March 31-April 1, 2023

Leading privacy law and computer science scholars met at the Harvard Law School to identify and propose solutions to the challenges that inhibit the enforcement of privacy rights in the United States in “Beyond the FTC: The Future of Privacy Enforcement”.

The interdisciplinary symposium was organized by Professor Mihailis Diamantis (University of Iowa College of Law) and Professor Rishab Nithyanand (University of Iowa Department of Computer Science). The symposium was jointly sponsored by the Iowa Innovation, Business, and Law Center, which provided generous funding and hosted the official remote viewing location at the University of Iowa (UI) College of Law, and Harvard’s Journal of Law and Technology, which will publish the proceedings in a future issue. The event drew over 300 attendees, in-person and online.

Symposium Keynotes

The two-day event featured three keynote addresses:

Congresswoman Lori Trahan (MA-03) delivered the first keynote via video recording.  She emphasized the importance of increasing resources to the Federal Trade Commission, facilitating a private right of action for privacy enforcement, and supporting privacy researchers who audit big tech. Congresswoman Trahan also highlighted the existing efforts in congress to achieve these goals. Her remarks are available here.

Cindy Cohn, the Executive Director of the Electronic Frontier Foundation delivered the second keynote at the close of the first day. Her remarks highlighted the importance of the conversations and specific research contributions that the symposium featured. She argued for improving regulatory efforts but cautioned that scholars should be mindful of unintended effects when proposing new mechanisms for privacy enforcement. Her remarks are available here.

The symposium’s closing keynote speaker was Samuel Levine, Director of the Consumer Protection Bureau of the Federal Trade Commission (FTC). He emphasized that privacy advocates should work more closely with the FTC rather than look beyond it. Director Levine highlighted recent innovations at the FTC to improve the agency’s ability to protect consumers’ privacy and emphasized the importance of academics’ participation in FTC rulemaking, Open Commission Meetings, and FTC-sponsored academic events. View Director Levine’s remarks here.

Overall, the keynotes suggested that this is a time for optimism with regards to privacy protection in the United States. Lawmakers, federal agencies, and non-governmental organizations should involve privacy scholars to secure positive outcomes.

Panel Discussions

The symposium consisted of four discussion panels, each addressing distinct and unique opportunities to improve privacy enforcement. The papers associated with the panel discussions will be published to JOLT's website in due course. Videos of their presentations are linked to their names below.

The first panel, moderated by Jonathan Zittrain (Harvard), focused on leveraging existing legal frameworks. Panel members included Ignacio Cofone (McGill), Stacy-Ann Elvy (University of California - Davis), Helen Nissenbaum (Cornell Tech), Katherine Strandburg (New York University), and Salome Viljoen (University of Michigan). Their papers discussed new theories to accommodate privacy-related class actions, how the Uniform Commercial Code (UCC) could be a tool for privacy enforcement, and how big tech exploits vulnerabilities in the U.S. privacy regime.

The second panel, moderated by Joe Calandrino (FTC), highlighted technological solutions for improving privacy enforcement. Panelists included Paul Ohm (Georgetown), Brett Frischmann (Villanova), Woodrow Hartzog (Boston), Scott Jordan (University of California Irvine), David Choffnes (Northeastern), Athina Markopoulou (University of California Irvine), Zubair Shafiq (University of California - Davis), Mihailis Diamantis (UI), Maaz Bin Musa (UI), Lucas Ausberger (UI), and Rishab Nithyanand (UI). Discussions were centered around how advancements in computational privacy research could help identify privacy violations, particularly if aided by innovations in data governance.

The third panel, moderated by Susan McGregor (Columbia), centered on the role of non-legal stakeholders in enforcing privacy protections. Panel members included Christo Wilson (Northeastern), Neil Richards (Washington University), Jordan Francis (Washington University), Woodrow Hartzog (Boston), James Cooper (George Mason), Nataliia Bielova (INRIA), Cristiana Santos (Utrecht), and Colin Gray (Purdue). Panelists noted how insights from economics and user-interface design could improve privacy enforcement.

The final panel, moderated by Olivier Sylvain (FTC), proposed new legal frameworks for enforcing privacy protections. Panelists included Serge Egelmann (University of California - Berkeley), Kirsten Martin (Notre Dame), and Alicia Solow-Niederman (UI). The conversation offered creative new approaches for overcoming existing structural challenges that regulatory authorities confront.

A review of the event from the Harvard Cyberlaw Clinic is available here.