There is something slightly surreal about discussing the merits of Binding Corporate Rules (BCRs) versus Safe Harbor, the risk-based approach to privacy regulation and the EU data protection legislative reform standing on a beach by the Indian Ocean. Mind you, engaging into deep conversation about the future of privacy and the balance between the use of data analytics and the fundamental human right to data protection while surrounded by the immensity of the star-studded southern hemisphere sky has its advantages. As a result, the 36th International Conference of Data Protection and Privacy Commissioners, held in Mauritius and impeccably hosted by the local data protection office last week, was an extremely productive and revealing event.
This annual gathering of regulators and other movers and shakers of the privacy world has become a reference point in terms of debating key public policy issues and coordinating regulatory strategies and actions. Given how active things are at the moment, this year's conference did not disappoint. The quality of the discussions and the participants was top-notch, and I would highlight the following items as particularly relevant to privacy pros around the world:
- Data Protection as an Enabler: The fact that this year's event took place on a remote island on the east coast of Africa was not a coincidence. Mauritius is an example of a country in the developing world that is looking at the transformative role of technology to prosper and bring success to its people. This vision, which is being replicated in many other parts of the world, aims to position the country as a hub for technological investment and development. An important part of this agenda involves having the right regulatory framework to protect information and people's digital lives. As privacy professionals, we should be inspired by this approach and see ourselves as enablers in a similar way.
- Enforcement Cooperation: As with all other international privacy commissioners' conferences, Mauritius served as a forum to reaffirm the need for a global cooperation strategy among regulators. This aim was articulated through an ambitious resolution on enforcement cooperation, which will lead to further work focused on exploring practical options and opportunities for greater coordination of enforcement efforts. In other words, expect enforcement actions with a global flavour.
- Focus on Big Data and the Internet of Things: These are no longer buzzwords. Privacy regulators from all over the world are very aware of the implications of big data and the Internet of Things. Many of these implications are seen as beneficial and even exciting, but regulators also worry about the dark side of technological developments that feed off an ever-increasing amount of personal information. Given the level of regulatory attention that big data and the Internet of Things are getting at the moment, we can rest assured that our professional involvement will be much needed as these developments grow and become more pervasive.
- Cross-Border Data Flows Still a Top Concern: The fact that the roles of Safe Harbor, the APEC Cross-Border Privacy Rules and BCRs provoked some of the most heated debates of the entire conference shows why this issue is a tough nut to crack. The reality is that in the same way data travels free across networks, the legal restrictions affecting such data flows will remain present in the data protection frameworks of most jurisdictions. How to overcome these restrictions has become a daily challenge that will continue to feature at the top of our to-do lists.
- Politics Will Continue To Play a Role: From international surveillance to the EU "One-Stop Shop" concept, understanding the politics affecting privacy-related legal developments is essential because law does not operate in a vacuum. This is very visible in an area like privacy and data protection because of its impact on national interests and democratic values. Privacy pros must acknowledge this reality and apply as much pragmatism as possible whilst aiming for what they believe is right.
Perhaps the greatest lesson from the International Conference of Data Protection and Privacy Commissioners is the fact that despite the great diversity of our world, of which Mauritius itself is a magnificent example, and no matter how remote a place is, taking every opportunity to debate in a constructive way how to get privacy and data protection right at a global scale is a sure way of making progress.
photo credit: carrotmadman6 via photopin cc