Call for Presentations: PrivacyCon 2024

Event Format

PrivacyCon 2024 is a day-long virtual event March 6, 2024 that will include traditional discussion panels, research talks and demos, and Q&A.  Session topics will be based on staff input and the research submissions that we receive.  FTC staff will moderate the sessions.

Scope of Research

For PrivacyCon 2024 we are seeking empirical research and demonstrations on consumer privacy and data security, including rigorous economic analyses, social science research, and law and policy articles that include an empirical or applied focus.  As described below, for 2024 we are particularly interested in research related to automated systems, health-related surveillance, children’s and teens’ privacy, deepfakes, worker surveillance, and the Advertising Ecosystem and Surveillance Advertising.

Focus Topics

• Automated Systems or “AI”:  The past several years, and the last twelve months in particular, have seen a rapid expansion of the commercial availability and use of automated tools, including, but not limited to, generative AI, for a wide range of use cases.  What types of risks do these tools pose for consumers and workers—privacy, data security, reputational, financial, or otherwise?  What are the potential benefits?  Are there contextual, technical, organizational, or other factors that make particular implementations more or less risky for consumers?  Are there risks to consumers whose information is used to train or develop automated systems, to consumers who use such systems, or both?  What kind of data scraping activities are particularly concerning or pose the most risk?  What types of testing regimes and guardrails should businesses put in place when developing, offering, or implementing AI tools and the data collection practices that fuel them?

• Health-Related Surveillance:  Collection of health-related data—and data used to infer information about health conditions—is omnipresent in the surveillance economy.  Recent FTC enforcement actions have highlighted disclosures of consumers’ health data contrary to consumers’ expectations.  How are consumers impacted by public and private sector uses of technologies that collect, use, and infer health-related data?  What are the greatest threats to the privacy and security of consumers’ health data and what is the impact on consumers?  What technical measures can mitigate these risks?  What deidentification techniques are more or less effective?

• Children’s and Teens’ Privacy:  Children and teens spend a significant amount of time online, and there has been much debate about the effect of time spent on social media on children in particular.[1]  Does the amount of time that children and teens spend online lead to privacy harms, and, if so, what is the nature of these harms?  Are there potential benefits?  How do particular design features on websites and apps maximize children's and teens' engagement with, and time spent on, online services?  Do online services personalize their use of these features based on data collected about an individual, such as information indicating that the individual will engage with the online service if presented with a particular design feature?

• Deepfakes and Voice Clones:  It is well documented that deepfakes and voice clones can be used to deceive, spread misinformation, or cause reputational harm.  What other risks do deepfakes and voice clones pose, especially in commercial and employment settings?  What should be done or has been done to mitigate those risks, and by whom?  To what extent is it possible to protect consumers from unauthorized use of their personal information in deepfakes and voice clones?  How do deepfakes and voice clones fit into broader considerations about the commodification of personal data and the collection and use of  consumers’ biometric information?

• Worker Surveillance:  Workers are increasingly subjected to a wide range of surveillance practices and technologies, often with no ability to opt out, and little insight into how surveillance data is used.  Such practices include location and movement monitoring, tasks and productivity monitoring, emotional monitoring, relationships, reputational monitoring and scoring, and more.  What kinds of surveillance technologies and practices pose the most risk to workers?  What kind of business models are emerging that profit from widespread worker surveillance?  Are certain types of workers, such as gig workers, more targeted or vulnerable to such practices and technologies?  How do power imbalances between workers and large firms perpetuate worker surveillance?

• Advertising Ecosystem and Surveillance Advertising:  Today's advertising ecosystem relies on almost ubiquitous collection of data regarding consumers and their activity. What harms do consumers experience due to the collection of their personal data for advertising purposes?  Do the online advertising ecosystem and related business models that rely on the monetization of consumer data incentivize new consumer surveillance practices?  If so, what are those practices and what effect do these practices have on consumer privacy and security?  How is the online advertising technology ecosystem changing?  How extensive is the shift from third-party to first-party tracking, and what is the impact of that shift?  Are companies using consumer data to manipulate consumer behavior in new ways?  How can the data and choices of less privacy-conscious consumers impact more privacy-conscious consumers?

General Research Topics

In addition to the focus topics above, PrivacyCon 2024 accepted research submissions on broader consumer privacy and security issues, with interest in the following areas:

1. Privacy and security expectations, experiences, and needs of underserved communities
2. Privacy and security approaches to better protect consumers
3. Novel remedies for security and privacy incidents to assist consumers and avoid incentives for unlawful behavior (e.g., Algorithmic Deletion, Mandated Data Practices)
4. Short- and long-term impacts of mergers and acquisitions on privacy and security practices
5. Consumer privacy and security disclosures, defaults, choice architecture, user interfaces, and related practices
6. Impact of dark patterns or other influences on consumer behavior related to privacy and security
7. Data governance and information security practices to reduce the risk of data breaches
8. Effects of government regulation and interventions

Selection Criteria and Review Process

• Presentations may concern research that has been prepared for, previously presented at, or is under consideration for inclusion in other conferences or publications.
• Requests must be from researchers to present their own research, completed after January 1, 2023.
• Requests to make presentations that are substantially promotional or commercial in nature will not be granted.
• Research exposing a previously unknown security or privacy vulnerability in a specific product or service will only be accepted if it has been responsibly disclosed to the affected entity and that entity has been given time to resolve the issue.  Such requests must be submitted only through the Accellion secure file web form described below and must be accompanied by:  (1) a request for confidential treatment of research, and (2) a statement describing how you responsibly disclosed the vulnerability to the entity responsible for the affected product or service.
• Requests will be granted at FTC staff’s sole discretion, based upon an assessment of the quality of the submissions, the relevance of the submissions to the FTC’s work, and the need to cover a diverse range of topics representing a variety of viewpoints.
• FTC Staff will make every effort to notify all researchers by January 24, 2024, whether they have been selected to present at PrivacyCon.

Submission Process

The deadline for submissions was December 6, 2023.

As part of your submission through the web-based form, you should have included the following information:

• First and last name, email address, phone number, job title, and affiliation of researcher making the request;
• A complete author list for the submission, including a statement that the requestor has permission from all authors to submit;
• A single point of contact for communications with FTC staff;
• The area of research;
• The title of the research you propose to present along with a maximum one-page abstract summarizing your methodology, findings, and how your research differs from prior research in this area;
• Up to five keywords that characterize your research;
• Publication details for any research that has been previously published or accepted for publication;
• Any sources of funding for your research;
• Whether you used any generative Artificial Intelligence tools to produce the work;
• Your completed or draft research paper or extended abstract (please note all final papers must be received PRIOR to the December 6, 2023 submission deadline);
• Any additional information you would like to share (optional); and
• Whether you would like your submission to be kept confidential.  Your confidentiality request must identify the specific portions of your submission for which confidential treatment is being requested, and the legal or factual basis for your request. See Commission Rule 4.9(c).  If the General Counsel grants your request for confidential treatment, your submission will not be made publicly available, except as required by law.  If you do not request confidential treatment of your submission, it may be placed on the FTC’s public record of this matter at www.ftc.gov, including the name and state of the submitter.  (The FTC will make reasonable efforts to redact any personal e-mail or home address, phone numbers, or other personal contact information before placing a submission on the public record.)

If You Are Selected to Present*

• You must confirm by January 31, 2024 (or one week following notification of acceptance), that you will present your research at PrivacyCon 2024 during the presentation slot offered to you.  If you do not confirm by this date, FTC staff may offer your slot to someone else.
• You must make yourself available for pre-conference planning calls with FTC staff and discussants.
• You must submit all presentation materials (e.g., slides, if you plan to use them) to the FTC by February 13, 2024.

*NOTE: The FTC does not offer compensation of any kind to presenters or participants in its conferences.  In addition, PrivacyCon, including all presentations, will be available to the public via a live-stream and on the FTC’s website in archived video and transcript form.

If You Are Not Selected to Present

We recognize that we likely will receive more high-quality requests to present research than we have available slots to present research at PrivacyCon.  If you are not selected for participation, we may still request permission to post relevant research submissions to our public event website.

Research Completed After PrivacyCon

The FTC welcomes privacy and data security researchers to inform us of their latest findings, especially as they relate to technology that impacts the privacy and security of consumers’ personal information.  The dialogue between researchers and policymakers must continue after the PrivacyCon event.  We invite you to send your research to research@ftc.gov if you are interested in discussing your research with us or have further questions.

General PrivacyCon Questions?

Please contact us at PrivacyCon@ftc.gov with any questions.

• ---

  [1] See, e.g., Office of the Surgeon General. Social Media and Youth Mental Health: The U.S. Surgeon General’s Advisory. U.S. Department of Health and Human Services (HHS), 2023, https://www.hhs.gov/sites/default/files/sg-youth-mental-health-social-media-advisory.pdf.