Category: Data rights

New Report: Future of Memory Safety

In October 2022, Consumer Reports hosted an online convening to discuss ways to encourage widespread adoption of code written in memory-safe languages. The event gave participants the opportunity to share resources related to memory safety, discuss opportunities and barriers in the security ecosystem, and to brainstorm potential solutions to memory access vulnerabilities that exist in products across the marketplace. Roughly 60

How we’re thinking about the impact of your data rights requests

Managing your privacy is time-consuming. That’s the whole reason we started Permission Slip, a service to help consumers send data rights requests to hundreds of companies. We’re constantly trying to figure out how to help everyday people get the most out of any privacy action they choose to take.What action makes an impact?Privacy actions affect each person differently. In order

Data Rights Protocol: 2022 Year in Review

As we approach the end of the year, we’re excited to share some updates on the progress of the Data Rights Protocol (DRP) initiative in 2022. This year we released version 0.6 of the protocol and mapped out both conformance testing and interoperability roadmaps to reach version 1.0. Our latest release includes updates to the data model and begins to

Securing a common protocol for consumer data rights requests

I started working on privacy in 2017 when I joined a payments company called Stripe as a security engineer and helped us implement compliance with the EU’S GDPR. Since then, American companies have built increasingly complex and bespoke systems in order to comply with not just the GDPR but a spreading patchwork of domestic privacy laws like California’s CCPA.Under these

Introducing OSIRAA, a Test Suite for the Data Rights Protocol

Today the Innovation Lab is thrilled to launch a new testing app for the Data Rights Protocol: OSIRAA v0.5. The app is available on GitHub and ready for collaborators to use. OSIRAA stands for Open Source Implementers' Reference of an Authorized Agent. Members of the DRP consortium can use this app to test their implementation of the Data Rights Protocol,

Opportunity: Security Engineering Support – Data Rights Protocol

We’re seeking a security engineer with a passion for privacy to contract with the Digital Lab team. This is a remote consulting opportunity for a seasoned engineer who wants to work on an open standards project and cares about advancing digital rights in the United States.   Scope: You will be supporting the security development of the Data Rights Protocol.

First End-to-End Test of Draft Data Rights Protocol Completed Successfully

Yesterday Ethyca, Incogni, and Consumer Reports’ Digital Lab successfully conducted the first live end-to-end interoperability test of the Data Rights Protocol.  The Data Rights Protocol (DRP) is a technical standard for exchanging data rights requests under the California Consumer Privacy Act (CCPA). First announced at an MIT Media Lab in October 2021, the protocol is being co-developed by a consortium of

Three Speculative Futures for Consumer Data

Image by Iris Lei for Popular Science How might we change the way our data is used so that we, as consumers, have more choice in building our future? While this is a fundamental driver of the Digital Lab’s work, it can be difficult to visualize all the ways that novel uses of consumer data could transform our lives. But

Findings from helping 104 consumers access their own data from companies

"Cyber Specialists" by Khahn Tran is licensed under CC BY 4.0Companies collect and store a lot of data about us. Aren’t you curious about what they know? Seeing the data that companies have about us can help us make better choices about our privacy, discover and correct errors that impact our experience or identity, make sense of our experiences online, identify weak

Data Rights Protocol and Global Privacy Control

Consumer Reports’ Digital Lab recently announced the Data Rights Protocol (DRP), a cross-sector initiative that seeks to standardize data rights requests with a common protocol. This draft standard  streamlines and formalizes the components of a data rights request and is a missing piece of the privacy stack; such a protocol would allow for more consistency and efficiency for both consumers

View More