Lab: Privacy Laws

In lecture, we discussed how different laws regulate the collection and use of people’s data. Today, you will learn about the details of a privacy-related law of your choice.

Instructions

Task 1: Choose a Privacy Law (10 minutes)

Use this Google Doc select a privacy law to research. You will research the law with a group of three to four students.

Wait five minutes for everyone to edit the Google Doc. If your preferred privacy law has fewer than three students, join a different group.

Task 2: Create a Compliance Worksheet (40 minutes)

Work with your group to create a three page compliance worksheet for your law. Your worksheet should include:

• A short history of the law:
  • When was it introduced?
  • Why was it introduced?
  • How has it changed over time?
• An explanation of the law’s privacy protections:
  • What rights does it give users?
  • What responsibilities does it impose on companies?
• An explanation of the law’s reach:
  • When does it apply to users?
  • When does it apply to companies?
  • For example, some laws give rights to residents of particular countries, and apply to all companies that collect those residents’ data
• An explanation of how the law is enforced:
  • Are there monetary fines?
  • Describe recent enforcement actions, if any
• A checklist (or flowchart) to help developers ensure they adhere to the law’s requirements:
  • Some laws have many requirements! If so, focus on the most important requirements, and briefly explain what you omitted.

Include appropriate citations. Don’t cite Wikipedia, ChatGPT, etc.

Note: Laws are complex! You can assign different research tasks to different team members.

Note: The text of a law is important, but related court cases are equally important.

Note: There are commercial tools to help companies manage compliance with laws around the world (e.g., from OneTrust). These tools are particularly helpful for smaller companies that don’t have a dedicated legal team. Larger companies may have a Chief Privacy Officer who helps manage compliance.

Task 3: Perform Compliance Checks (15 minutes)

Each member of your team should:

• Use your compliance checklist to evaluate a different internet-connected software product (e.g., website, app, etc.)
• Write a short paragraph explaining whether the software you evaluated seems to adhere to your privacy law. Reference specific features of the software and parts of the law.

Note: In some cases, it is possible to automatically check for potential compliance issues. This is an active research area.

Task 4: Discuss (10 minutes)

Discuss with your team:

• Was the software you evaluated mostly compliant, or not?
• How challenging is it for companies to comply with this law?
• Does this law protect consumers effectively?
  • If not, how should the law be changed?

Submit

Each team should upload a single PDF to Gradescope containing their:

• Compliance worksheet
• Software compliance checks

This assignment will be graded for completion, as part of your attendance and participation grade.

Learning Goals

• Understand aspects of privacy laws
• Practice teamwork and communication skills