Related Insights

FTC Informational Injury Workshop P175413 –– Comments

Privacy violations are by their nature contextual, making them difficult for individuals to evaluate and regulators to quantify. Two important elements should be included in the Commission’s consideration of information injury: first, user control, or lack thereof, should be an important component of the Commission’s analysis of unfair acts or practices. Second, while expanded individual rights to information could serve to counterbalance the risk of privacy violations, information asymmetries limit an individual’s ability to make informed decisions about privacy and security.

Read More

Government Use of Algorithmic Decision-Making Tools to New York City Council Committee on Technology

The City of New York has an obligation to understand, scrutinize, and explain how its algorithms make decisions affecting New Yorkers. At minimum, the city should ensure and demonstrate to the public that NYC’s algorithmic decision-making tools (1) are aligned with the city’s policy goals and the public interest; (2) work as intended; (3) do not use data to marginalize minority or vulnerable populations and exacerbate inequality; (4) provide meaningful transparency to New Yorkers so that they can appeal and seek remedy for automated decisions that are incorrect, unjust, or contrary to law.

Read More

CDT Supreme Court Amicus Brief in Carpenter v. US

This fall, the U.S. Supreme Court will hear arguments in Carpenter v. U.S., a case to determine whether the 4th Amendment requires law enforcement to obtain a warrant to access location data held by a cell phone company. In this case, the government obtained four months of stored location records with a less protective court order while investigating a robbery.

Read More

CDT's Complaint to the FTC on Hotspot Shield VPN

CDT asks the FTC to investigate the data security and data sharing practices of Hotspot Shield Free Virtual Private Network (VPN) services, a product of AnchorFree, Inc. Hotspot Shield Free VPN promises secure, private, and anonymous access to the internet. This complaint concerns undisclosed and unclear data sharing and traffic redirection occurring in Hotspot Shield Free VPN that should be considered unfair and deceptive trade practices under Section 5 of the FTC Act.

Read More

Follow-up Comments for the FTC / NHTSA “Connected Cars – Workshop, Project No. P175403

The connected vehicle ecosystem consists of a growing network of automakers, telecom companies, telematics service providers, insurance companies, and a host of other players sprawled across disparate distribution channels. To add to an already crowded landscape, automakers are proactively harnessing partnerships with AI developers and ride-sharing companies, as well as entertainment and social media companies like Facebook that are eager to have a in-vehicle presence.

Read More

CDT’S Guide to Defining Technical Terms in State Privacy Legislation

State legislators and regulators face unprecedented privacy and security policy issues related to new technologies. Accurate definitions of key technologies, processes, or subject areas, then, are critical to enabling state lawmakers to express their legislative intent, correctly scope implementation of a law, and effectively protect personal privacy. Such definitions should be technically-sound, durable, accurate, and provide options for achieving the intended results of the bill’s author.

Read More

LabMD v. FTC: Tackling "Unfair" Data Security Practices in the Eleventh Circuit

The latest skirmish in the nearly seven-year battle between diagnostic testing company LabMD and the FTC begins on Wednesday, June 21st, as oral arguments are held in the Eleventh Circuit Court of Appeals. Oral argument may elucidate thinking around two key questions: (1) What are the contours of a “substantial injury” when evaluating unfair data security practices and how should data security’s costs and benefits be evaluated? and (2) What constitutes fair notice and “ascertainable certainty” of the FTC’s expectations for “reasonable” data security?

Read More

Setting the Record Straight on Broadband Privacy – Myths & Facts

In March 2017, Congress rolled back the federal broadband privacy rules – since then, in dozens of states legislators have introduced bills attempting to restore the privacy protections Congress wiped away. In an effort to oppose state privacy legislation, some groups have resorted to making misleading arguments about the bills and about the state of U.S. consumer privacy. CDT has reviewed these misleading arguments –– and set the record straight.

Read More

CDT’s Annotations of the BROWSER Act

This is the original text of this bill, as of 6/20/2017 (.pdf here) To see CDT’s annotations, click here.   115TH CONGRESS 1ST SESSION H. R. ___ To require providers of broadband internet access service and edge services to clearly and conspicuously notify users of the privacy policies of such providers, to give users opt-in or opt-out approval rights with…

Read More