8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 3 - due October 8, 2013

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment: September 26-October 8 readings

1. [25 points] Write a short summary of each of the required readings (3-7 sentences each - do not exceed 7 sentences!). 12-unit students: also read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy.

2. [25 points] In December 2012 the FTC amended the Children's Online Privacy Protection Rule. They have subsequently made available a number of documents that provide guidance on COPPA compliance. The FTC is now seeking public comment on a method for verifiable parental consent proposed by Imperium under the new COPPA Rule. Read about the proposed method as well as the FTC's method for verifiable parental consent proposed by Imperium under the new COPPA Rule. Read the FTC's Request for public comment and comment on questions 2 and 3 posed by the FTC. Please prepare your answer as a letter to the FTC. You don't need to actually submit the letter to the FTC (although you are welcome to do so).

3. [25 points] Download and install a privacy tool that identifies web trackers, for example, Ghostery or DoNotTrackMe. Use the tool as you browse the web and find a web page that has at least 10 different trackers on it. Read about some of these trackers and what they do. Use the tool or view the page source to determine how some of the trackers are embedded in the page. Write up what you found. Be sure to mention what tool you used, what website you examined that had at lest 10 trackers, what these trackers do, how they are embedded in the page, and how you figured this out.

4. [25 points] Pick one of the trackers you found in the previous question and read its privacy policy (if it doesn't have a detailed privacy policy, try again with a different tracker). What type of data is collected and associated with the tracker? How will that data be used? How might it be shared? How long will it be retained? How can users opt-out and what exactly can they opt out of? Does this policy comply with the NAI Code of Conduct? What aspects of this policy raise privacy concerns and what aspects seem privacy protective?