There’s no doubt that issues of privacy are a hot topic at the moment. We’ve all seen recently how the effectiveness of super injunctions to protect the privacy of the super rich has been diluted by tweets (and twits) on Twitter. Does this mean we should now abandon our traditional approach to privacy protection, and live in an open and unregulated technological world? Ryan Giggs almost certainly doesn’t think so. And nor does Stephen Deadman, Group Privacy Officer at Vodafone…….although for different reasons!
In May, the chairman of Google, Eric Schmidt, clashed with the French President, Nicolas Sarkozy, when he said that governments should not try to regulate on privacy and copyright issues because technology changes too fast and will resolve these problems itself. Mr Sarkozy on the other hand is keen to establish a new legal framework to bring some order to the Internet.
To understand the context for the current debate we were taken on a technological journey back through time. The world was a very different place in 1890 when there was concern that instantaneous photographs had ‘invaded the sacred precincts of private and domestic life’. 1965 saw the introduction of the IBM 360 computer and a change in the way that data and information could be handled. This created new privacy risks for individuals and stimulated the call for new data protection regulation. The European regulatory response was the Data Protection Directive in 1995 and the Telecom Privacy Directive in 1997.
The building blocks of the current regulatory framework were established at a time when only 18% of the EU population had access to a PC, only 4% had a mobile and just 1% had access to the Internet. Contrast that with the world today when access to the Internet and a mobile phone has become a reality of everyday life for most people, and when there are more than 500 million active users on Facebook. It’s quite a contrast. The information landscape has evolved so much that the question which has to be asked is: ‘Is our 1995 approach still fit for purpose’?
Of course the law has always been reactive to, and some may say has struggled to keep up with, developments in technology. This is no different in the context of privacy and data protection where technology has given rise to new challenges for the protection of privacy. Where mobile phones are concerned, there are many different industry participants, all of whom may have access to, or may control, the data. These range from network operators and device manufacturers to application store providers and application developers. Just how do you protect privacy in a global, connected and open mobile web?
Stephen advocated three principles for a new regulatory framework:
(a) the current data protection framework assumes that ‘data subjects’ are passive, but the technology means that they have now been replaced by active ‘data citizens’ for whom there should be new regulatory objectives such as control, responsibility, media literacy and social policy;
(b) the concept of ‘data controller’ is no longer enough to capture all of the organisations which need to be the subject of regulation – there needs to be a shift from regulating data handling to focusing on the regulation of ‘platforms’ (such as Facebook and Google) through privacy-by-design principles; and
(c) regulators need to explore new methods of enforcement with networks and platforms taking a more active role in regulating dependent service providers, developers and users.
We are now all participants in a complex ecosystem in which there is a high degree of interdependence and current privacy regulation struggles to influence many parts of that ecosystem. In Stephen’s view, a new regulatory framework is required which will spread privacy norms and values more widely and more deeply, whilst at the same time creating greater trust amongst industry participants across the entire ecosystem.
The organisers of the event are to be congratulated on managing to arrange a talk on what is undoubtedly a topical issue at the moment. To consider issues of privacy in the context of developments in technology was both interesting and thought provoking. Clearly there are no easy answers. Stephen Deadman certainly believes that there needs to be a new or ‘second generation’ regulatory framework that will protect privacy values without compromising innovation and technological growth. And listening to the talk, I was convinced as well.
Was that Ryan Giggs taking notes at the back……?