Scope of Research
The FTC is seeking research presentations on consumer privacy and security issues for the Commission’s annual PrivacyCon. We are seeking empirical research and demonstrations, including rigorous economic analyses, rather than pure opinion pieces on law and policy, and are particularly interested in the following areas:
- Nature and Evolution of Privacy and Security Risks
- Analysis of Privacy Considerations Related to Contact Tracing Apps
- Privacy and Security Issues Related to Work from Home
- Privacy and Security Issues Before and After Mergers and Acquisitions
- Costs and Benefits of Privacy and Security
- Consumer Demand for Privacy and Security
- Consumer Behavior Related to Privacy and Security Risks
- Consumer Beliefs and Attitudes Related to Privacy and Security
- Privacy and Security Issues Related to Online Activism
- Effectiveness of Consumer Privacy and Security Disclosures
- Algorithmic Bias and Ensuring Fairness in Algorithmic Use
- Password Management and the State of Authentication
- Privacy and Security Configuration of Cloud-based Products and Services
- Privacy-Enhancing Technologies for Consumers
- Privacy and Security Issues Related to Platforms and APIs
- Privacy and Security Issues relating to the Online Advertising Ecosystem
- Data Security Vulnerabilities, Threats, and Exploits
- Company Incentives and Behavior Regarding Privacy and Security Practices
- Privacy and Security Best Practices
- Responsible Vulnerability Disclosure
- Privacy and Security of Health Data
- Privacy and Security of Facial Recognition technologies and applications
PrivacyCon typically features sessions during which researchers deliver presentations about their research, followed by discussion of the research and the implications of the research for privacy and data security policy and law, as well as Q&A. Researchers’ presentations may be speeches (with or without slides), demonstrations, or a combination of the two. FTC staff will moderate the discussion sessions.
Selection Criteria and Review Process
- Presentations may concern research that has been prepared for, previously presented at, or is under consideration for inclusion in other conferences or publications.
- Requests must be from researchers to present their own research, completed after January 1, 2020.
- Requests to make presentations that are substantially promotional or commercial in nature will not be granted.
- Research exposing a previously unknown security or privacy vulnerability in a specific product or service will only be accepted if it has been responsibly disclosed to the affected entity and that entity has been given time to resolve the issue. Such requests must be submitted only through the Accellion secure file web form described below and must be accompanied by: (1) a request for confidential treatment of research, and (2) a statement describing how you responsibly disclosed the vulnerability to the entity responsible for the affected product or service.
- Requests will be granted at FTC staff’s sole discretion, based upon an assessment of the quality of the submissions, the relevance of the submissions to the FTC’s work, and the need to cover a diverse range of topics representing a variety of viewpoints.
- Researchers who submit Requests will be notified, if possible, by May 14, 2021, whether they have been selected to present at PrivacyCon.
The deadline for submission is April 9, 2021.
As part of your submission through the web-based form, you must include the following information:
- First and last name, email address, phone number, job title, and affiliation of researcher(s) making the request;
- A single point of contact for communications with FTC staff;
- The title of the research you propose to present along with an abstract summarizing your methodology, findings, and how your research differs from prior research in this area;
- Publication details for any research that has been previously published or accepted for publication;
- Any sources of funding for your research;
- Your completed or draft research paper or extended abstract;
- Any additional information you would like to share (optional); and
- Whether you would like your submission to be kept confidential. Your confidentiality request must identify the specific portions of your submission for which confidential treatment is being requested, and the legal or factual basis for your request. See Commission Rule 4.9(c). If the General Counsel grants your request for confidential treatment, your submission will not be made publicly available, except as required by law. If you do not request confidential treatment of your submission, it may be placed on the FTC’s public record of this matter at www.ftc.gov, including the name and state of the submitter. (The FTC will make reasonable efforts to redact any personal e-mail or home address, phone numbers, or other personal contact information before placing a submission on the public record.)
If You Are Selected to Present*
- If your request is granted, you must confirm by May 21, 2021, that you will present your research at PrivacyCon 2021 during the presentation slot offered to you. If you do not confirm by this date, FTC staff may offer your slot to someone else.
- You must make yourself available for pre-conference planning calls with FTC staff and discussants.
- You must submit all presentation materials (e.g., slides, if you plan to use them) to the FTC by June 18, 2021.
*NOTE: The FTC does not offer compensation of any kind to presenters or participants in its conferences. In addition, PrivacyCon, including all presentations, will be available to the public via a live-stream and on the FTC’s website in archived video and transcript form.
If You Are Not Selected to Present
We recognize that we likely will receive more high-quality requests to present research than we have available slots to present research at PrivacyCon. If you are not selected for participation, we may still request permission to post relevant research submissions to our public event website.
Research Completed After PrivacyCon
The FTC welcomes privacy and data security researchers to inform us of their latest findings, especially as it relates to technology that impacts the privacy and security of consumers’ sensitive personal information, such as health data. The dialogue between researchers and policymakers must continue after the PrivacyCon event. We invite you to send in your research to email@example.com if you are interested in discussing your research with us or have further questions.