Privacy and data protection board disbands, prompting concerns on policy revisions

A UCLA board dedicated to privacy and data protection has silently disbanded, leaving students with fewer outlets to provide direct input to policy changes.

The UCLA Board on Privacy and Data Protection, composed of students, faculty and administrators, reviewed policies, established standards and resolved conflicts concerning privacy and technology. However, the board stopped meeting in 2018 after 13 years of activity, said Kent Wada, UCLA chief privacy officer who led the board.

In fall 2018, the Undergraduate Students Association Council appointed fourth-year computer science student Mitansh Shah as an undergraduate student representative. However, Shah was unaware that the board was not meeting anymore.

“I’m still not entirely sure what the status of the board is,” he said.

The board was never formally disbanded, but has not met in over a year, Wada said.

“It was a board of around 22 people, and it was becoming unwieldy to schedule a meeting of that many people,” Wada said. “Trying to schedule a meeting was a project in and of itself, and that was sort of a practical issue.”

The board reviewed topics such as the controversial Policy No. 133, which details UCLA’s security camera system. Although the board saw an early draft of the policy, a recently revised draft plans to implement facial recognition software to security cameras across campus. The revised policy has prompted concern from students over privacy and data protection and was never reviewed by the board.

In the past few years, several new committees have absorbed the Privacy and Data Protection board’s responsibilities. One of the central new committees is the IT Governance and Oversight Board, which consists of a smaller, more centralized team. The smaller structure makes functionality easier, Wada said, but no students serve on the board.

“There were multiple other committees that were new that were taking up some of these issues that used to be taken up by some of these more general, jack-of-all-trades committees like (the) Privacy (and Data Protection) board,” Wada said. “It has the overall effect of lessening the need for one generalist committee.”

However, none of these boards have student representatives who provide direct input in the same way as the Privacy and Data Protection board, Wada said.

Shah said the Privacy and Data Protection board served as an environment in which students, faculty and administrators could discuss issues relating to privacy and data protection.

“The fact that such an environment may not be around at this time is a pretty big concern,” Shah said.

Sam Ryklansky, who graduated in 2019, was the last undergraduate student representative to serve as an active member of the board. He added that he felt his opinion was valued and listened to during the revision of the Policy No. 133 draft.

“My presence on the council was more of them asking me, ‘Oh, what would the students think about this?’” he said.

The board only met once during the 2017-2018 school year when Ryklansky served.

“I definitely feel that people there may not have fully grasped the implications of the technology they were discussing,” he said. “They were discussing more about how to use (facial recognition) in helpful situations, for example, a shooting event. There was not much talk toward how you could potentially misuse the technology, for example, profiling people of color.”

An interim version of Policy No. 133 is in place, however UCLA is still receiving input on the potential implementation of facial recognition technology until it is adopted in early 2020, according to a UCLA website.