The Future of Privacy Forum’s 14th Annual Privacy Papers for Policymakers Award Recognizes Influential Privacy Research

The Future of Privacy Forum (FPF) — a global non-profit focused on data protection headquartered in Washington, D.C. — has announced the winners of its 14th annual Privacy Papers for Policymakers (PPPM) Awards.

The PPPM Awards recognize leading U.S. and international privacy scholarship that is relevant to policymakers in the U.S. Congress, federal agencies, and international data protection authorities. Nine winning papers, two honorable mentions, two student submissions, and a student honorable mention were selected by a diverse group of leading academics, advocates, and industry privacy professionals from FPF’s Advisory Board.

Award winners will have the unique opportunity to showcase their papers. Authors of U.S. focused papers will present their work at the Privacy Papers for Policymakers ceremony on February 27, 2024, in Washington, D.C. Winning papers with an international focus will be presented at a virtual event on March 1, 2024.

“Academic scholarship is an essential resource for legislators and regulators around the world who are grappling with the increasingly complex uses of personal data. Thoughtful policymakers will benefit from the deep analysis and independent thinking provided by these essential publications.” – FPF CEO Jules Polonetsky

FPF’s 2023 Privacy Papers for Policymakers Award winners are:

• Towards a Latin American Model of Adequacy for the International Transfer of Personal Data by Luca Belli, Fundação Getulio Vargas Law School; Ana Brian Nougrères, Naciones Unidas en el Derecho a la Privacidad; Jonathan Mendoza Iserte, INAI, Mexico; Pablo Palazzi, Centro de tecnología y Sociedad de la Universidad de San Andrés; & Nelson Remolina Angarita, GECTI de la Universidad de los AndesThis article analyzes the regulatory regime for international transfers of personal data based on the legislation of several Latin American countries (namely Argentina, Brazil, Colombia, Mexico and Uruguay), its general regime and the different exceptions considered in the existing regulations. Finally, after explaining the divergences, different alternatives and ideas are proposed to create a specific regime to be used within Latin America for international transfers of personal data and recognition of adequacy. On the other hand, an analysis is carried out on the phenomenon of international data collection and solutions are proposed so that the rights of data owners are guaranteed when their information is collected from other countries without the collector being domiciled in the country of the data subject.

• Less Discriminatory Algorithms by Emily Black, Barnard College–Columbia University; John Logan Koepke, Upturn; Pauline Kim, Washington University in St. Louis – School of Law; Solon Barocas, Microsoft Research and Cornell University; and Mingwei Hsu, UpturnEntities that use algorithmic systems in traditional civil rights domains like housing, employment, and credit should have a duty to search for and implement less discriminatory algorithms (LDAs). Why? Work in computer science has established that, contrary to conventional wisdom, for a given prediction problem, there are almost always multiple possible models with equivalent performance—a phenomenon termed model multiplicity. Model multiplicity has profound ramifications for the legal response to discriminatory algorithms. As a result, the law should place a duty of reasonable search for LDAs on entities that develop and deploy predictive models in covered civil rights domains. The law should recognize this duty in at least two specific ways. First, under the disparate impact doctrine, a defendant’s burden of justifying a model with discriminatory effects should be recognized to include showing that it did a reasonable search for LDAs before implementing the model. Second, new regulatory frameworks for the governance of algorithms should include a requirement that entities search for and implement LDAs as part of the model-building process.

• Future-Proofing Transparency: Re-Thinking Public Record Governance for the Age of Big Data by Beatriz Botero Arcila, Institut d’Etudes Politiques de Paris (Sciences Po) and Harvard University, Berkman Klein Center for Internet & SocietyPublic records, public deeds, and even open data portals often include personal information that can now be easily accessed online. With Big Data and powerful machine learning algorithms, personal information in public records can easily be used to infer sensitive data about people or aggregated to create a comprehensive personal profile of almost anyone. This information is public and open, however, for many good reasons. Can the interest in record publicity coexist with the growing ease of deanonymizing and revealing sensitive information about individuals? This Article addresses this question from a comparative perspective, focusing on US and EU access to information law. The Article shows that the publicity of records was, in the past and notwithstanding its presumptive public nature, protected because most people would not trouble themselves to go to public offices to review them, and it was practically impossible to aggregate them to draw extensive profiles about people. Drawing from this insight and contemporary debates on data governance, this Article challenges the binary classification of data as either published or not and proposes a risk-based framework that re-inserts that natural friction to public record governance by leveraging techno-legal methods in how information is published and accessed.

• Experiments with Facial Recognition Technologies in Public Spaces: In Search of an EU Governance Framework by Catherine Jasserand, University of GroningenAccording to a survey conducted in 2020 by EDRi, at least 15 European countries have already used or experimented with facial recognition technologies (FRTs) in public spaces without much public debate. Yet, these highly intrusive technologies capture the distinctive facial characteristics of individuals to identify them. The systems operate at a distance without people’s cooperation or awareness. Evidence from France and the United Kingdom shows that public authorities (mainly the police) have trialed and used the technologies in public spaces. Drawing insights from these experiments, the chapter assesses whether the applicable data protection frameworks are sufficient to regulate public authorities’ experimentation with FRTs in public spaces. After identifying the regulatory gaps of the existing frameworks, the chapter provides some arguments and tools for a reflection on an experimental approach to test these technologies (such as Data Protection Impact Assessments, experimental legislation, and regulatory sandboxes based on the future AI Act).

• Do No Harm Guide: Applying Equity Awareness in Data Privacy Methods by Claire McKay Bowen, Urban Institute; and Joshua Snoke, RAND CorporationResearchers and organizations can increase privacy in datasets through methods such as aggregating, suppressing, or substituting random values. But these means of protecting individuals’ information do not always equally affect the groups of people represented in the data. A published dataset might ensure the privacy of people who make up the majority of the dataset but fail to ensure the privacy of those in smaller groups. Or, after undergoing alterations, the data may be more useful for learning about some groups more than others. How entities protect data can have varying effects on marginalized and underrepresented groups of people. To understand the current state of ideas, we completed a literature review of equity-focused work in statistical data privacy (SDP) and conducted interviews with nine experts on privacy-preserving methods and data sharing. These experts include researchers and practitioners from academia, government, and industry sectors with diverse technical backgrounds. We offer an illustrative example to highlight potential disparities that can result from applying SDP methods. We develop an equitable data privacy workflow that privacy practitioners and decisionmakers can utilize to explicitly make equity part of the standard data privacy process.

• AI Audits: Who, When, How…Or Even If? by Evan Selinger, Rochester Institute of Technology – Department of Philosophy; Brenda Leong, Luminos.Law; and Albert Fox Cahn, Surveillance Technology Oversight Project, Harvard University – Carr Center for Human Rights Policy, Yale Law SchoolArtificial intelligence (AI) tools are increasingly being integrated into decision-making processes in high-risk settings, including employment, credit, health care, housing, and law enforcement. Given the harms that poorly designed systems can lead to, including matters of life and death, there is a growing sense that crafting policies for using AI responsibly must necessarily include, at a minimum, assurances about the technical accuracy and reliability of the model design. Because AI auditing is still in its early stages, many questions remain about how to best conduct them. While many people are optimistic that valid and effective best practice standards and procedures will emerge, some civil rights advocates are skeptical of both the concept and the practical use of AI audits. This chapter aims to explain why AI audits often are regarded as essential tools within an overall responsible governance system and how they are evolving toward accepted standards and best practices. We will focus most of our analysis on these explanations, including recommendations for conducting high-quality AI audits. Nevertheless, we will also articulate the core ideas of the skeptical civil rights position. This intellectually and politically sound view should be taken seriously by the AI community. To be well-informed about AI audits is to comprehend their positive prospects and be prepared to address their most serious challenges.

• Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data by Daniel J. Solove, George Washington University Law SchoolHeightened protection for sensitive data is trendy in privacy laws. Although heightened protection for sensitive data appropriately recognizes that not all situations involving personal data should be protected uniformly, the sensitive data approach is a dead end. The sensitive data categories are arbitrary and lack any coherent theory for identifying them. The borderlines of many categories are so blurry that they are useless. Moreover, it is easy to use nonsensitive data as a proxy for certain types of sensitive data. This Article argues that the problems with sensitive data make it unworkable and counterproductive as well as expose a deeper flaw at the root of many privacy laws. These laws make a fundamental conceptual mistake—they embrace the idea that the nature of personal data is a sufficiently useful focal point. But nothing meaningful for regulation can be determined solely by looking at the data itself. Data is what data does. To be effective, privacy law must focus on harm and risk rather than on the nature of personal data. Privacy protections should be proportionate to the harm and risk involved with the data collection, use, and transfer.

• The Prediction Society: Algorithms and the Problems of Forecasting the Future by Hideyuki Matsumi, Vrije Universiteit Brussel (VUB); Keio University and Daniel J. Solove, George Washington University Law SchoolToday’s predictions are produced by machine learning algorithms that analyze massive quantities of data, and increasingly, important decisions about people are being made based on these predictions. Algorithmic predictions are a type of inference, but predictions are different from other inferences and raise several unique problems. (1) Algorithmic predictions create a fossilization problem because they reinforce patterns in past data and can further solidify bias and inequality from the past. (2) Algorithmic predictions often raise an unfalsifiability problem. (3) Algorithmic predictions can involve a preemptive intervention problem. (4) Algorithmic predictions can lead to a self-fulfilling prophecy problem. More broadly, the rise of algorithmic predictions raises an overarching concern: Algorithmic predictions not only forecast the future but also have the power to create and control it. Data protection/privacy law do not adequately address these problems. Many laws lack a temporal dimension and do not distinguish between predictions about the future and inferences about the past or present.  We argue that the use of algorithmic predictions is a distinct issue warranting different treatment from other types of inference.

• Beyond Memorization: Violating Privacy Via Inference with Large Language Models by Robin Staab, Mark Vero, Martin Vechev, and Mislav Balunovic, ETH ZurichCurrent privacy research on large language models (LLMs) primarily focuses on the issue of extracting memorized training data. At the same time, models’ inference capabilities have increased drastically. This raises the key question of whether current LLMs could violate individuals’ privacy by inferring personal attributes from text given at inference time. In this work, we present the first comprehensive study on the capabilities of pretrained LLMs to infer personal attributes from text. As people increasingly interact with LLM-powered chatbots across all aspects of life, we also explore the emerging threat of privacy-invasive chatbots trying to extract personal information through seemingly benign questions. Finally, we show that common mitigations, i.e., text anonymization and model alignment, are currently ineffective at protecting user privacy against LLM inference. Our findings highlight that current LLMs can infer personal data at a previously unattainable scale. In the absence of working defenses, we advocate for a broader discussion around LLM privacy implications beyond memorization, striving for a wider privacy protection.

In addition to the winning papers, FPF selected for Honorable Mentions: The After Party: Cynical Resignation In Adtech’s Pivot to Privacy by Lee McGuigan, University of North Carolina at Chapel Hill; Sarah Myers West, AI Now Institute; Ido Sivan-Sevilla, College of Information Studies, University of Maryland; and Patrick Parham, College of Information Studies, University of Maryland; and Epsilon-Differential Privacy, and a Two-step Test for Quantifying Reidentification Risk by Nathan Reitinger and Amol Deshpande of the University of Maryland.

FPF also selected two papers for the Student Paper Award: The Privacy-Bias Tradeoff: Data Minimization and Racial Disparity Assessments in U.S. Government by Arushi Gupta, Stanford University; Victor Y. Wu, Stanford University; Helen Webley-Brown, Massachusetts Institute of Technology; Jennifer King, Stanford University; and Daniel E. Ho, Stanford Law School; and Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum by Anunay Kulshrestha and Jonathan Mayer of Princeton University. A Student Paper Honorable Mention went to Ditching “DNA on Demand”: A Harms-Centered Approach to Safeguarding Privacy Interests Against DNA Collection and Use by Law Enforcement by Emma Kenny-Pessia, J.D. Candidate at Washington University in St. Louis School of Law.

In reviewing the submissions, these winning papers were awarded based on the strength of their research and proposed policy solutions for policymakers and regulators in the U.S. and abroad.

The Privacy Papers for Policymakers event will be held on February 27, 2024, in Washington, D.C., details and registration here. The event is free and open to the public.