Potential Opportunities • The Lantern Program may provide insights into the presence and evolution of risks to children on online platforms, including new threat vectors, emerging types of OCSEA, etc., that may enable participants to develop early intervention processes that minimize the amount of data they collect or store for harm-detection purposes; or reduce their reliance on content moderation to identify potential threats (i.e., as a result of the availability of metadata in the Lantern Program database). Impact Factors • Severity: The scope of users that could be affected by potential adverse impacts arising from data collection, storage, and sharing associated with the Lantern Program is large, with the scale of impact ranging from least to most serious. Unauthorized disclosure of personal data contained in the Lantern database could, for instance, be associated with threats to the life, liberty, or security of affected users in some jurisdictions if individuals take “vigilante” action against users, or law enforcement agencies unduly detain affected users. Unauthorized access to the Lantern database may be dif昀椀cult to reverse if private information has already been disclosed, so impacts may not be remediable. • Likelihood: Adverse impacts on users’ right to privacy may be more likely with the Lantern Program compared to individual company processes due to increased data sharing. Increases in the amount of data collected and shared by participants may provide greater opportunities for unauthorized access to data or lead to disproportionate and/or inappropriate storage of personal data. The adverse impacts arising from the data practices of participants may be effectively mitigated by adequate data protection and privacy safeguards. • Attribution: Some privacy risks may arise as a result of the data practices of individual participants, while others may be associated with the cross-platform nature of the Lantern Program. For example, data security risks may arise as a result of the transfer or sharing of data that occurs as part of the Lantern Program. Other risks such as unauthorized access to the program as a result of hacks or breaches may be directly connected to the data security infrastructure of the Lantern Program. Data related risks may therefore be affected by, or connected to, the data protection and privacy safeguards implemented by both the Tech Coalition and participants. • Leverage: The Tech Coalition’s position as lead party in the Lantern Program enables it to provide guidance to participants on signal sharing and data practices associated with the program and review compliance with applicable privacy laws and recommended practices. However, the Tech Coalition’s leverage may be limited by the fact that privacy or data protection risks may arise on participants’ individual platforms or on ThreatExchange. BSR TECH COALITION HUMAN RIGHTS IMPACT ASSESSMENT 34