User-Centric Privacy - what is it?

Nobody reads privacy policies anymore, at least not according to Dr. Florian Schaub, Assistant Professor of Information and of Electrical Engineering and Computer Science at the University of Michigan.

And that’s the big problem to be discussed in the Information Systems Security Association’s (ISSA) Webinar entitled “User-Centric Privacy: Designing Effective Protection that Meets Users’ Needs.”

Moderated by Janelle Hsia of Privacy SWAN Consulting and featuring Dr. Schaub, the webinar will address the advancements of privacy engineering and designing systems to meet consumers’ privacy needs in a user-centric way. According to Dr. Schaub, in an article on TheConversation.com*, privacy policies are often difficult to read and understand, serve different purposes depending on the audience and are more focused on meeting legal requirements than on consumers’ expectations.  In fact, it is so bad that a 2008 study by Aleecia McDonald and Lorrie Cranor found that it would take you 244 hours to read all the privacy notices for all the websites that you visited in one year.

Topics to be covered include whether smart devices are compromising users’ privacy by accidentally recording sensitive and personal conversations and whether users are able to control their privacy as much as they think. This webinar will begin to answer these and other questions about why it's so hard for companies to give people good options for their privacy and why people feel resigned that they've lost control of their personal data.

For example, according to Vox.com*, a recent study by Northeastern University, which tested several popular smart speakers against TV dialogue, smart devices accidentally activate around 19 times per day, with half of those recordings lasting anywhere from 6 to 43 seconds long. This goes beyond amusing anecdotes and into more serious privacy concerns.

Other intrusions into privacy include ads triggered by social media associations. A 2019 FTC ruling* imposed a $5B penalty on Facebook, the largest penalty ever levied against a company for privacy violations. The ruling charged that Facebook misled its users about their ability to control their own privacy on the site, which is used by around 185 million people in the U.S. and Canada alone.

The ISSA webinar will take place on Thursday, December 17 from 1-2 p.m. EST.