A report from a workshop co-organised by the Internet Society (ISOC) and the Electronic Frontier Foundation (EFF) at the 2010 Internet Governance Forum (IGF).
As countries around the world are currently reviewing their privacy frameworks, we saw this workshop as an opportunity to take a step into the next decade and critically examine the future of privacy in the online environment.
Speakers
- Joseph Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer for Oracle Corporation
- Kevin Bankston, Senior Staff Attorney, Electronic Frontier Foundation
- Rosa Barcelo, Legal Adviser, European Data Protection Supervisor
- Ellen Blackler, Executive Director, Regulatory Planning & Policy, AT&T
- Rafael GarcÍa Gozalo, Head of the International Department, Agencia Española de Protección de Datos, Spain
- Pedro Less Andrade, Senior Policy Counsel Latin America, Google Inc
- Catherine Pozzo di Borgo, Council of Europe Consultative Committee of Covention 108 (T-PD)
- Christine Runnegar, Senior Manager Public Policy, Internet Society
- Hugh Stevenson, Deputy Director for International Consumer Protection, Office of International Affairs, US Federal Trade Commission
Conclusions
It is important to emphasise in this report that considerable efforts are already being undertaken in many forums across the world to assess whether existing privacy principles remain relevant and effective in the 2010 and post 2010 environment. …
The workshop was an information sharing exercise and as such participants did not attempt to reach any consensus conclusions. Nonetheless, we wish to list here some of the points that were made during the workshop as they may prove useful in future policy discussions on privacy frameworks.
Please note that these points reflect some of the views of particular participants and are not necessarily consensus views. Further, in the time allocated, it was not always possible for participants to comment on all views that were expressed.
As these points are but a selection, we encourage the reader to read the whole report.
- In a world of global data flows and new technologies:
- privacy laws need to be harmonized (or perhaps, rather there needs to be convergence) with the aim of better adapting those laws to the characteristics of the Internet;
- international cooperation among data protection authorities needs to be improved; and
- resources need to be allocated to enforcement.
- There are some challenges to achieving broad international harmonisation because privacy is a broad subject with limited international consensus in certain areas. Indeed, even at the domestic and regional level, privacy issues are currently undergoing re-examination. Further, there are also the significicant difficulties introduced by jurisdiction and conflicts of law.
- It is important to support the open development of globally-applicable privacy standards, both technical and regulatory, to continue having confidence in the Internet Ecosystem.
- Only by multi-stakeholder collaboration will viable solutions emerge, be deployed, and maintained.
- Data protection must take into account many different rights and dovetail with other laws geared to ensuring the protection of individuals.
- New paradigms will need to be considered – for example, accountability (i.e. the obligation to put in place appropriate and effective measures to protect personal data, independently of where the information flows).
- Privacy by design is a concept of people, processes, practices and technology – privacy principles need to be embedded in the design from the very beginning right through to the end.
- There needs to be innovation and focus on usability of solutions that offer individuals control over their personal data.
- Transparency in data collection and processing is important to equip consumers so they can make informed choices, and give informed consent to the collection, use and disclosure of their personal data.
- Consent should be informed, freely given and obtained through fair means.
- Further work needs to be undertaken to inform and educate people as to how their personal data is being collected and used.
- The future of privacy should include the protection of privacy vis-à-vis the governments, and especially legal safeguards against government access to citizens’ private communications, and related communications records.