Blog
All »-
Uruguay receives adequacy determination from EU for personal data protections.
At the end of August, the European Union determined that Uruguay’s privacy laws provide an adequate level of protection. This allows companies, governments, or individuals to transfer personal information from Europe to Uruguay without the use …
-
Pew Survey highlights users changing concerns about privacy online
Recently, the Pew Internet and American Life Project released a report detailing consumer use of search engines. The survey highlighted both that users have begun to learn how much of …
-
SXSW Privacy Roundup: 5 Key Takeaways for Startups
SXSW Interactive, better known as SXSWi, just ended last week. SXSWi is a wonderful event to experience new startups, applications, and innovations. This year, privacy was a powerful theme at …
-
Book Review – I Know Who You Are and I Saw What I Did by Lori Andrews
As social networking sites have become more pervasive, the amount of private information shared online continues to grow. For some, this is just seen as the cost one must pay …
-
European Commission Proposed Data Protection Law
On January 25, 2012, the European Commission released a proposed General Data Protection Legislation (“Proposed Regulation”) for comprehensive reform of existing European Union (“EU”) data protection rules. Through the Proposed …
-
Uruguay receives adequacy determination from EU for personal data protections.
Submissions
The Hastings Science & Technology Law Journal (SLJT) accepts all submissions electronically and has strong preference for submission via ExpressO. If you can’t submit your article via ExpressO, contact us at
How Lawyers Can Help Developers Design for Privacy
Recently, the Stanford Center for Internet and Society and the Future Privacy Forum hosted an App Developer Privacy Conference. The event brought together technologists, lawyers, and business people giving them the chance to communicate their challenges and understand what really needs to happen in privacy from every side.
One of the more interesting issues raised at the conference came from developers: they want clear guidelines from lawyers explaining what they can or cannot do. The challenge, however, is that technology is constantly changing. Nonetheless, there are some constants that will not change which lawyers can communicate to developers to keep in mind to design for privacy.
Notice
Although the privacy policy is the “gold standard” required by law, lawyers can go a step further in providing notice to both consumers and developers. By putting a company’s privacy practices in an easy to read format, similar to a “nutrition label,” map, or chart, consumers and developers will be given better notice.
This approach enables consumers to easily understand what data is being collected and make more informed choices. Additionally, developers will be able to understand what they are permitted to do under the privacy policy and code accordingly. If the developer notices a practice that runs afoul the easy to read privacy policy when creating the product, the developer can bring attention to the lawyers to update accordingly or fix the collection practice. In sum, all parties will have a more clear understanding of company privacy practices and where to adjust for business and legal needs.
Choice
Choice is very important, but sometimes too much choice can confuse users. Developers, entrepreneurs, attorneys, or whichever party within a company is responsible for the privacy policy must collaborate with other stakeholders to make a strategic decision on how to present choice to users and strategically select the aspects of the product users may choose.
Data Context and Sensitivity
The context in which data is collected and the sensitivity of data are two essential areas to address. Prioritize notice and choice for more sensitive data based on context of data collection. Convey this importance to developers so they may appropriately respond to legal needs and provide users with choice or ensure security.
Be Consistent
Unfortunately, there is not much consistency across the industry on the meaning of important terms for privacy. However, attorneys have the ability to use consistent terms across different policies in a single company. If developers understand what terms mean in one policy, they will more easily be able to later design in line with other relevant policies as well.