By: María P. Angel

In the last four years, the U.S. public policy debate about privacy has revolved around different proposals for comprehensive privacy legislation, both at the federal and state level. Since the California Consumer Privacy Act (CCPA) passed in 2018, more than half of the states in the U.S. have proposed comprehensive privacy bills. Similarly, during this timeframe, dozens of privacy-related bills have worked their way through the halls of the U.S. Congress. 

Accordingly, U.S. policymakers’ efforts regarding privacy have lately focused on: (i) granting individual data privacy rights; and (ii) requiring the implementation of internal compliance mechanisms within companies that collect, use, or transfer personal data. These measures look to empower consumers and make data collectors more accountable. This, as a response to the already-proven failure of privacy’s traditional notice-and-consent regime and as an attempt to come closer to GDPR-style protection.

From the outside, the American privacy community appears pleased to see these ongoing debates. Of course, controversies abound around the nuts and bolts of the proposals, especially when it comes to introducing a private right of action or selecting an opt-in or opt-out approach. In fact, these are some of the reasons why proposed bills have not been approved in past legislature sessions, as has repeatedly happened in the state of Washington. But, overall, it seems like all sectors agree that discussing these bills is the right way to go.

However, this is not necessarily the case for at least a big chunk of American privacy law scholars. A review of recent law review articles sheds light on what seems to be a common claim among the American privacy law scholarship: even if these comprehensive bills are passed, they will not have tackled the real problem. So, what is the real problem? Well, according to a considerable portion of scholars, there are at least two.

First: privacy has some social/relational dimensions that these legislation proposals fail to address. Besides individual data, people’s privacy decisions are made over shared data (data directly connected to other people) and interrelated data (data that can be used to infer data about others). For instance, my genetic data is shared, because it reveals my inherited or acquired genetic characteristics and those of my family members. Similarly, my behavioral characteristics are interrelated data, because they can be used to make inferences about other people classified in my same market segments (e.g., women, Latinas, lawyers, first-generation graduate students, etc.). Therefore, whenever I choose to share any of this information, I am not only deciding over my data but the data of others. 

These relational dimensions, sometimes called by scholars as “networked privacy,” “privacy dependencies,” “privacy externalities,” or “data’s relationality,” cast doubt over the real usefulness of the individual privacy rights that lawmakers are currently working on. At least—privacy scholars claim—, they make evident the limitations of these rights, in an information economy where more and more data are shared and interrelated, and where, therefore, our privacy not only depends on our exercise of those rights but on the decisions and disclosures of other people.

Second: privacy violations are fueled by and result in power asymmetries that are not being challenged by these laws. Information is power—Neil Richards would say—and power is currently concentrated in the hands of a few tech companies who weaponize data-driven technologies to influence and manipulate us. Even more, different scandals have made evident that data can be a tool of oppression and subordination, “whether it is used to train totalitarian facial recognition models surveil protestors, send people to jail, or subjugate vulnerable populations.” Therefore, it has become evident that privacy “is [really] about how power is distributed and wielded.” 

As Ari Waldman posits, compliance mechanisms like the ones currently discussed by legislators “do not upset traditional structures of power.” Rather, by reinforcing already entrenched powers, they seem to ignore more structural questions about power differentials and justice. In other words, they are simply not designed to rein in data extraction.

As a result, a big portion of American privacy law scholars have been calling for what Woodrow Hartzog and Neil Richards call “the third way,” and which Ari Waldman has referred to as “a ‘third wave’ for Privacy Law.” Basically, they suggest legislators to consider adopting a more holistic solution, “a more nimble, layered, and inclusive approach that protects personal data but also looks beyond it to account for things that data protection often fails to consider: power, relationships, abusive practices, and data externalities.‬”‬ This would include, for example, implementing duties of data loyalty, adopting a radically democratic approach to data governance, and augmenting individual privacy rights with broader measures that are more societal and architectural in nature. 

Are these proposals sufficiently developed to be considered possible and realistic alternatives? Shouldn’t these be complementary rather than alternative measures to the individual data privacy rights? Isn’t it already too late to recalculate the current legislative route? Is it even strategic to abandon this approach? Isn’t it too much to ask for privacy to rein in data exploitation? These are all valid questions that should be debated. But, at the very least, these scholarly arguments deserve to be heard and publicly discussed. Since the birth of the right to privacy in the U.S., privacy law scholarship has played a determinant role in the development of American privacy law. And this should be no exception.

By: Zoe Wood

In 2020, the U.S. Census Bureau applied differential privacy to U.S. Census data for the first time. This was in response to a growing understanding throughout the early 2000s that large data sets which have been reasonably de-identified can be cross-referenced with other large data sets to the point of identifying individual data points. 

But as the privacy risks associated with collection and publication of personal data on a huge scale increase, the Bureau’s need to collect accurate and comprehensive data every ten years remains constant. And these two requirements have an inverse relationship. The more accurate and useful a data set, the easier it is to identify; the more obscured, the harder it is to use in the service of understanding the nuances of the U.S. population. Moreover, adequate privacy measures are essential to convincing potential census respondents–“especially among people of color, immigrants and historically undercounted groups who may be unsure of how their responses could be used against them”–that responding to the census is safe. Differential privacy provides a sophisticated computational method for balancing privacy with accuracy, calibrated to the nature of a given data set.

Legal census data protection 

The tension between useable data and individual privacy is not new to the Census Bureau. The Census is fascinating in the context of privacy law because it represents a well-documented microcosm of government thought on large data sets and privacy in addition to what types of data have been considered worthy of protection over the years. As early as 1840, officials responsible for the census became aware that poor response rates among certain professional groups were due to privacy concerns, and the following year, officials were required to treat information “relative to the business of the people” as confidential. By the turn of the century, officials were threatened with fines and eventually imprisonment for revealing protected census information–privacy by threat of punishment. 

When legislation around census data privacy began to develop at the beginning of the 20^th century, it continued to protect only business data. 1940 marked the first year in which census privacy laws protected census data about people, although the protection was quickly overturned during the Second World War, when the American government used its individual census data (micro data) to intern Japanese Americans and Americans of Japanese ancestry.

13 U.S.C. § 9 passed in 1954. It prohibits use of census data “for any purpose other than the statistical purpose for which it is supplied,” “any publication whereby the data furnished by any particular establishment or individual under this title can be identified,” and “anyone other than the sworn officers and employees of the Department or bureau or agency thereof to examine the individual reports.” Section 9 also makes census data “immune from legal process” and prohibits its use as evidence or for any other purpose in “any action, suit, or other judicial or administrative proceeding.” Notably, Section 9’s consolidation and strengthening of census data privacy law did not prevent the Census Bureau from providing “specially tabulated population statistics on Arab-Americans to the Department of Homeland Security, including detailed information on how many people of Arab backgrounds live in certain ZIP codes” in 2002 and 2003. 

Extra-legal census data protection 

In 1920, data analysts at the Census Bureau first used (crude) statistical measures to prevent disclosure of, once again, business information. They did so by manually pouring over the data sets and hiding potentially compromising information. The first automatically tabulated census arrived in 1950; in 1960, the Bureau’s “disclosure avoidance techniques” for public-use microdata samples involved only the removal of direct identifiers and a geographic population threshold of 250,000. In 1980, the Bureau introduced the  “top coding” technique which eliminates the upper outliers in a data file, on the theory that outliers are more readily identifiable. In 1990, the Bureau top coded more categories of data and introduced “recoding,” which combines categories of data with fewer than 100,000 people or households. The 1990 census also used an “imputation” method by which original data were modeled, which flagged unique data points. Those points were “blanked” and replaced with a value generated by the model. 

Despite this increase in sophistication, Dr. Latanya Sweeney, who is the Daniel Paul Professor of the Practice of Government and Technology at the Harvard Kennedy School, analyzed 1990 census data and demonstrated that 87% of the population could be identified by a combination of zip code, date of birth, and gender. Dr. Sweeney’s revelation came in 2000, which was the first year that census results were published online. Even so, the Bureau’s disclosure avoidance techniques progressed slowly. Through the 2010 census, it continued to apply direct de-identification, recoding, top coding, and bottom coding in addition to implementing newer techniques such as swapping (characteristics of unique records are swapped with characteristics of other records), use of partially synthetic (model-generated) data, and noise infusion.

So what is differential privacy??

Differential privacy begins from the principle that privacy is a property of a computation rather than a property of the output itself.  Wikipedia puts it very well: differential privacy is “a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset.” This means that a data analyst working with the output of a differentially private algorithm should know no more about any individual in the data set after the analysis is completed than she knew before the analysis began.

The implementation of differential privacy has two major components: (1) a randomized algorithm and (2) ε,which denotes some positive real number. ε is likened to a “tuning knob” which balances the privacy and accuracy of the output. Depending on the value given for ε, the output of the differentially private algorithm will be more accurate and less private, or more private and less accurate.

While differential privacy will better protect publicly released microdata samples from analysts, it does assume the existence of a trustworthy curator who collects and holds the pre-processed data of individuals. In the case of the U.S. Census, this trusted curator is the Census Bureau and its agents. Adherence to § 9 is still essential to prevent further privacy violations and breaches of public trust. And arguably, as demonstrated in 2002 and 2003, § 9 isn’t strong enough to ensure the ethical use of U.S. census data. Even the most sophisticated iteration of computational privacy is only as strong as the policy of its implementers.

By: Stephanie Turcios

The creators of the animated series, The Simpsons, depicted the unintended consequences of our child welfare system in its 1995 episode titled, Home Sweet Homediddly-Dum-Doodily. In this episode, the Simpson children are sent to live with their neighbors, the Flanders, who serve as foster parents, while Homer and Marge complete a parenting class to get their children back. Sadly, the problems depicted in this episode still exist today. 

The Simpsons’ involvement in the child welfare system.

The Simpsons became involved in the child welfare system through a series of unfortunate misunderstandings. First, Bart went to school with head lice after playing with his best friend’s  pet monkey. Second, Lisa reported to the principal’s office without shoes after an altercation with bullies on the playground and her baby tooth fell out. Consequently, Bart and Lisa’s principal reported the children’s condition to Child Protective Services (“CPS”) out of concern for the children’s wellbeing. When the CPS agents arrived at the Simpson’s home, Marge and Homer were away for an afternoon getaway at the spa, but CPS found their home to be a “squalid hellhole.” Newspapers from 20 years ago were sitting on the kitchen table for Lisa’s school project, the dishes were not done, and the trash had not been taken out. The final straw for the CPS agents was the fact that Grandpa had fallen asleep while watching Maggie. Given the totality of the circumstances, the CPS agents believed Homer and Marge were negligent parents and immediately removed Bart, Lisa, and Maggie from their parents’ care. 

The episode continues by depicting how much the children miss their parents, and the hurdles Homer and Marge must overcome to regain custody of their children. Although this episode is comical and has a happy ending, this is not the case for many families impacted by the child welfare system. The Home Sweet Homediddly-Dum-Doodily episode provides an impetus for a deeper conversation about the problematic nature of mandatory reporting and the trauma children experience as a result of short stays in foster care.  

The problematic nature of mandatory reporting.

Principal Skinner was required to report the conditions of Bart and Lisa to CPS under the Child Abuse Prevention and Treatment Act (CAPTA). See 42 U.S.C. § 5106a(b)(2)(B)(i).  Like in The Simpsons episode, the unfortunate road to the child welfare system almost always begins with a report to CPS for suspected neglect via a mandatory reporter. According to the Children’s Bureau, in 2019, more than two-thirds (68.6 %) of all reports of alleged child neglect were made by mandatory reporters. 

Mandatory reporters are likely to overreport because of the financial and legal consequences built into our federal statute. First, to receive federal funding, states must require certain professionals to be mandatory reporters. Most states impose the mandatory reporting requirement on a lengthy list of professionals, including teachers, principals, and school administrators. Second, a mandatory reporter must report any suspected child neglect or abuse or risk possible incarceration and losing their license. Hence, mandatory reporting is a double edged sword because these are professionals that are able to help meet a child’s needs but are simultaneously instrumental in removing children from their parents’ care.

Unfortunately, research shows that mandatory reporting fails to protect children. According to an international qualitative study of mandatory reporters, most of whom were in the U.S., 73% of mandatory reporters reported negative experiences with the process. Mandatory reporters described experiences where children were revictimized by the process, their abuse intensified after the report, and children were placed in foster care environments that were worse than the family of origin.

The trauma of short stays.

Most Americans are unaware that the experience of the Simpson children depicted in the episode is common in real life. Children are removed temporarily (either for a few days or a few weeks) without a court order while their parents sort out the allegations against them. On average, approximately 17,000 children are removed from their families’ custody per year and placed in foster care only to be reunited within days. Child welfare experts refer to these removals as “short stays.” 

Remarkably, Washington’s King, Pierce, and Snohomish counties are amongst the counties with the highest percentage of short stays in the U.S. This is because in Washington, a child can be removed by law enforcement and placed in protective custody without a court order for up to 72 hours if law enforcement believes a child is being abused or neglected and will be hurt if not removed immediately. (emphasis added). Like in the episode when Bart had lice and Lisa lost her shoes and baby tooth, indicators of neglect in Washington may include the child being dirty, lacking needed medical or dental care, or lacking sufficient clothing for the weather.  These indicators are enough to remove children from their parents’ care for up to 72 hours. 

Studies on child development show that when children are separated from their parents, it is the source of a lifelong trauma, regardless of how long the separation lasts. Some children who were removed from their home described the experience as “being kidnapped,” even if it only lasted for a few days. Further, children who experience even brief separation from their families release a higher level of cortisol-stress hormones that damage unrenewable brain cells. Dr. Charles Nelson, professor of Pediatrics at Harvard Medical School, said “There’s so much research on this that if people paid attention at all to the science, they would never do this.”  

Should we reconsider mandatory reporting?

Many people wondered how the U.S. government could unnecessarily traumatize children by separating them from their parents at the U.S.-Mexico border. But the reality is the U.S. government has been doing this to its own citizens for decades via short stays in the foster care system, and consequently, causing irreversible harm to children. Animated cartoons like The Simpsons create a safe space for people to reflect on the issues depicted in the episode and critically evaluate the impact our current system is having on people’s lives. A system that perpetuates harm requires a reimagined approach. Instead of requiring mandatory reporting, professionals should have the discretion to report without fear of losing their license or facing criminal penalties. Perhaps reimagining mandatory reporting will free community spaces from harmful practices and give social service professionals the liberty to work with families to get children’s needs met rather than subjecting them to unnecessary trauma.