The FTC hosted its first-ever PrivacyCon event on January 14, 2016, to showcase original research in the area of privacy and security research. With over 300 in-person attendees, 1500 virtual attendees watching via webcast, and many more following PrivacyCon on Twitter, the event was a huge success. Participants presented and discussed original research on important and timely topics such as data security, online tracking, consumer perceptions of privacy, privacy disclosures, big data, and the economics of privacy. And the news for researchers is we’ve scheduled a second PrivacyCon.
Many of you have asked how the FTC uses the information it learns from these events. Here are five ways we’re taking what we learned from PrivacyCon and using it to help us in our consumer protection mission:
- Staying up-to-date with changing technologies: To be effective enforcers, we must understand how consumers use emerging technology, what they think about privacy and security, and how companies can incorporate privacy and security by design into their products and services. By actively engaging with privacy and data security researchers, we can ensure that the FTC protects consumers who use new technologies.
- Providing us information about new tools and programs: Researchers at PrivacyCon presented information about tools to detect discrimination in advertising and tools to analyze privacy policies. The FTC may want to use these types of tools in the future, and it is helpful for us to assess their utility. Researchers also discussed the effectiveness of bug bounty programs to detect security vulnerabilities. This helps the FTC assess whether it should promote such programs.
- Identifying potential areas for investigation and enforcement: Research presented at PrivacyCon demonstrated the breadth of consumer data being collected about consumers, the importance of providing clear and conspicuous disclosures about privacy practices, and the risks posed by security vulnerabilities. These presentations help focus the FTC’s attention on types of practices that merit investigation and possible enforcement.
- Fashioning remedies: Workshop participants discussed research on consumer perceptions and privacy disclosures. Often, our enforcement actions result in injunctive relief where we require companies who have violated the law to make affirmative, clear and conspicuous disclosures. Research in this area helps us identify when disclosures are most effective.
- Identifying areas for further study: Our newly-created Office of Technology Research and Investigation conducts its own independent research. PrivacyCon helped us identify areas where the FTC can conduct our own helpful independent research.
So what’s next? PrivacyCon has only whetted our appetite for more. There are some areas we just weren’t able to get to, like the harms associated with privacy violations, attack vectors and trends, uptake of ad blocker tools, and costs of malware. To encourage researchers to examine these areas, we are issuing a Call for Presentations for the next PrivacyCon, which will take place on January 12, 2017, in Washington, D.C. The Call for Presentations asks a number of specific questions to stimulate further research and build on the success of this year’s PrivacyCon event. We hope to see you next year!