Skip to main content



Scope of Research

The FTC is seeking research presentations on consumer privacy and security issues. We are seeking empirical research, rather than opinion pieces on law and policy, and are particularly interested in the following areas:

  • Quantifying Consumers’ Privacy & Security Interests. For example:
    • Valuations of privacy: What do consumers care most about – for example, are consumers most concerned about disclosure of data to third parties, or about particular uses of data?
      • Under what circumstances do consumers who have complete information about how their information would be collected and shared choose to exchange their data (e.g., for content, entertainment, or service)?
      • Which kinds of data-sharing and analyses provide the biggest benefits to the public (e.g., insights into public health, crime, resource-allocation and targeted interventions), and how should those benefits be weighed against privacy risks to individual consumers?
    • Privacy risk from exposure of information
    • Apportioning harm or risk to particular breaches or practices
    • Modeling harm, based upon the existence of exploitable vulnerabilities (e.g., risk-modeling)
  • Attack Trends and Responses. For example:
    • Ransomware
    • Medical identity theft
    • Card-not-present fraud
    • Internet of Things vulnerabilities (e.g., insecure APIs or insecure transmissions – in smart homes, health and fitness wearables, voice-controlled technologies, connected cars, and commercial drones)
    • Security-by-design techniques
    • Privacy-protective technologies and behaviors
  • Transparency and Control. For example:
    • To what extent are consumers using opt-out mechanisms and privacy-controls, and how effective are they?
    • Multiparty relationships: Are first parties adequately informing consumers about third parties and their practices? Are third parties providing first parties sufficient information in order to be transparent with their customers?
    • What are the most effective ways to provide information to consumers about the collection, use, disclosure, and control of their information?
    • How should we measure the effectiveness of transparency and control mechanisms?
    • How are companies tailoring practices to consumers’ privacy preferences, and what are their incentives to do so?
    • How can companies account for variance in consumers’ privacy preferences?
  • Tools that, for example:
    • Allow users to exercise control over their personal information across contexts
    • Detect deception (e.g., by determining whether apps’ data collection and sharing practices comport with the apps’ permissions)
    • Detect discrimination in algorithms (especially in prices or with respect to employment, credit, tenancy, or education)
    • Analyze apps’ code (e.g., to attribute app behavior to third-party libraries)
    • Identify targeted advertising
    • Identify cross-device tracking
    • Quantify security and privacy risks
    • Evaluate the content and meaning of statements in privacy policies
    • Analyze packets of data at scale

^ top

Event Format

  • PrivacyCon will feature sessions during which researchers will deliver 10-minute presentations that will be followed by Q&A and a panel discussion that will discuss the research presented and its relation to privacy and data security policy and law. Researchers’ presentations may be speeches (with or without slides), demonstrations, or a combination of the two. The discussion sessions will be moderated by FTC staff.
  • In addition, there will be a pre-conference research networking event on January 11.

^ top

Selection Criteria and Review Process

  • Presentations may concern research that has been prepared for, previously presented at, or is under consideration for inclusion in other conferences or publications.
  • Requests must be from researchers to present their own research, completed after January 1, 2016.
  • Requests to make presentations that are substantially promotional or commercial in nature will not be granted.
  • Research exposing a previously unknown security or privacy vulnerability in a specific product or service will only be accepted if it has been responsibly disclosed to the affected entity and that entity has been given time to resolve the issue. Such Requests must be submitted only through the Accellion secure file transfer system described below and must be accompanied by: (1) a request for confidential treatment of research, and (2) a statement describing how you responsibly disclosed the vulnerability to the entity responsible for the affected product or service.
  • Requests will be granted at FTC staff’s sole discretion, based upon an assessment of the quality of the submissions, the relevance of the submissions to the FTC’s work, and the need to cover a diverse range of topics representing a variety of viewpoints. 
  • Researchers who submit Requests will be notified, if possible, by November 11, 2016, whether they have been selected to present at PrivacyCon.

^ top

Submission Process

Requests to present research (Requests) must be submitted no later than 11:59 p.m. on October 3, 2016.

  • If you would like to request that your submission be kept confidential, you must transmit your submission, together with your confidentiality request, only through our Accellion secure file transfer system. To do so, you must first send an email by no later than 11:59pm Eastern Time on September 28, 2016, to with the subject line “PrivacyCon - Request for Confidential Treatment of Research Submission.” You should receive a reply email within two business days with instructions for the secure electronic submission of encrypted documents using Accellion. We must receive your submission and confidentiality request through Accellion by no later than 11:59pm Eastern Time on October 3, 2016. Your confidentiality request must identify the specific portions of your submission for which confidential treatment is being requested, and the legal or factual basis for your request. See Commission Rule 4.9(c). If the General Counsel grants your request for confidential treatment, your submission will not be made publicly available, except as required by law.
  • All other submissions must be filed at by no later than 11:59pm Eastern Time on October 3, 2016, by following the instructions on the web-based form. Such submissions shall not be treated as confidential, and may be placed on the FTC’s public record of this matter at, including the name and state of the submitter. (The FTC will make reasonable efforts to redact any personal e-mail or home address, phone numbers, or other personal contact information before placing a submission on the public record.)
  • Requests to present research (whether accompanied by a request for confidential treatment or not) must include the following information:
  • First and last name, email address, and phone number of researcher(s) making the Request;
  • Title and abstract of the research you propose to present, summarizing your methodology, findings, and how your research differs from prior research in this area;
  • Publication details for any research that has been previously published or accepted for publication;
  • Your completed or draft research paper or extended abstract; and
  • A description of anything you would be interested in demonstrating (optional).

^ top

If You Are Selected to Present*

  • If your Request is granted, you must confirm by November 18, 2016, that you will present your research at PrivacyCon 2 during the presentation slot offered to you. If you do not confirm by this date, FTC staff may offer your slot to someone else.
  • You must make yourself available for pre-conference planning calls with FTC staff and discussants.
  • You must submit all presentation materials (e.g., slides, if you plan to use them) to the FTC by January 2, 2017.

*NOTE: The FTC does not offer compensation of any kind to presenters or participants in its conferences. In addition, PrivacyCon, including all presentations, will be available to the public via a live-stream and on the FTC’s website in archived video and transcript form.

^ top

If You Are Not Selected to Present

We recognize that, due to the small number of slots to present research, we likely will not be able to grant several high-quality Requests to present research. We will, however, post your research submission – including your name and your state – to our public website if you choose to submit via by the October 3, 2016, deadline.

^ top

Research Completed After PrivacyCon

The FTC welcomes privacy and data security researchers to inform us of their latest findings. The dialogue between researchers and policymakers must continue after the PrivacyCon event. We invite you to reach out to Dan Salsburg, the Acting Chief of the Office of Technology Research and Investigation, at, if you are interested in discussing your research with us or have further questions.

^ top