WPF comments to NIST regarding its differential privacy guidance
WPF submitted comments to the National Institute of Standards and Technology regarding its Draft Guidelines for Evaluating Differential Privacy Guarantees. The comments approach the NIST Draft Guidance from a policy perspective, and urged changes to some parts of the definitional language in the Draft Guidance.
Key areas of the comments include:
- A discussion of the role of consent in data ecosystems, and how modern data ecosystems may allow extensive secondary data uses, including in some cases by data brokers. The current data environment presents multiple challenging use cases for privacy controls.
- WPF noted the important lessons learned regarding differential privacy from the 2020 U.S. Census.
- WPF urged NIST to discuss and acknowledge the privacy rights of groups of people, not just individuals. The comments cite emerging privacy rights granted to groups, including in the U.S., Canada, New Zealand, and in the United Nations Declaration on the Rights of Indigenous Peoples.
- Definitional recommendations focused on data collection, disclosure limitation parameters, and challenges with addressing self-inflicted privacy harms.
- WPF encouraged NIST to be cautious in its Central Model use case, noting that meaningful privacy concerns can emerge in some central model use cases.