research-article

Open access

Privacy Legislation as Business Risks: How GDPR and CCPA are Represented in Technology Companies' Investment Risk Disclosures

Authors:

Richmond Y. Wong,

R. Cooper AspegrenAuthors Info & Claims

Proceedings of the ACM on Human-Computer Interaction, Volume 7, Issue CSCW1

Article No.: 82, Pages 1 - 26

https://doi.org/10.1145/3579515

Published: 16 April 2023 Publication History

Abstract

Power exercised by large technology companies has led to concerns over privacy and data protection, evidenced by the passage of legislation including the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). While much privacy research has focused on how users perceive privacy and interact with companies, we focus on how privacy legislation is discussed among a different set of relationships-those between companies and investors. This paper investigates how companies translate the GDPR and CCPA into business risks in documents created for investors. We conduct a qualitative document analysis of annual regulatory filings (Form 10-K) from nine major technology companies. We outline five ways that technology companies consider GDPR and CCPA as business risks, describing both direct and indirect ways that the legislation may affect their businesses. We highlight how these findings are relevant for the broader CSCW and privacy research communities in research, design, and practice. Creating meaningful privacy changes within existing institutional structures requires some understanding of the dynamics of these companies' decision-making processes and the role of capital.

References

[1]

Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner. 2019. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Technical Report. Pew Research. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

[2]

Norah C. Avellan. 2014. The Securities and Exchange Commission and the Growing Need for Cybersecurity in Modern Corporate America. Washburn Law Journal 54, 1 (2014), 193--226.

[3]

Karla Badillo-Urquiola, Yaxing Yao, Oshrat Ayalon, Bart Knijnenurg, Xinru Page, Eran Toch, Yang Wang, and Pamela J. Wisniewski. 2018. Privacy in Context: Critically Engaging with Theory to Guide Privacy Research and Design. In Companion of the 2018 ACM Conference on Computer Supported Cooperative Work and Social Computing (Jersey City, NJ, USA) (CSCW '18). Association for Computing Machinery, New York, NY, USA, 425--431. https://doi.org/10.1145/3272973.3273012

Digital Library

[4]

Yang Bao and Anindya Datta. 2014. Simultaneously Discovering and Quantifying Risk Types from Textual Risk Disclosures. Management Science 60, 6 (6 2014), 1371--1391. https://doi.org/10.1287/mnsc.2014.1930

Digital Library

[5]

Ulrich Beck. 2006. Living in the world risk society. Economy and Society 35, 3 (2006), 329--345. https://doi.org/10.1080/03085140600844902

[6]

Mark Bergen. 2021. Microsoft Will Allow More Repair Shops After Activist Protests. https://www.bloomberg.com/news/articles/2021--10-07/microsoft-will-allow-more-repair-shops-after-activist-protests

[7]

BlackRock. 2021. The tectonic shift to sustainable investing. https://www.blackrock.com/institutions/en-us/insights/investment-actions/sustainable-investing-shift [Online; accessed 2022-07--15].

[8]

Sorin Nicolae Borlea and Monica-Violeta Achim. 2013. Theories of corporate governance. Economics Series 23, 1 (2013), 117--128.

[9]

Geoffrey C. Bowker, Karen Baker, Florence Millerand, and David Ribes. 2010. Toward Information Infrastructure Studies: Ways of Knowing in a Networked Environment. In International Handbook of Internet Research. Springer Netherlands, Dordrecht, 97--117. https://doi.org/10.1007/978--1--4020--9789--8_5

[10]

Jenna Burrell. 2009. The Field Site as a Network: A Strategy for Locating Ethnographic Research. Field Methods 21, 2 (18 Feb. 2009), 181--199. https://doi.org/10.1177/1525822X08329699

[11]

Jenna Burrell, Zoe Kahn, Anne Jonas, and Daniel Griffin. 2019. When Users Control the Algorithms: Values Expressed in Practices on Twitter. Proceedings of the ACM on Human-Computer Interaction 3, CSCW (7 11 2019), 1--20. https://doi.org/10.1145/3359240

Digital Library

[12]

M. Ryan Calo. 2012. Against Notice Skepticism in Privacy (and Elsewhere). Notre Dame Law Review 87, 3 (2012), 1027--1072.

[13]

Robyn Caplan, Meredith Clark, and William Partin. 2020. Against Platform Determinism: A Critical Orientation. https://points.datasociety.net/against-platform-determinism-899acdf88a3d

[14]

Alissa Centivany. 2016. Policy as Embedded Generativity: A Case Study of the Emergence and Evolution of HathiTrust. In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing - CSCW '16. ACM Press, New York, New York, USA, 924--938. https://doi.org/10.1145/2818048.2820069

Digital Library

[15]

Nicole Chi, Emma Lurie, and Deirdre K. Mulligan. 2021. Reconfiguring Diversity and Inclusion for AI Ethics. In Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society (Virtual Event, USA) (AIES '21). Association for Computing Machinery, New York, NY, USA, 447--457. https://doi.org/10.1145/3461702.3462622

Digital Library

[16]

Shruthi Sai Chivukula, Chris Rhys Watkins, Rhea Manocha, Jingle Chen, and Colin M. Gray. 2020. Dimensions of UX Practice That Shape Ethical Awareness. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI '20). Association for Computing Machinery, New York, NY, USA, 1--13. https://doi.org/10.1145/3313831.3376459

Digital Library

[17]

Privacy Rights Clearinghouse. 2020. California Consumer Privacy Act Basics.

[18]

J Richard Dietrich, Steven J. Kachelmeier, Don N. Kleinmuntz, and Thomas J. Linsmeier. 2001. Market Efficiency, Bounded Rationality, and Supplemental Business Reporting Disclosures. Journal of Accounting Research 39, 2 (9 2001), 243--268. https://doi.org/10.1111/1475--679X.00011

[19]

Zak Doffman. 2021. Why You Shouldn't Use Google Chrome After New Privacy Disclosure. Forbes (20 March 2021). https://www.forbes.com/sites/zakdoffman/2021/03/20/stop-using-google-chrome-on-apple-iphone-12-pro-max-ipad-and-macbook-pro/

[20]

Hamid Ekbia and Bonnie Nardi. 2016. Social Inequality and HCI: The View from Political Economy. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI '16). Association for Computing Machinery, New York, NY, USA, 4997--5002. https://doi.org/10.1145/2858036.2858343

Digital Library

[21]

Peter Elkind, Jack Gillum, and Craig Silverman. 2021. How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users. ProPublica (7 Sept. 2021). https://www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users

[22]

Ronan O Fathaigh, Joris van Hoboken, and Nico van Eijk. 2018. Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures. Journal of Business and Technology Law 14, 1 (2018), 49--105.

[23]

Matthew F. Ferraro. 2014. "Groundbreaking" or Broken? An Analysis of SEC Cybersecurity Disclosure Guidance, its Effectiveness, and Implications. Albany Law Review 77 (2014), 51 pages.

[24]

Casey Fiesler. 2019. Ethical Considerations for Research Involving (Speculative) Public Data. Proceedings of the ACM on Human-Computer Interaction 3, GROUP (5 12 2019), 1--13. https://doi.org/10.1145/3370271

Digital Library

[25]

Caroline Flammer, Michael W. Toffel, and Kala Viswanathan. 2021. Shareholder activism and firms' voluntary disclosure of climate change risks. Technical Report 10. 1850--1879 pages. https://doi.org/10.1002/smj.3313 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/smj.3313

[26]

Sarah E. Fox, Vera Khovanskaya, Clara Crivellaro, Niloufar Salehi, Lynn Dombrowski, Chinmay Kulkarni, Lilly Irani, and Jodi Forlizzi. 2020. Worker-Centered Design: Expanding HCI Methods for Supporting Labor. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI EA '20). Association for Computing Machinery, New York, NY, USA, 1--8. https://doi.org/10.1145/3334480.3375157

Digital Library

[27]

Sarah E. Fox, Kiley Sobel, and Daniela K. Rosner. 2019. Managerial Visions: Stories of Upgrading and Maintaining the Public Restroom with IoT. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI '19). Association for Computing Machinery, New York, NY, USA, 1--15. https://doi.org/10.1145/3290605.3300723

Digital Library

[28]

R. Edward Freeman and David L. Reed. 1983. Stockholders and Stakeholders: A New Perspective on Corporate Governance. California Management Review 25, 3 (1 4 1983), 88--106. https://doi.org/10.2307/41165018

[29]

Milton Friedman. 1970. A Friedman doctrine - The Social Responsibility of Business Is to Increase Its Profits. New York Times Magazine (13 Sept. 1970).

[30]

Lei Gao, Thomas G. Calderon, and Fengchun Tang. 2020. Public companies' cybersecurity risk disclosures. International Journal of Accounting Information Systems 38 (2020), 100468. https://doi.org/10.1016/j.accinf.2020.100468

[31]

Robert Gellman. 2022. Fair Information Practices: A Basic History (vr. 2.22). Technical Report. https://doi.org/10.2139/ssrn.2415020

[32]

Eric Goldman. 2020. Introduction to the California Consumer Privacy Act (CCPA). Technical Report. Santa Clara University Legal Studies Research Paper. https://doi.org/10.2139/ssrn.3211013

[33]

Jacob Greenspon. 2019. Big a Problem Is It That a Few Shareholders Own Stock in So Many Competing Companies. https://hbr.org/2019/02/how-big-a-problem-is-it-that-a-few-shareholders-own-stock-in-so-many-competing-companies [Online; accessed 2022-07-09].

[34]

Critical Platform Studies Group, Lilly Irani, Niloufar Salehi, Joyojeet Pal, Andrés Monroy-Hernández, Elizabeth Churchill, and Sneha Narayan. 2019. Patron or Poison? Industry Funding of HCI Research. In Conference Companion Publication of the 2019 on Computer Supported Cooperative Work and Social Computing (Austin, TX, USA) (CSCW '19). Association for Computing Machinery, New York, NY, USA, 111--115. https://doi.org/10.1145/3311957.3358610

Digital Library

[35]

Seda Gürses and Van Joris Hoboken. 2017. Privacy After the Agile Turn. In Cambridge Handbook of Consumer Privacy, Jules Polonetsky, Omer Tene, and Evan Selinger (Eds.). Cambridge University Press. https://doi.org/10.31235/osf.io/9gy73

[36]

Drew Harwell. 2019. Doorbell-camera firm Ring has partnered with 400 police forces, extending surveillance concerns. The Washington Post (28 8 2019).

[37]

Anna Lauren Hoffmann. 2021. Terms of inclusion: Data, discourse, violence. New Media & Society 23 (2021), 146144482095872. Issue 12. https://doi.org/10.1177/1461444820958725

[38]

Chris Jay Hoofnagle. 0. Online privacy. In Federal Trade Commission Privacy Law and Policy. Cambridge University Press, Cambridge, 145--192. https://doi.org/10.1017/CBO9781316411292.007

[39]

Chris Jay Hoofnagle, Bart van der Sloot, and Frederik Zuiderveen Borgesius. 2019. The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law 28, 1 (2 1 2019), 65--98. https://doi.org/10.1080/13600834.2019.1573501

[40]

Lara Houston, Steven J. Jackson, Daniela K. Rosner, Syed Ishtiaque Ahmed, Meg Young, and Laewoo Kang. 2016. Values in Repair. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI '16). Association for Computing Machinery, New York, NY, USA, 1403--1414. https://doi.org/10.1145/2858036.2858470

Digital Library

[41]

Global Reporting Initiative. 0. GRI Standards - English. https://www.globalreporting.org/how-to-use-the-gri-standards/gri-standards-english-language/ [Online; accessed 2022-07-09].

[42]

Lilly Irani. 2018. ?Design Thinking": Defending Silicon Valley at the Apex of Global Labor Hierarchies. Catalyst: Feminism, Theory, Technoscience 4, 1 (2018), 1--19. https://doi.org/10.28968/cftt.v4i1.29638

[43]

Lilly C. Irani and M. Six Silberman. 2013. Turkopticon: Interrupting Worker Invisibility in Amazon Mechanical Turk. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI '13). Association for Computing Machinery, New York, NY, USA, 611--620. https://doi.org/10.1145/2470654.2470742

Digital Library

[44]

Steven J. Jackson, Paul N Edwards, Geoffrey C. Bowker, and Cory P. Knobel. 2007. Understanding infrastructure: History, heuristics and cyberinfrastructure policy. First Monday 12, 6 (4 6 2007), 1--8. https://doi.org/10.5210/fm.v12i6.1904

[45]

Steven J. Jackson, Tarleton Gillespie, and Sandy Payette. 2014. The Policy Knot. In Proceedings of the 17th ACM Conference on Computer Supported Cooperative Work & Social Computing (Baltimore, Maryland, USA) (CSCW '14). Association for Computing Machinery, New York, NY, USA, 588--602. https://doi.org/10.1145/2531602.2531674

Digital Library

[46]

Steven J. Jackson and Laewoo Kang. 2014. Breakdown, obsolescence and reuse. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems - CHI '14 (2014). Association for Computing Machinery, New York, NY, USA, 449--458. https://doi.org/10.1145/2556288.2557332

Digital Library

[47]

Steven J. Jackson, Stephanie B. Steinhardt, and Ayse Buyuktur. 2013. Why CSCW Needs Science Policy (and Vice Versa). In Proceedings of the 2013 Conference on Computer Supported Cooperative Work (San Antonio, Texas, USA) (CSCW '13). Association for Computing Machinery, New York, NY, USA, 1113--1124. https://doi.org/10.1145/2441776.2441902

Digital Library

[48]

Laura Jehl and Alan Friel. 2019. CCPA and GDPR Comparison Chart. https://iapp.org/media/pdf/resource_center/CCPA_GDPR_Chart_PracticalLaw_2019.pdf [Online; accessed 2022-01--11].

[49]

Nir Kaissar. 2022. Institutional Investors Are Flexing Their ESG Muscles. https://www.bloomberg.com/opinion/articles/2022-04--13/institutional-investors-are-flexing-their-esg-muscles [Online; accessed 2022-07-09].

[50]

Tom Kemp. 2020. Comparing Enforcement: GDPR vs. CCPA vs. CPRA. https://tomkemp.blog/2020/06/04/comparing-enforcement-gdpr-vs-ccpa-vs-cpra/ [Online; accessed 2022-01--10].

[51]

Vera Khovanskaya, Lynn Dombrowski, Jeffrey Rzeszotarski, and Phoebe Sengers. 2019. The Tools of Management: Adapting Historical Union Tactics to Platform-Mediated Labor. Proceedings of the ACM on Human-Computer Interaction 3, CSCW (7 11 2019), 1--22. https://doi.org/10.1145/3359310

Digital Library

[52]

Jennifer King. 2019. "Becoming Part of Something Bigger": Direct to consumer genetic testing, privacy, and personal disclosure. Proceedings of the ACM on Human-Computer Interaction 3, CSCW (7 11 2019), 1--33. https://doi.org/10.1145/3359260

Digital Library

[53]

Laura Kocksch, Matthias Korn, Andreas Poller, and Susann Wagenknecht. 2018. Caring for IT Security. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 1--20. https://doi.org/10.1145/3274361

Digital Library

[54]

Min Kyung Lee, Daniel Kusbit, Evan Metsky, and Laura Dabbish. 2015. Working with Machines: The Impact of Algorithmic and Data-Driven Management on Human Workers. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI '15). Association for Computing Machinery, New York, NY, USA, 1603--1612. https://doi.org/10.1145/2702123.2702548

Digital Library

[55]

He Li, Won Gyun No, and Tawei Wang. 2018. SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors. International Journal of Accounting Information Systems 30 (9 2018), 40--55. https://doi.org/10.1016/j.accinf.2018.06.003

[56]

Silvia Lindtner and Seyram Avle. 2017. Tinkering with Governance: Technopolitics and the Economization of Citizenship. Proceedings of the ACM on Human-Computer Interaction 1, CSCW (6 12 2017), 1--18. https://doi.org/10.1145/3134705

Digital Library

[57]

Silvia Lindtner, Shaowen Bardzell, and Jeffrey Bardzell. 2018. Design and Intervention in the Age of "No Alternative". Proceedings of the ACM on Human-Computer Interaction 2, CSCW (11 2018), 1--21. https://doi.org/10.1145/3274378

Digital Library

[58]

Philip M. Linsley and Philip J. Shrives. 2006. Risk reporting: A study of risk disclosures in the annual reports of UK companies. The British Accounting Review 38, 4 (12 2006), 387--404. https://doi.org/10.1016/j.bar.2006.05.002

[59]

Alex Loftus and Hug March. 2019. Integrating what and for whom? Financialisation and the Thames Tideway Tunnel. Urban Studies 56, 11 (30 8 2019), 2280--2296. https://doi.org/10.1177/0042098017736713

[60]

Michael Madaio, Lisa Egede, Hariharan Subramonyam, Jennifer Wortman Vaughan, and Hanna Wallach. 2022. Assessing the Fairness of AI Systems: AI Practitioners' Processes, Challenges, and Needs for Support. Proceedings of the ACM on Human-Computer Interaction 6, CSCW1 (30 3 2022), 1--26. https://doi.org/10.1145/3512899

Digital Library

[61]

Michael A. Madaio, Luke Stark, Jennifer Wortman Vaughan, and Hanna Wallach. 2020. Co-Designing Checklists to Understand Organizational Challenges and Opportunities around Fairness in AI. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI '20). Association for Computing Machinery, New York, NY, USA, 1--14. https://doi.org/10.1145/3313831.3376445

Digital Library

[62]

Aleecia M McDonald and Lorrie Faith Cranor. 2008. The Cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society 4, 3 (2008), 543--568.

[63]

Nora McDonald, Karla Badillo-Urquiola, Morgan G. Ames, Nicola Dell, Elizabeth Keneski, Manya Sleeper, and Pamela J. Wisniewski. 2020. Privacy and Power: Acknowledging the Importance of Privacy Research and Design for Vulnerable Populations. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI EA '20). Association for Computing Machinery, New York, NY, USA, 1--8. https://doi.org/10.1145/3334480.3375174

Digital Library

[64]

Nora McDonald and Andrea Forte. 2020. The Politics of Privacy Theories: Moving from Norms to Vulnerabilities. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI '20). Association for Computing Machinery, New York, NY, USA, 1--14. https://doi.org/10.1145/3313831.3376167

Digital Library

[65]

Nora McDonald and Andrea Forte. 2021. Powerful Privacy Norms in Social Network Discourse. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (13 10 2021), 1--27. https://doi.org/10.1145/3479565

Digital Library

[66]

Jacob Metcalf, Emanuel Moss, and danah boyd. 2019. Owning ethics: Corporate logics, Silicon Valley, and the institutionalization of ethics. Social Research 86, 2 (2019), 449--476.

[67]

Milagros Miceli, Julian Posada, and Tianling Yang. 2022. Studying Up Machine Learning Data: Why Talk About Bias WhenWe Mean Power? Proceedings of the ACM on Human-Computer Interaction 6, GROUP (14 1 2022), 1--14. https://doi.org/10.1145/3492853

Digital Library

[68]

Milagros Miceli, Martin Schuessler, and Tianling Yang. 2020. Between Subjectivity and Imposition: Power Dynamics in Data Annotation for Computer Vision. Proceedings of the ACM on Human-Computer Interaction 4, CSCW2 (14 10 2020), 1--25. https://doi.org/10.1145/3415186

Digital Library

[69]

Michael Muller. 2014. Whose Values? Whose Design? (2014). http://ethicsworkshopcscw2014.files.wordpress.com/2013/10/muller-whose-values.pdf

[70]

U.S. Department of Homeland Security. 2010. Privacy Impact Assessments: The Privacy Office Official Guidance (June 2010). https://www.dhs.gov/sites/default/files/publications/privacy_pia_guidance_june2010_0.pdf [Online; accessed 2017-01-01].

[71]

Ann Morales Olazábal. 2011. False forward-looking statements and the PSLRA's safe harbor. Indiana Law Journal 86, 2 (2011), 595--643.

[72]

Anthony Onoja and Godwin O Agada. 2015. Voluntary risk disclosure in corporate annual reports: An empirical review. Research Journal of Finance and Accounting 6, 17 (2015), 1--8.

[73]

Samir Passi and Steven J Jackson. 2018. Trust in Data Science: Collaboration, Translation, and Accountability in Corporate Data Science Projects. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (1 11 2018), 1--28. https://doi.org/10.1145/3274405

Digital Library

[74]

Samir Passi and Phoebe Sengers. 2020. Making data science systems work. Big Data and Society 7, 2 (2020), 13 pages. https://doi.org/10.1177/2053951720939605

[75]

James Pierce. 2019. Lamps, Curtains, Robots: 3 scenarios for the future of the smart home. In Proceedings of the 2019 on Creativity and Cognition - C&C '19 (2019). ACM Press, New York, New York, USA, 423--424. https://doi.org/10.1145/3325480.3329181

Digital Library

[76]

Rebecca Rabinowitz. 2020. From Securities to Cybersecurity: The SEC Zeroes In on Cybersecurity. Boston College Law Review 61, 4 (2020), 1535.

[77]

Ranking Digital Rights. 2020. 2020 RDR Index methodology. https://rankingdigitalrights.org/index2020/methodology [Online; accessed 2022-07-09].

[78]

Emma Rose and Josh Tenenberg. 2016. Arguing about design: A taxonomy of rhetorical strategies deployed by user experience practitioners. In Proceedings of the 34th ACM International Conference on the Design of Communication - SIGDOC '16 (2016). ACM Press, New York, New York, USA, 1--10. https://doi.org/10.1145/2987592.2987608

Digital Library

[79]

Daniela K. Rosner and Morgan Ames. 2014. Designing for repair? Infrastructures and materialities of breakdown. In Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing - CSCW '14 (2014). ACM Press, New York, NY, USA, 319--331. https://doi.org/10.1145/2531602.2531692

Digital Library

[80]

Nikita Samarin, Shayna Kothari, Zaina Siyed, Primal Wijesekera, and Jordan Fischer. 2021. Investigating the Compliance of Android App Developers with the CCPA. Technical Report. Workshop on Technology and Consumer Protection (ConPro '21). https://www.ieee-security.org/TC/SPW2021/ConPro/papers/samarin-conpro21.pdf

[81]

Galit Sarfaty. 2013. Human Rights Meets Securities Regulation. Virginia Journal of International Law 54 (2013), 97--126.

[82]

Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (2015). 1--17.

[83]

Philipp Schreck. 2013. Disclosure (CSR Reporting). In Encyclopedia of Corporate Social Responsibility, Samuel O Idowu, Nicholas Capaldi, Liangrong Zu, and Das Ananda Gupta (Eds.). Springer Berlin Heidelberg. https://doi.org/10.1007/978--3--642--28036--8

[84]

US Securities and Exchange Commission. 2011. CF Disclosure Guidance: Topic No. 2: Cybersecurity. https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm [Online; accessed 2021-02--16].

[85]

US Securities and Exchange Commission. 2018. Commission Statement and Guidance on Public Company Cybersecurity Disclosures. https://www.sec.gov/rules/interp/2018/33--10459.pdf

[86]

US Securities and Exchange Commission. 2019. Division of Enforcement 2019 Annual Report. https://www.sec.gov/files/enforcement-annual-report-2019.pdf

[87]

US Securities and Exchange Commission. 2020. SEC Adopts Rule Amendments to Modernize Disclosures of Business, Legal Proceedings, and Risk Factors Under Regulation S-K. https://www.sec.gov/news/press-release/2020--192 [Online; accessed 2022-07-09].

[88]

Phoebe Sengers, Kaiton Williams, and Vera Khovanskaya. 2021. Speculation and the Design of Development. Proceedings of the ACM on Human-Computer Interaction 5, CSCW1 (13 4 2021), 1--27. https://doi.org/10.1145/3449195

Digital Library

[89]

Katie Shilton. 2018. Values and Ethics in Human-Computer Interaction. Foundations and Trends® in Human--Computer Interaction 12, 2 (2018), 107--171. https://doi.org/10.1561/1100000073

Digital Library

[90]

Katie Shilton, Jes A. Koepfler, and Kenneth R. Fleischmann. 2014. How to see values in social computing: Methods for Studying Values Dimensions. In Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing. ACM, New York, NY, USA, 426--435. https://doi.org/10.1145/2531602.2531625

Digital Library

[91]

Michael Skirpan and Casey Fiesler. 2018. Ad Empathy: A Design Fiction. In Proceedings of the 2018 ACM Conference on Supporting Groupwork (GROUP '18) (2018). ACM Press, New York, New York, USA, 267--273. https://doi.org/10.1145/3148330.3149407

Digital Library

[92]

Daniel J Solove. 2013. Privacy Self-Management and the Consent Dilemma. Harvard Law Review 126 (2013), 1880--1903.

[93]

Danny Spitzberg, Kevin Shaw, Colin Angevine, Marissa Wilkins, M Strickland, Janel Yamashiro, Rhonda Adams, and Leah Lockhart. 2020. Principles at Work: Applying ?Design Justice" in Professionalized Workplaces. CSCW 2020 Workshop on Collective Organizing and Social Responsibility (2020), 1--5 pages. https://doi.org/10.21428/93b2c832.e3a8d187

[94]

Susan Leigh Star and Karen Ruhleder. 1996. Steps Toward an Ecology of Infrastructure: Design and Access for Large Spaces Information. Information Systems Research 7, 1 (1996), 111--134.

Digital Library

[95]

Luke Stark, Daniel Greene, and Anna Lauren Hoffmann. 2021. Critical Perspectives on Governance Mechanisms for AI/ML Systems. In The Cultural Life of Machine Learning. Springer International Publishing, Cham, 257--280. https://doi.org/10.1007/978--3-030--56286--1_9

[96]

Luke Stark, Jen King, Xinru Page, Airi Lampinen, Jessica Vitak, Pamela Wisniewski, Tara Whalen, and Nathaniel Good. 2016. Bridging the Gap between Privacy by Design and Privacy in Practice. In Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA '16). ACM Press, New York, New York, USA, 3415--3422. https://doi.org/10.1145/2851581.2856503

Digital Library

[97]

Stephanie B Steinhardt. 2016. Breaking Down While Building Up: Design and Decline in Emerging Infrastructures. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI '16 (2016). ACM Press, New York, New York, USA, 2198--2208. https://doi.org/10.1145/2858036.2858420

Digital Library

[98]

Maddie Stone. 2021. The shareholder fight that forced Apple's hand on repair rights. The Verge (17 Nov. 2021). https://www.theverge.com/2021/11/17/22787336/apple-right-to-repair-self-service-diy-reason-microsoft

[99]

Lucy Suchman. 1993. Working relations of technology production and use. Computer Supported Cooperative Work 2, 1--2 (23 March 1993), 21--39. https://doi.org/10.1007/BF00749282

[100]

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI'21) (2021-05-06). ACM, New York, NY, USA, 1--15. https://doi.org/10.1145/3411764.3445768

Digital Library

[101]

Janet Vertesi and Paul Dourish. 2011. The Value of Data: Considering the Context of Production in Data Economies. In Proceedings of the ACM 2011 Conference on Computer Supported Cooperative Work (Hangzhou, China) (CSCW '11). Association for Computing Machinery, New York, NY, USA, 533--542. https://doi.org/10.1145/1958824.1958906

Digital Library

[102]

Jessica Vitak, Michael Zimmer, Anna Lenhart, Sunyup Park, Richmond Y. Wong, and Yaxing Yao. 2021. Designing for Data Awareness: Addressing Privacy and Security Concerns About ?Smart" Technologies. In Companion Publication of the 2021 Conference on Computer Supported Cooperative Work and Social Computing (2021--10--23). ACM, New York, NY, USA, 364--367. https://doi.org/10.1145/3462204.3481724

Digital Library

[103]

Yang Wang. 2017. The Third Wave? Inclusive Privacy and Security. In Proceedings of the 2017 New Security Paradigms Workshop - NSPW 2017 (2017). ACM Press, New York, New York, USA, 122--130. https://doi.org/10.1145/3171533.3171538

Digital Library

[104]

Christine T. Wolf, Mariam Asad, and Lynn S. Dombrowski. 2022. Designing within Capitalism. In Designing Interactive Systems Conference (2022-06--13). ACM, New York, NY, USA, 439--453. https://doi.org/10.1145/3532106.3533559

Digital Library

[105]

Janis Wong and Tristan Henderson. 2019. The right to data portability in practice: exploring the implications of the technologically neutral GDPR. International Data Privacy Law 9, 3 (aug 2019), 173--191. https://doi.org/10.1093/idpl/ipz008

[106]

Richmond Y Wong. 2021. Tactics of Soft Resistance in User Experience Professionals' Values Work. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 28. https://doi.org/10.1145/3479499

Digital Library

[107]

Richmond Y Wong, Karen Boyd, Jake Metcalf, and Katie Shilton. 2020. Beyond Checklist Approaches to Ethics in Design. In Conference Companion Publication of the 2020 on Computer Supported Cooperative Work and Social Computing (2020--10--17). ACM, New York, NY, USA, 511--517. https://doi.org/10.1145/3406865.3418590

Digital Library

[108]

Richmond Y. Wong and Steven J. Jackson. 2015. Wireless Visions: Infrastructure, Imagination, and U.S. Spectrum Policy. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15) (2015). ACM Press, New York, NY, USA, 105--115. https://doi.org/10.1145/2675133.2675229

Digital Library

[109]

Richmond Y Wong, Vera Khovanskaya, Sarah E Fox, Nick Merrill, and Phoebe Sengers. 2020. Infrastructural Speculations: Tactics for Designing and Interrogating Lifeworlds. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (2020-04--21). ACM, New York, NY, USA, 1--15. https://doi.org/10.1145/3313831.3376515

Digital Library

[110]

Richmond Y Wong, Michael A Madaio, and Nick Merrill. 2023. Seeing Like a Toolkit: How Toolkits Envision the Work of AI Ethics. Proceedings of the ACM on Human-Computer Interaction 7 (2023), 27 pages. Issue CSCW1. https://doi.org/10.1145/3579621

Digital Library

[111]

Richmond Y. Wong and Deirdre K. Mulligan. 2019. Bringing Design to the Privacy Table: Broadening "Design" in "Privacy by Design" Through the Lens of HCI. In CHI Conference on Human Factors in Computing Systems (CHI 2019) (2019). ACM Press, New York, NY, USA. https://doi.org/10.1145/3290605.3300492

Digital Library

[112]

Richmond Y. Wong, Deirdre K. Mulligan, Ellen Van Wyk, James Pierce, and John Chuang. 2017. Eliciting Values Reflections by Engaging Privacy Futures Using Design Workbooks. Proc. ACM Hum.-Comput. Interact. 1, CSCW, Article 111 (Dec 2017), 26 pages. https://doi.org/10.1145/3134746

Digital Library

[113]

Yaxing Yao, Richmond Wong, Pardis Emami-Naeini, Nick Merrill, Xinru Page, Yang Wang, and Pamela Wisniewski. 2019. Ubiquitous Privacy: Research and Design for Mobile and IoT Platforms. In Conference Companion Publication of the 2019 on Computer Supported Cooperative Work and Social Computing (Austin, TX, USA) (CSCW '19). Association for Computing Machinery, New York, NY, USA, 533--538. https://doi.org/10.1145/3311957.3359430

Digital Library

Cited By

Souza JOliveira SOliveira H(2024)The Impact of Federated Learning on Urban ComputingJournal of Internet Services and Applications10.5753/jisa.2024.400615:1(380-409)Online publication date: 21-Sep-2024
https://doi.org/10.5753/jisa.2024.4006
Efthymiou IEgleton T(2024)The Impact of Deep Fakes in Markets and EconomiesDeepfakes and Their Impact on Business10.4018/979-8-3693-6890-9.ch002(19-50)Online publication date: 13-Dec-2024
https://doi.org/10.4018/979-8-3693-6890-9.ch002
Ali WZhou XShao J(2024)Privacy-preserved and Responsible Recommenders: From Conventional Defense to Federated Learning and BlockchainACM Computing Surveys10.1145/3708982Online publication date: 19-Dec-2024
https://doi.org/10.1145/3708982
Show More Cited By

Index Terms

Privacy Legislation as Business Risks: How GDPR and CCPA are Represented in Technology Companies' Investment Risk Disclosures
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Economics of security and privacy
    2. Social aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy

Recommendations

The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular Papers

The General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
Are We There Yet?: Understanding the Challenges Faced in Complying with the General Data Protection Regulation (GDPR)
MPS '18: Proceedings of the 2nd International Workshop on Multimedia Privacy and Security

The EU General Data Protection Regulation (GDPR), enforced from 25\textsuperscriptth May 2018, aims to reform how organisations view and control the personal data of private EU citizens. The scope of GDPR is somewhat unprecedented: it regulates every ...
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o '19: Proceedings of the 20th Annual International Conference on Digital Government Research

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Human-Computer Interaction

Proceedings of the ACM on Human-Computer Interaction Volume 7, Issue CSCW1

CSCW

April 2023

3836 pages

EISSN:2573-0142

DOI:10.1145/3593053

Editor:
Jeff Nichols
Google

Issue’s Table of Contents

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 April 2023

Published in PACMHCI Volume 7, Issue CSCW1

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Meta

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
2,103
Total Downloads

Downloads (Last 12 months)1,455
Downloads (Last 6 weeks)225

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Souza JOliveira SOliveira H(2024)The Impact of Federated Learning on Urban ComputingJournal of Internet Services and Applications10.5753/jisa.2024.400615:1(380-409)Online publication date: 21-Sep-2024
https://doi.org/10.5753/jisa.2024.4006
Efthymiou IEgleton T(2024)The Impact of Deep Fakes in Markets and EconomiesDeepfakes and Their Impact on Business10.4018/979-8-3693-6890-9.ch002(19-50)Online publication date: 13-Dec-2024
https://doi.org/10.4018/979-8-3693-6890-9.ch002
Ali WZhou XShao J(2024)Privacy-preserved and Responsible Recommenders: From Conventional Defense to Federated Learning and BlockchainACM Computing Surveys10.1145/3708982Online publication date: 19-Dec-2024
https://doi.org/10.1145/3708982
Brubaker JFiesler CMadaio MTang JWong RFarzan RLópez CCardoso Llach DQuercia DMustafa MNiu SWong-Villacrés M(2024)Generative AI Going Awry: Enabling Designers to Proactively Avoid It in CSCW ApplicationsCompanion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing10.1145/3678884.3689133(125-127)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3678884.3689133
Tang XFarzan RLópez CCardoso Llach DQuercia DMustafa MNiu SWong-Villacrés M(2024)Why is Accessibility So Hard? Insights From the History of PrivacyCompanion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing10.1145/3678884.3681876(362-368)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3678884.3681876
Gray CChivukula SJohns JWill MObi ILi Z(2024)Languaging Ethics in Technology PracticeACM Journal on Responsible Computing10.1145/36564681:2(1-15)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656468
Gray CGairola RBoucaud NHashmi MChivukula SMenon ADuane J(2024)Legal Trouble?: UX Practitioners' Engagement with Law and RegulationCompanion Publication of the 2024 ACM Designing Interactive Systems Conference10.1145/3656156.3663698(106-110)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3656156.3663698
Zhou MQu ZWan JWen BYao YLu Z(2024)Understanding Chinese Internet Users' Perceptions of, and Online Platforms' Compliance with, the Personal Information Protection Law (PIPL)Proceedings of the ACM on Human-Computer Interaction10.1145/36374158:CSCW1(1-26)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637415
Malki LKaleva IPatel DWarner MAbu-Salma R(2024)Exploring Privacy Practices of Female mHealth Apps in a Post-Roe WorldProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642521(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642521
Song QHernandez RKou YGui X(2024)“Our Users' Privacy is Paramount to Us”: A Discourse Analysis of How Period and Fertility Tracking App Companies Address the Roe v Wade OverturnProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642384(1-21)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642384
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents