The FTC will host its fifth annual PrivacyCon on July 21, 2020. For PrivacyCon 2020, the FTC is seeking research presentations on any topic related to consumer privacy and security. However, we will focus in particular on the privacy of health data collected, stored, and transmitted by mobile applications (“apps”). The call for presentations sought empirical research responding to several questions, including:
- What are the risks to consumer data, particularly data held by health apps, and how does the risk vary by product and data type?
- Which products are transmitting user data to third parties, who are the recipients, what are the data, and what are the apparent purposes for these transmissions?
- What are the tradeoffs between product functionality (including the ability to combine data from various devices) and increased security or increased privacy protections?
- Are there unique attributes or characteristics of apps that collect, store, or transmit health data that merit special attention or focus?
The deadline for submissions was April 10, 2020.
PrivacyCon is free and open to the public.
This event will be held online.
Director, Federal Trade Commission, Bureau of Consumer Protection
Session 1: Health Apps
Quinn Grundy, University of Toronto, Data Sharing Practices of Medicines Related apps and the Mobile Ecosystem: Traffic, Content, and Network Analysis; and Commercialization of User Data by Developers of Medicines-Related Apps: a Content Analysis
Kenneth D. Mandl, Harvard Medical School, A Technical Approach to Shore up FTC Consumer Protections for Electronic Health Record-Connected Apps
Dena Mendelsohn, Elektra Labs, Evaluating and Securing the Connected Sensor Technologies that Power Health Apps
John Torous, Harvard Medical School, and Sarah Lagan, Beth Israel Deaconess Medical Center, Actionable App Evaluation: Objective Standards to Guide Assessment and Implementation of Digital Health Interventions
Moderators: Ellen Connelly and Elisa Jillson, Attorneys, Federal Trade Commission, Division of Privacy and Identity Protection
Session 2: Bias in AI Algorithms
Muhammad Ali, Northeastern University, Discrimination through Optimization: How Facebook’s Ad Delivery Can Lead to Biased Outcomes
Ziad Obermeyer, UC Berkeley School of Public Health, Dissecting Racial Bias in an Algorithm Used to Manage the Health of Populations
Moderator: Ben Rossen, Attorney, Federal Trade Commission, Division of Privacy and Identity Protection
Session 3: The Internet of Things
Daniel J. Dubois, Northeastern University, Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
Pardis Emami-Naeini, Carnegie Mellon University, Ask the Experts: What Should Be on an IoT Privacy and Security Label?
Danny Yuxing Huang, New York University Tandon School of Engineering, IoT Inspector: Crowdsourcing Labeled Network Traffic from SmartHome Devices at Scale
Moderator: Phoebe Rouge, Technologist, Federal Trade Commission, Office of Technology Research and Investigation
Session 4: Specific Technologies: Cameras/Smart Speakers/Apps
Madelyn Rose Sanfilippo, Princeton University, Disaster Privacy/Privacy Disaster
Christin Wilson, Clemson University, Dangerous Skills Got Certified: Measuring the Trustworthiness of Amazon Alexa Platform
Shikun “Aerin” Zhang, Carnegie Mellon University, Understanding People’s Privacy Attitudes Towards Video Analytics Technologies
Lerone Banks, Technologist, Federal Trade Commission,
Division of Privacy and Identity Protection
Session 5: International Privacy
Guy Aridor, Columbia University, The Effect of Privacy Regulation on the Data Industry: Empirical Evidence from GDPR
Garrett Johnson, Boston University, Privacy & Market Concentration: Intended & Unintended Consequences of the GDPR
Jeff Prince, Indiana University, How Much Is Privacy Worth Around the World and Across Platforms?
Christine Utz, Ruhr University Bochum, (Un)informed Consent: Studying GDPR Consent Notices in the Field
Moderator: Daniel Wood, Economist, Federal Trade Commission, Bureau of Economics
Session 6: Miscellaneous Privacy/Security
Hana Habib, Carnegie Mellon University, An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites
Ido Sivan-Sevilla, Cornell Tech, Unaccounted Privacy Violation: A Comparative Analysis of Persistent Identification of Users Across Social Contexts
Danfeng “Daphne” Yao, Virginia Tech, Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations
Yixin Zou, University of Michigan School of Information, Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices
Moderator: Jamie Hine, Attorney, Federal Trade Commission, Division of Privacy and Identity Protection
Transcript - Files