In the U.S., both industry and government rely on the principles of notice and choice as mechanisms to protect consumers' privacy. In this talk, Pedro will discuss results from two studies investigating how companies implement privacy notice and choice mechanisms in practice. They studied more than six thousand standardized privacy notices from U.S. financial institutions. They found large variance in stated practices, even among institutions of the same type. Statistical analyses show that large institutions and those geographically located in northeastern regions share consumers’ personal information at higher rates than all other institutions. Furthermore, they uncovered institutions failing to allow consumers to limit data sharing when legally required to do so. They also studied traditional non-standardized privacy policies from 75 online tracking companies. They found that many companies are silent with regard to important consumer- relevant practices including the collection and use of sensitive information and linkage of tracking data with users’ contact information. They also found that many policies are not fully compliant with self-regulatory online advertising principles. Pedro will discuss implications for consumers’ privacy and opportunities for improving transparency of privacy practices.
Pedro is postdoctoral fellow working on the Usable Privacy Project. He received his Ph.D. in Engineering and Public Policy from Carnegie Mellon University, where he was part of the CyLab Usable Privacy and Security Laboratory. His dissertation focused on investigating different aspects of privacy notice and choice across various application domains with the goal of informing with empirical data the design of policy frameworks and technology solutions that can better protect Internet users' online privacy. He has done research on various privacy-related areas including, online behavioral advertising (OBA), financial privacy, web privacy, and social networks. Broadly speaking, his research focuses on informing the design of both government and industry's policies to be able to achieve a balance between the benefits and potential risks of new information and communication technologies. He is particularly interested in online privacy, security, telecommunications, information transparency, law, and regulation. In his research he uses both quantitative and qualitative methods including usability testing, online surveys, interviews, statistical modeling, and large-scale analysis of companies' disclosed practices. Pedro obtained his masters degree in Information Security Technology and Management in 2010 from the Information Networking Institute at Carnegie Mellon University. And his bachelors degree in Telecommunications Engineering in 2003 from the School of Engineering at the National Autonomous University of Mexico.