The evolving laws and rules around privacy, data security, and robots

Every day, we use digital devices and web services to shop, track our fitness, chat with friends, play games, check-in at stores and restaurants, you name it. While these activities are becoming increasingly essential in our digital society, they also can put our personal information at risk, says professor Woodrow Hartzog, whose research focuses on privacy, data protection, robotics, and automated technologies.

Hartzog, who joined Northeastern's faculty this fall with joint appointments in the School of Law and the College of Computer and Information Science, focuses on the complex problems that arise when personal information is collected by powerful new technologies and then stored and disclosed online. "Information is power, and when other people collect it they have power over us and that leaves us vulnerable," he says.

An important aspect of this discussion is that people often consent to their information being collected and shared. You know, those user agreements we don't read when downloading new apps or creating online accounts. But, in his forthcoming book, Privacy's Blueprint: The Battle to Control the Design of New Technologies, Hartzog argues that social media apps, surveillance technologies, and the internet of things are built in ways that make it difficult to guard personal information—and the law says this is OK because it is up to users to protect themselves.

Hartzog pushes back on this state of affairs, saying that the law should require software and hardware product developers to do more to respect user privacy. Too often, he says, popular digital tools are designed to expose people and manipulate users into disclosing personal information. "We currently treat 'user control' as the primary way we legitimize data collection and use," he says. "The rules on data security revolve around us having that control. I argue there are other frameworks lawmakers should embrace, like rules for the design of information technologies."

Hartzog's scholarship focuses on privacy and data protection, with a particular emphasis on where law and technology intersect around these matters. He has testified twice before Congress on data protection and data security issues, and his work has been published in numerous scholarly publications and across media outlets such as The Guardian, Wired, BBC, CNN, Bloomberg, New Scientist, Slate, and The Atlantic.

Hartzog also studies the legal implications and rules surrounding human-robotic interaction, from consumer robots people bring into their homes to companies' automated customer service "chatbots" people encounter via phone, online, and in person. He has written extensively on law and policy issues related to robotics, including how people's interactions with robots that look like humans may differ from those that don't. Hartzog will explore these topics at a public discussion with MIT researcher Kate Darling on Sept. 11 at the Museum of Science in Boston.

Prior to Northeastern, Hartzog served as a professor of law at Samford University. He previously held visiting professor appointments at the University of Notre Dame and the University of Maine's law schools, respectively, and has been an affiliate scholar at Stanford Law School's Center for Internet and Society since 2010. His experience also extends beyond academia, as he's worked as an attorney in private practice, as a trademark attorney for the United States Patent and Trademark Office, and as a clerk for the Electronic Privacy Information Center. He holds bachelor's and juris doctor degrees from Samford University and he received his doctorate in mass communication from the University of North Carolina at Chapel Hill.

Hartzog is eager to bring his multidisciplinary background to his teaching and research at Northeastern. His passion to study privacy and data security is driven, in part, by his desire to find law and policy solutions around data security that understand humans are human, and we make mistakes. He's acutely aware of his own foibles, noting that his email account was compromised a few years ago likely because he used the same simple password for multiple online accounts—something he knew better than to do. As he puts it, "I study this for a living, and I make these mistakes too."

"Now that so much information about us is preserved and searchable, the cost of making mistakes is much higher," Hartzog adds. "I made mistakes as a kid that helped me grow, and you need to be able to leave things in the past to function as a human. People today shouldn't be disproportionally punished for all their mistakes just because they are available."

Explore further: Find out how much privacy you compromise with every click