By Tiffany Lin & Amy Zhang
On April 12th, the students in Professor Urs Gasser’s Spring 2016 Comparative Online Privacy Seminar at Harvard Law School hosted a student-led mini-symposium on data privacy in the US and the EU. The student-moderated discussion among invited experts focused on bringing data privacy from theory to reality, and included a close look at the strengths and flaws of the current U.S. and EU regulatory regime. In addition to the panel discussion, students had the opportunity to present their seminar papers to the outside experts in round-table conversations.
Invited panelists included Sara Cable, Assistant Attorney General and Director of Data Privacy and Security in the Consumer Protection Division of the Office of the Massachusetts Attorney General; Heather Egan Sussman, a Privacy & Data Security Partner at Ropes & Gray LLP; John Deighton, the Baker Foundation Professor of Business Administration at Harvard Business School; Scott Gallant, of Gallant Consulting Group; and Dipayan Ghosh, a Privacy and Public Policy Advisor at Facebook. These individuals brought together insights on the trajectory of current data privacy protections from various industries, including private companies, law firms, and academia.
Among other topics, the experts discussed the implementation of privacy-by-design, the importance of data flow within and among companies, and data’s increasing importance among start-ups. Panelists debated the trade-off between privacy and greater data functionality where companies that collect and use more data face a growing concern over breaches. Panelists also illuminated the various data breach notification laws across states, including the unique set of laws in Massachusetts.
In the end, panelists and student participants agreed that student privacy and data breach laws will remain an important discussion. Many also agreed that while state laws and local enforcement are beneficial, the system requires greater consistency. The current trend toward a principle-based approach by translating the distinct needs of regulators and consumers into universal principles could provide a solution. Other potential solutions mentioned by panelists included building privacy into the design of company practices, rethinking the notice-choice-consent model, and ultimately endorsing greater transparency and choice for subjects to control their own information.
While the structure and topics discussed at the mini-symposium were driven largely by the interests of the students in Professor Gasser’s class, this event brought together many of the themes featured in Professor Gasser’s written works, as well as those related to various projects and initiatives at the Berkman Center, where he serves as Executive Director. At an institutional level, the Berkman Center examines these issues via several privacy-focused projects, such at Privacy Tools for Sharing Research Data and the Student Privacy Initiative. As an individual researcher, Gasser has also written extensively on a variety of privacy related issues, such as student privacy, privacy behaviors on social media, and privacy law, both within the US and abroad, independently and through his capacity as Executive Director of the Berkman Center. Gasser’s current projects include a book detailing current digital privacy challenges, affecting factors, and solutions, which will be inspired by the discussions and readings generated in this class.