Last week, the 34th Annual Data Protection and Privacy Commissioners’ Conference was held in Punta del Este, Uruguay. The event brings together international regulators whose mandate is to uphold individuals’ rights to privacy. Preceding the official gathering of data protection authorities was The Public Voice, a daylong event hosted by an international coalition of civil organizations, with the Electronic Privacy Information Center taking the lead on organizing events this year. EFF, a part of this coalition, delivered a presentation during a panel discussion about global developments in privacy standards.
In a digital age marked by ever-increasing advancements in biometric identification, online surveillance, behavioral targeting, geolocation and other emerging technology and practices, there is a new urgency for strong standards that give individuals control over their personal information, particularly since it can be collected, aggregated, and used without their knowledge in the digital realm.
The privacy events featured discussions on the ongoing development of international standards as well as the growing threats to the fundamental right to privacy in the digital age. Below are some highlights from the civil society event and the data protection commissioners’ conference.
Strengthening EU Data Protection Regulation
At the Public Voice Conference, Article 29 Working Party Chair Jacob Kohnstamm, chairman of the Dutch Data Protection Authority, said the draft European Union Data Protection Regulation now under consideration should be strengthened. In particular, he said it was important to ensure that the concept of “explicit consent” – when data collectors get permission from individuals to collect personal information, rather than just assuming that consent is implied – is not weakened. He also said the Article 29 Working Party would issue an opinion early next year regarding a provision on “purpose limitation,” which governs how entities may use the information they collect. Kohnstamm said the draft regulation currently appears to contain a loophole that is too permissive and should be addressed.
Safeguarding Privacy in Countries with Weak Rule of Law
Speaking at the Public Voice event, attorney and human rights advocate Renata Avila, a Global Voices contributor, said the need for data protection regulations is both more acute and more difficult to obtain in Guatemala. With a fragile government that cannot even be counted on to enforce the law effectively in cases of murder, there is a particular need in Guatemala for individuals to have assurance that their personal information is not being misused or collected without their consent, especially by private security companies.
Security measures such as surveillance cameras and collection of biometric information are increasing in response to violence. All of this is occurring in a context where no specific law for the protection of personal data exists, and the dominant mindset is that any move to protect individuals’ personal rights to privacy is contrary to the goals of security.
Yes, Consumers Really Do Care About Privacy
Do consumers really care about privacy? Two speakers, Frank Torres and Brad Smith from Microsoft, addressed this question and concluded that the answer is yes, even if consumers also like the personalization that can be a product of practices like online behavioral advertising. According to a Pew research study referenced by Torres during the Public Voice Conference, 54 percent of consumers decided not to install phone apps because of concerns about sharing of information, while 30 percent uninstalled mobile apps due to privacy concerns. Smith, who spoke at the privacy commissioners’ conference, said Microsoft conducted its own research, too. “We thought it would make sense to go back & learn what consumers want,” he said. “What we found in the United States, the United Kingdom, France and Germany is that most people believe tracking goes too far.”
Surveillance Technology is Big in Africa
During the Public Voice conference, Gus Hosein of Privacy International described how shocked he and colleagues were when they started going to surveillance technology trade shows as part of the Big Brother, Inc. project to learn which governmental agencies were interested in shopping for software that has the capability to be used for repression. One notable attendee was a representative from the government of South Sudan, which became an independent state a mere six months ago. Notably, it was mostly British and German firms that were peddling the surveillance kits, he added. At the privacy commissioners conference, Hosein shared some of his research on vendors of biometric technology, which is increasingly being used in refugee camps. He noted that the UN Democracy Fund had bankrolled biometric voter registration in Benin, Cape Verde, Comoros Islands, The Democratic Republic of the Congo (DRC), and Sierra Leone. In the DRC, $40 million was spent on biometric kits while $101 million was spent for voter registration – but a leaked report revealed that inaccuracy was a glaring issue, with 700,000 double registrations.
Privacy Implications of Big Data
Security expert and author Bruce Schneier, who spoke at the Public Voice Event, said he thought more attention should be devoted to the privacy implications of big data, which makes it possible for data collectors to identify and classify individuals based on their habits. “As soon as we involve a computer, data is generated,” Schneier explained. “Data is a byproduct of socialization.” He added that the low cost of data storage has helped give rise to big data. It’s cheaper to save everything just in case it might be valuable, he said, than to figure out how to sort and cull valuable information. “That’s why we have big data.”
In all, both The Public Voice and the 34th Annual Data Protection and Privacy Commissioners’ Conference presented a rare and important opportunity for advocates working on privacy issues to convene, share information about developments in privacy standards throughout the world, and get their message across to world governments. At the Public Voice Event, EFF delivered a presentation on U.S. developments on the protection of privacy in the form of the Obama Administration’s proposed Consumer Privacy Bill of Rights framework. As we noted, there is still a long way to go before adequate standards are in place to safeguard individual’s personal information in the digital realm. But with a global coalition of privacy advocates on the case, the voice of the public interest will not go unheard.