by Olivia Figueira, Privacy Engineering Intern
My first experience with privacy research was during my undergraduate senior thesis project. The research project involved the use of application programming interfaces (APIs) provided by social media companies to collect data and study COVID-19 information spread. While writing an ethical analysis for the project, I began thinking more about the amount of data I had access to by using these APIs, and how potentially unaware users were about how their data can be seen, used, and shared in many different ways—often by honest researchers, but also by the companies themselves, and potentially by malicious users. I found studies discussing how users often do not read privacy policies or terms of service, and that even when they're prompted to read and accept them, they quickly skim through and accept the terms in order to move on and use the service. I was certainly no better than the average user in this case—these documents seemed indecipherable and full of confusing legalese. I would also accept the terms and move on, thinking, "How bad can it be? It's just an app on my phone." Skip forward to just a few years later, I am now a PhD student studying computer science and researching privacy and policy, and I have discovered that things are, indeed, bad.
From my newfound interests and research during grad school, I came across the 2021 State of Kids' Privacy Report from the Privacy Program at Common Sense Media. Based on evaluating the privacy policies of 200 of the most popular educational technologies (edtech), this report analyzed the trends in privacy practices over time. A finding that stuck out to me was that, while transparency of practices was increasing, many policies were now being more transparent about their poor privacy practices. While increased transparency is certainly better than not disclosing privacy practices at all, the report highlighted the continuing lack of privacy in edtech. I wanted to learn more about this research and team, and was excited to find out they were hiring interns for the summer.
During the summer of 2022, I worked on the Privacy Program team as a Privacy Engineering Intern. In the very first week of my internship, Jolina Cuaresma, Senior Counsel, Privacy and Technology Policy at Common Sense Media, testified at the House Committee on Energy and Commerce hearing about the American Data Privacy and Protection Act (ADPPA). I was blown away and thrilled to see the organization's advocacy for data privacy, making me all the more excited to work at Common Sense Media. During my internship in the Privacy Program, I was able to contribute to several interdisciplinary projects and learn so much about their work and the state of privacy, sparking new interests in my own research and academic career.
On the engineering side, I worked on improving the team's internal system for privacy policy evaluations, which utilizes machine learning and natural language processing to help evaluators by parsing privacy policies and finding relevant text. I also worked on a front-end website project to improve the team's site that lists privacy evaluations. On the policy side, I was trained to become a privacy policy evaluator, which included learning how to interpret privacy policies and conduct basic and full evaluations of edtech using the Privacy Program's comprehensive evaluation system. On the research side, I consulted and contributed to their forthcoming report about the privacy of virtual reality technologies. I also helped write conference proposals and wrote articles for their blog, including an article about the privacy issues of virtual location data in virtual reality, plus potential solutions.
I was surprised at how many diverse projects I was given the opportunity to work on during this internship, and it has been extremely rewarding. I was able to work with each member of the team on these different projects and learn from their experiences spanning engineering, law, and education. The weekly team meetings were particularly illuminating, as we would discuss everyone's progress on their own projects, as well as privacy news in technology and law.
I am leaving this internship feeling lucky to have worked with and learned so much from my team, and also feeling more optimistic about the future of tech privacy—which is quite a feat, considering its current state! The work of the Privacy Program to empower users about their privacy and advocate for stronger tech privacy gives me hope. As users become more concerned about privacy, both for themselves and their kids, and as regulators start cracking down on data privacy issues, companies will hopefully not be able to get away with anti-privacy practices much longer. I am excited to continue working on this goal in my PhD program and beyond, and I deeply thank the Privacy Program for welcoming me into their team and teaching me so much this summer.