governs U.S. law enforcement’s access to cloud data, but the statute is ill equipped to handle the global nature of the modern internet. A pending U.S. Supreme Court case, United States v. Microsoft, raises the question whether a warrant under the statute may be used to reach across international borders to obtain data that is stored in another country, regardless of the user’s nationality. While the Court will determine whether this is an impermissible extraterritorial application of the current law, many have called for a legislative resolution to this issue. Due to the insufficiency of the current law, the limits of traditional judicial doctrines, and the inherent advantages the legislature has over the judiciary in addressing technological change, this Note also recommends a legislative resolution. Building upon a legislative proposal, this Note proposes a framework with two separate sets of legal procedures based on user identity. These separate domestic and extraterritorial procedures provide a framework that would set clear guidelines for law enforcement and service providers while giving due respect to foreign sovereignty

Enforced Standards Versus Evolution by General Acceptance

Conventions as well as standards influence the practice of financial reporting. Financial reporting standards arise as legislated rules, enforced by the power of law. Conventions evolve over time through trial and practice, and are upheld by socioeconomic rewards and sanctions. Financial reporting in the second half of the twentieth century has been characterized by a preference for legislated standards, and a distinct lack of faith in its evolution as a body of social conventions. Evidence on whether this faith in standards over conventions is justified remains to be marshaled. We present data on privacy practices in e-commerce under the European Union's (EU's) formal regulatory regime prevailing in the United Kingdom (U.K.), and compare it to the data from a previous study of United States (U.S.) practices that evolved in the absence of government laws or enforcement.The codification by the EU law, and the enforcement by the U.K. government, improves neither the disclosure nor the practice of e-commerce privacy relative to the U.S.On the contrary, some evidence shows the unregulated practices in U.S. to be superior. Regulation in the U.K. also appears to stifle development of a market for web assurance services. Both U.S. and U.K. consumers continue to be vulnerable to a small number of e-commerce websites who spam their customers, ignoring the latter's expressed or implied preferences. We explore the implications of these results for understanding the merits of enforced standards and conventions in the domain of financial reporting.

U.S.-EU Safe Harbor Framework; A Guide to Self-Certification

[Excerpt] In this guide, we have provided an outline of the most critical pieces of the Safe Harbor Framework. The application is made available, along with a Helpful Hints Guide that explains how to fill it out. The Safe Harbor Principles and FAQs are also provided for easy reference. There is also an explanation and listing of third party dispute resolution providers (or Independent Resource Mechanisms) with descriptions of the services provided by three dispute resolution providers that work with Safe Harbor. Finally, we’ve also included several sample company privacy policies for reference, and a glossary that explains key terms. We’ve broken this Guide into nine major sections, each to address different questions you might have. What follows is a brief description of each section: Overview: The overview gives some background on the Safe Harbor Framework, how it came about, and explains many of the certification requirements. The overview also lists the principles of the Safe Harbor program. Application: The Application is provided for easy reference. Applicants should apply online at http://export.gov /safeharbor (click on “Certification Form” in the right sidebar). Certification Mark: The Commerce Department’s International Trade Administration has recently developed a certification mark for the Safe Harbor Framework. The mark may be used by companies on their websites to signify that they have self-certified compliance with the provisions of the Safe Harbor Framework. Instructions for use of the certification mark are provided. Helpful Hints Guide (to Certification): The Helpful Hints Guide is meant to give quick answers to any questions a U.S. company might have about the certification process. It should be used in conjunction with the rest of the Guide, however it answers many of the most common questions about the certification process. Safe Harbor Principles: We have provided the full text of the official declaration of the Safe Harbor Principles as announced on July 21, 2000. This text is helpful for understanding the foundation of the Safe Harbor Principles and the Framework. Frequently Asked Questions: We have provided the Frequently Asked Questions in full text because they answer many of the most commonly asked questions about the Safe Harbor Framework. Dispute Resolution Providers: Here we have provided a short description of the role of dispute resolution providers (also referred to as Independent Recourse Mechanisms) and descriptions of the services they offer. Sample Privacy Policies: Here we have provided three sample privacy policies for reference, which may serve as guidance when creating a new Privacy Policy or updating an existing Privacy Policy to align it with the Safe Harbor Framework. The Safe Harbor Framework requires an affirmative commitment in the Privacy Policy to the principles of the Safe Harbor Framework. Glossary: A short glossary is also provided for many of the technical terms frequently used in the Guide

Peeling Back the Student Privacy Pledge

Education software is a multi-billion dollar industry that is rapidly growing. The federal government has encouraged this growth through a series of initiatives that reward schools for tracking and aggregating student data. Amid this increasingly digitized education landscape, parents and educators have begun to raise concerns about the scope and security of student data collection. Industry players, rather than policymakers, have so far led efforts to protect student data. Central to these efforts is the Student Privacy Pledge, a set of standards that providers of digital education services have voluntarily adopted. By many accounts, the Pledge has been a success. Since its introduction in 2014, over 300 companies have signed on, indicating widespread commitment to the Pledge’s seemingly broad protections for student privacy. This industry participation is encouraging, but the Pledge does not contain any meaningful oversight or enforcement provisions. This Article analyzes whether signatory companies are actually complying with the Pledge rather than just paying lip service to its goals. By looking to the privacy policies and terms of service of a sample of the Pledge’s signatories, I conclude that noncompliance may be a significant and prevalent issue. Consumers of education software have some power to hold signatories accountable, but their oversight abilities are limited. This Article argues that the federal government, specifically the Federal Trade Commission, is best positioned to enforce compliance with the Pledge and should hold Pledge signatories to their promises

Peeling Back the Student Privacy Pledge

Education software is a multi-billion dollar industry that is rapidly growing. The federal government has encouraged this growth through a series of initiatives that reward schools for tracking and aggregating student data. Amid this increasingly digitized education landscape, parents and educators have begun to raise concerns about the scope and security of student data collection. Industry players, rather than policymakers, have so far led efforts to protect student data. Central to these efforts is the Student Privacy Pledge, a set of standards that providers of digital education services have voluntarily adopted. By many accounts, the Pledge has been a success. Since its introduction in 2014, over 300 companies have signed on, indicating widespread commitment to the Pledge’s seemingly broad protections for student privacy. This industry participation is encouraging, but the Pledge does not contain any meaningful oversight or enforcement provisions. This Article analyzes whether signatory companies are actually complying with the Pledge rather than just paying lip service to its goals. By looking to the privacy policies and terms of service of a sample of the Pledge’s signatories, I conclude that noncompliance may be a significant and prevalent issue. Consumers of education software have some power to hold signatories accountable, but their oversight abilities are limited. This Article argues that the federal government, specifically the Federal Trade Commission, is best positioned to enforce compliance with the Pledge and should hold Pledge signatories to their promises