If you're talking to European Data Protection Supervisor Giovanni Buttarelli about the International Conference of Data Protection and Privacy Commissioners he's about to co-host, he's got a long list of reasons why it's not to be missed, including the impressive list of speakers he's assembled and what projects to be an all-time high in attendees. But even more important, to his mind, are the issues the conference will cover and the global consensus he aims to achieve. Especially on the nexus joining data protection and ethics, now and in the near future.
At the four-day conference to be held in both Brussels, Belgium, and Sofia, Bulgaria, Oct. 22-26, Buttarelli and his co-host, Ventislav Karadjov, chairman of the Bulgarian Data Protection Commission, will welcome more than 120 data protection authorities from around the globe, and more than 180 representatives of civil society, in an aim to address "Dignity & Respect in Data Driven Life."
Buttarelli, who's been pushing for progress on where industry stands ethically for some time now, sees this year's conference as the prime opportunity to put it all out on the table. After all, it wasn't so long ago that the world learned of Facebook's relationship with Cambridge Analytica, arguably an ethical misstep that rocked even the apathetic internet users among us.
"The revelations about Facebook and Cambridge Analytica only confirmed my fears," the EDPS says.
Just because companies have, to date, had the power to use data in ways that aren't always apparent to the user, in ways that the user might object to if only they understood what was happening behind the scenes, must it be that way in the future?
"We are all forced to administer our entire lives by a smart tablet, a computer, in a 'take it or leave it' perspective," Buttarelli says. Just look at all the notices consumers started to receive once the GDPR was effectuated, as companies scrambled to gain consent from users to continue business as usual; inboxes globally were flooded asking recipients to click "yes, I consent. Keep me on your mailing list so I can continue to get the benefit of your service." But is that the way companies should continue to operate? Buttarelli isn't sure about that.
"Legal compliance is one thing," Buttarelli says. "But the deeper question is whether commerce behaviors are sustainable, whether they harm people rather than help them."
Despite his ambitions, Buttarelli understands it's a tenuous time to be getting into the weeds on ethics. The world is still adjusting to the GDPR era, after all. Don't privacy professionals have enough on their plates?
"When I started launching this debate on big data and an ethical framework," he recalls, "I heard reactions from many colleagues, like, 'Why are you doing that in the GDPR year?' And businesses were getting nervous about additional rules."
But Buttarelli is convinced the time is now, because even if a company is fully compliant with the required legal frameworks, the technology we haven't even imagined yet won't be governed by them. This is the age of artificial intelligence, after all.
"I think the challenges of the future," he says, "require an analysis about what is morally tenable and not only what is legally sustainable."
Buttarelli explains that "ethics" aren't something to be created; the sense of right and wrong lives inside each of us and guides our decision-making. But the stakes of the game are getting higher now, given the advent of artificial intelligence and other technologies, and so rather than letting each of our own ethics guide decision-making, "We believe we need to build a sustainable consensus now."
But is it possible to build consensus on something like ethics, which can be both personal to an individual and culturally influenced? After all, the conference will host delegates and data protection authorities from around the globe.
Buttarelli thinks it's possible and points to the work that's been done on interoperability frameworks as proof, as well as the fact that 127 countries around the world have come passed "GDPR-like or GDPR-lite rules" in the name of everyone getting along.
"We now have much more convergence than we expected, something similar may happen on ethics," he says. "Artificial intelligence is global, so I think certain principles and objectives and thresholds may be easily shared."
But what he's after doesn't necessarily mean coming up with a "code" of ethics for the privacy profession, he says.
"We do not need a substitute for existing laws, perhaps we may complement existing laws," Buttarelli theorizes. "Ethics could be a driver for something new compared to self-regulation or co-regulation, but first we need to clarify what the values and the principles could be. First of all, we need to have something that has human beings at the heart," adding that the most vulnerable among us, including children and migrants, should be especially protected.
In the end, Buttarelli just hopes the conversation at the ICDPPC advances the cause; pushes the needle a bit:
"Everyone will go home with their own concerns, but I will be satisfied if at the end, everyone will say, 'It has been a good idea to have such a debate.'"