- Email: [email protected]
Privacy forum: The leading speakers disclose their fears
computer law & security report 24 (2008) 471–472
available at www.sciencedirect.com
www.compseconline.com/publications/prodclaw.htm
LSPI 2008 conference
Privacy forum: The leading speakers disclose their fears Roger Baker
There have been many discussions about the trade-offs between privacy and national security, intellectual property rights and consumer protection. The assumption has always been in favour of securing the safety of society as a whole, which has undermined a more expansive debate. Often privacy has been sacrificed in favour of political interests and as a result, the victory in favour of the security interests is achieved. However, privacy concerns go deeper and relate also to the somewhat narrow perceptions on privacy held by the public at large. Judicial handling of privacy cases has further complicated the problems, with the court often taking the government’s side when the national security interest is asserted. Many important security dimensions, such as data sharing, require more scrutiny, as the risks of abuse are significantly greater than might currently be acknowledged by public opinion, which wants to put its faith in benign government. The range of problems associated with the ever increasing power of surveillance technology in daily life has undermined the balancing process and perhaps skewed the results in favour of security above abstention. Often, the liberty interests are described in terms of individual rights which often find themselves giving way to the security interests of the State. The former is expected to defer to the Government’s perceived safety needs for society as a whole as depicted by security concerns. Privacy interest is diluted by narrow
perceptions as to the risks of such activities by the general public who often fail to reflect on the potential privacy problems that arise. To discuss these matters further the International Association of IT Lawyers and the international journal – The Computer Law & Security Report (Elsevier) – sponsored a ground breaking Special Policy Forum on September 5, 2008 in Prague at the 3rd International Conference on Legal, Security and Privacy Issues in IT. This brought to the table the various stakeholders concerned with this agenda to discuss the impacts of privacy policies, their repercussions for civil liberties, and the need to curtail Orwellian tendencies simply because the technologies now exist to bring that fictional society into reality. The following contains a summary of the key issues and conclusions reached during the Panel Discussion.
1.
The Digital Age
In this Digital Age there are endless opportunities to merge, manipulate and intermix data. How do we ensure government does not over-reach itself? How do we prevent ‘function creep’ and ‘unholy alliances’ – a dataset obtained for one purpose, but used for other purposes, whether identity cards or airline passenger information. Invasive CCTV and face-recognition
0267-3649/$ – see front matter ª 2008 Roger Baker. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.clsr.2008.09.008
472
computer law & security report 24 (2008) 471–472
result in the loss of distinction between public and private space. How do we set sensible limits? Criminal use of the Internet is encouraged by the ease of data down-loading and combining data – identity theft is the result. Whilst data security is the main concern in the Digital Age, we need to be open to new technologies and assess each objectively, sharing our conclusions and approaches between the nations.
2.
The failures of government
There are failures to safeguard public data, despite security standards being widely promoted and adopted. Such ‘cognitive failures’ result in unreasonable disclosure. And yet, where a right to access can be substantiated to personal medical files of deceased relatives for example, there can be denial of access. ‘A rule meant to protect the citizen is abused to do the opposite.’ The Data Retention Directive puts the responsibility on ISPs because it is convenient, not because it is appropriate.
3.
Education, culture and the generations
Privacy requirements vary by culture and generation. The Facebook generation are younger, either more confident or more naı¨ve, for example when confronted by employer access to sensitive personal data. ‘Maybe we care too much’ as a result of earlier generations’ experiences of privacy abuse and totalitarianism. The new generation has a different outlook and mindset.
4.
Privacy governance
Data Protection’s focus is on personal data processing with old style registers. However, most corporate clients view existing data privacy legislation as expensive and burdensome – ‘like sand thrown into the bearings it restricts progress.’ Is it a fool’s errand to provide an over-arching privacy regulator role? The trend is to avoid law courts, reduce costs and get quicker resolution through complaint and mediation. Perhaps it is better to adopt a sectoral focus like the USA, e.g. finance, medical. Are simpler rules required? The key question remains ‘What sources of law to apply to Privacy?’ The old constitutional approach does not work in the Digital Age. Do we need to return to Locke? The panel agreed that relevant issues had been identified and it was important for the findings of the discussion to be communicated into the broader policy debate. Report by Roger Baker ([email protected]) Report Correspondent Panel Contributors ECHR Judge Dragoljub Popovic Professor Steve Saxby Professor Richard de Mulder Professor Jon Garon Professor Michael Birnhack Hana Gawlasova, Partner, Linklaters Mr Roger Baker, Chaucer Consulting Mr Josef Prokes (DPO – Prague), Head of the Division of Legislation and EU Law, Czech Data Protection
Forthcoming event
available at www.sciencedirect.com
www.compseconline.com/publications/prodclaw.htm
LSPI 2008 conference
Privacy forum: The leading speakers disclose their fears Roger Baker
There have been many discussions about the trade-offs between privacy and national security, intellectual property rights and consumer protection. The assumption has always been in favour of securing the safety of society as a whole, which has undermined a more expansive debate. Often privacy has been sacrificed in favour of political interests and as a result, the victory in favour of the security interests is achieved. However, privacy concerns go deeper and relate also to the somewhat narrow perceptions on privacy held by the public at large. Judicial handling of privacy cases has further complicated the problems, with the court often taking the government’s side when the national security interest is asserted. Many important security dimensions, such as data sharing, require more scrutiny, as the risks of abuse are significantly greater than might currently be acknowledged by public opinion, which wants to put its faith in benign government. The range of problems associated with the ever increasing power of surveillance technology in daily life has undermined the balancing process and perhaps skewed the results in favour of security above abstention. Often, the liberty interests are described in terms of individual rights which often find themselves giving way to the security interests of the State. The former is expected to defer to the Government’s perceived safety needs for society as a whole as depicted by security concerns. Privacy interest is diluted by narrow
perceptions as to the risks of such activities by the general public who often fail to reflect on the potential privacy problems that arise. To discuss these matters further the International Association of IT Lawyers and the international journal – The Computer Law & Security Report (Elsevier) – sponsored a ground breaking Special Policy Forum on September 5, 2008 in Prague at the 3rd International Conference on Legal, Security and Privacy Issues in IT. This brought to the table the various stakeholders concerned with this agenda to discuss the impacts of privacy policies, their repercussions for civil liberties, and the need to curtail Orwellian tendencies simply because the technologies now exist to bring that fictional society into reality. The following contains a summary of the key issues and conclusions reached during the Panel Discussion.
1.
The Digital Age
In this Digital Age there are endless opportunities to merge, manipulate and intermix data. How do we ensure government does not over-reach itself? How do we prevent ‘function creep’ and ‘unholy alliances’ – a dataset obtained for one purpose, but used for other purposes, whether identity cards or airline passenger information. Invasive CCTV and face-recognition
0267-3649/$ – see front matter ª 2008 Roger Baker. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.clsr.2008.09.008
472
computer law & security report 24 (2008) 471–472
result in the loss of distinction between public and private space. How do we set sensible limits? Criminal use of the Internet is encouraged by the ease of data down-loading and combining data – identity theft is the result. Whilst data security is the main concern in the Digital Age, we need to be open to new technologies and assess each objectively, sharing our conclusions and approaches between the nations.
2.
The failures of government
There are failures to safeguard public data, despite security standards being widely promoted and adopted. Such ‘cognitive failures’ result in unreasonable disclosure. And yet, where a right to access can be substantiated to personal medical files of deceased relatives for example, there can be denial of access. ‘A rule meant to protect the citizen is abused to do the opposite.’ The Data Retention Directive puts the responsibility on ISPs because it is convenient, not because it is appropriate.
3.
Education, culture and the generations
Privacy requirements vary by culture and generation. The Facebook generation are younger, either more confident or more naı¨ve, for example when confronted by employer access to sensitive personal data. ‘Maybe we care too much’ as a result of earlier generations’ experiences of privacy abuse and totalitarianism. The new generation has a different outlook and mindset.
4.
Privacy governance
Data Protection’s focus is on personal data processing with old style registers. However, most corporate clients view existing data privacy legislation as expensive and burdensome – ‘like sand thrown into the bearings it restricts progress.’ Is it a fool’s errand to provide an over-arching privacy regulator role? The trend is to avoid law courts, reduce costs and get quicker resolution through complaint and mediation. Perhaps it is better to adopt a sectoral focus like the USA, e.g. finance, medical. Are simpler rules required? The key question remains ‘What sources of law to apply to Privacy?’ The old constitutional approach does not work in the Digital Age. Do we need to return to Locke? The panel agreed that relevant issues had been identified and it was important for the findings of the discussion to be communicated into the broader policy debate. Report by Roger Baker ([email protected]) Report Correspondent Panel Contributors ECHR Judge Dragoljub Popovic Professor Steve Saxby Professor Richard de Mulder Professor Jon Garon Professor Michael Birnhack Hana Gawlasova, Partner, Linklaters Mr Roger Baker, Chaucer Consulting Mr Josef Prokes (DPO – Prague), Head of the Division of Legislation and EU Law, Czech Data Protection
Forthcoming event