A Year of Privacy Discussions: Looking Back and Forging Forward

Hard for me to believe, but it’s now been a year since we rolled out Perspectives, our very first blog here at the IAPP. As an organization, we were veering into uncharted territory, but our ultimate purpose was and continues to be to provide a forum for the difficult or practical or funny or just plain outlandish privacy conversations to play out.

Just before Christmas, we posted our top ten blog posts of 2013—all based on page views. But now that a full calendar year has gone by, I thought it worth looking back with a bit more nuance.

A lot of stories were told during this last year—166 to be exact—ranging from the hilarious to the serious to the practical. And driving many of these stories were privacy news developments that will resonate for years to come.

The News Breakers

Early 2013 started with a sad note. The passing of pioneering privacy scholar Alan Westin was a huge loss for our community. Luckily, his influence is all around us.

And, perhaps one of the biggest topics on the mind of many privacy pros early on in 2013 was the state of the proposed EU data protection regulation. Were the EU and U.S. going to find a way to get along?

In his first post for Perspectives, Wilson Sonsini’s Christopher Kuner put the EU-U.S. privacy relationship this way:

For someone who has received his legal education in both the EU and the U.S., and has long worked in both worlds, the current political skirmishes between the two concerning the proposed EU data protection reform have been both entertaining and disappointing. Entertaining, since observing the two largest political and economic entities in Western world engage in a game of one-upmanship over which has the best system for privacy and data protection can often be amusing. Disappointing, because it is obvious that each side has an imperfect understanding of each other’s system, and because the energy they have been putting into such tit-for-tat battles could be better spent trying to reach an accommodation between them.

By May, Kuner described a tense conversation between a U.S. company representative and a European data protection authority.

Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!

DPA: It is your technology that has to adapt to our legal system, not the other way around!

And these tensions existed prior to the Summer of Snowden!

Yet, before the world became better acquainted with the NSA’s surveillance programs, we here in New England, and those of us in the office, were struck by the senseless events at the Boston Marathon. My colleague, Jennifer Saunders, had the right words for such a shocking time. It was a day to “put privacy aside.”

With personal perspective in check, the booming digital economy and all the information flows and privacy concerns that go with it, kept churning.

And then an unknown government contractor came along and turned the privacy world on its head. By far, the privacy news bombshell of the year, the NSA disclosures and their effects ripple as strongly today as they did last June.

With memories of the Marathon bombing still fresh and these new leaks showing the extent to which U.S. intelligence spied on individuals, I wrote about the tough choices between balancing security and personal privacy and information sharing with data protection. Since then, “Snowden” has appeared in 23 Perspectives posts and “NSA” in 38.

Peter Swire was the first to provide reaction to the Snowden disclosures on Perspectives by calling on the newly “stood-up” Privacy and Civil Liberties Oversight Board (PCLOB) to make investigating these surveillance programs a top priority. Well, the PCLOB did make such an investigation a priority, and just last month, declared its opinion that the phone metadata programs are illegal. Swire was also later appointed by President Barack Obama to help put together a set of recommendations on U.S. intelligence gathering.

Eduardo Ustaran followed suit and gave us a European perspective, assessing its impact on EU-U.S. data flows. If you thought it was difficult before, things went from an “exasperatingly awkward challenge” to a “massively distorted” debate post-PRISM. He later expressed caution after the LIBE Committee recommended data flows out of Europe cease.

And Steptoe & Johnson’s Jason Weinstein brought up the contentious cloud provider issue, while, in his post on The Brussels and Warsaw Privacy Peace Talks, Hogan Lovells’ Christopher Wolf kept us abreast of the latest developments between the EU and U.S. He also didn’t mince words when wondering aloud if the LIBE Committee had just “torpedoed” the Safe Harbor.

The Snowden revelations also gave us our first point-counterpoint from the Center for Democracy & Technology’s Justin Brookman and George Mason University’s Adam Thierer.

Andrew Clearwater pointed out in one of his posts that the revelations now place another layer of pressure upon tech companies to either comply with government subpoenas or sever the trust of their customers. (I’m also proud to say this post included our first animated GIF.)

The NSA news also prompted Mozilla’s Alex Fowler to pen an open letter to privacy professionals calling for a code of ethics:

As privacy professionals, do we have ethical obligations to the people whose data is our professional responsibility, or only to our employers? How do we handle conflicts of loyalty that arise? Does public safety trump privacy in every case and in any circumstances? Do we have obligations to report—even secretly, under legal requirements—our objections?

The Privacy Profession

K Royal, of Align Technology, also asked whether privacy professionals should carry a code of ethics—a question that perhaps doesn’t have a clear or easy answer. But as a professional organization there is nothing we take more seriously than the privacy profession. And in this past year, we’ve received insightful analysis and thoughts on becoming and charting a career as a privacy pro.

Take, for example, Emma Bulter’s post on “What Makes a Good Privacy Professional?” or Phil Lee’s explanation of “Why I Became a Privacy Professional—And What Privacy Means.” Not only has this been a forum to share these most fundamental constructions of the privacy profession, there have also been opportunities to share experiences while on the job.

Royal, for example, shared her experience leading her company’s charge into Binding Corporate Rules, or what the heck you should do if you get an investigatory letter from the Office for Civil Rights. Mary Ellen Callahan let us into her “whirlwind excursions” around the world to discuss privacy.

And with experience, also comes other helpful tips.

Avepoint’s Dana Simberkoff, not long after the other big privacy news event—the Target breach—shared with us top data privacy tips. Similarly, the Online Trust Alliance’s Heather Federman, “in honor of the 2014 Data Privacy Day,” gave us 14 tips to create a data incident plan. Omer Tene and Marc Groman shared top tips on the protection of privacy for small- to medium-sized businesses.

With so many breaches stemming from thumb drives, Daniel Horowitz reminded privacy pros, “The bottom line is that organizations that collect personal information need to have mature privacy programs, which includes proper policies and procedures, and also fully functional enforcement mechanisms.” Others, including Intel’s Ruby Zefo and Wiley Rein’s Kirk Nahra, delved into the privacy issues around your co-workers and employees.

Marty Abrams has shared two over-arching posts for the privacy profession on the importance of accountability, and just this week looked at the debate between compliance and strategy, arguing that the privacy office needs to take part in a strategic development.

As Abrams pointed out, the profession is changing. R. Jason Cronk asked if 2013 was the year of the privacy engineer, while Peter Swire and his wife Annie Anton called on privacy lawyers and engineers to get along.

Allen Brandt shared ideas on creating user-friendly privacy policies, while Michael Bruemmer debunked perceived myths about cyber insurance. And for the public sector, Westin Research Fellow Dennis Holmes gleaned six practical privacy tips from the Department of Homeland Security annual report. No small task, I assure you.

The Research

The value of the privacy profession has been further bolstered by the invaluable research of Dierdre Mulligan and Kenneth Bamberger with their “Privacy on the Ground” series. They were kind enough to share three installments of their work with us in 2013.

The in-depth research of Ilana Westerman and the folks at Create with Context (CwC) has also been serialized on Perspectives. Through detailed and creative research on consumers, CwC helps examine consumer attitudes toward privacy and explain what privacy professionals can do within their organization to tailor organizational needs with gaining the trust of their customers.

And privacy has far-reaching consequences beyond the protection of personal data. We saw this with the thoughtful take from Cherri-Ann Beckles on the consequences of implementing the Right to be Forgotten on research and archiving.

Creative research was also on display by Karen Levy and her work on relational data and how data is shaping our most intimate relationships.

The Social Stuff

And this rise of digital technology and the social web is fundamentally changing the way we interact with one another. Whether we’re talking about netiquette or social media experiments or how our personal privacy disclosures affect the privacy of others, however you slice it, difficult questions are being asked, debated, played out and answered.

Hate speech and online anonymity are proving to be a difficult balancing act. We want some modicum of anonymity online, but too much allows hateful people to hide behind a mask. Trolls are everywhere, ready to set in motion damaging photos out of hatred and ignorance. The work of some has even caused people to lose their jobs or scramble to reconstruct their online reputation.

And what about social media in highly regulated organizations like hospitals or financial institutions? Valita Fredland helped tackle the healthcare issue with some unorthodox thinking.

And, as Stanley Crosley reminded us, let us not forget what we can learn about privacy from our children.

The Debate

With shifting social norms, and a new generation being raised in the 21 century, the rise of the Internet of Things and Big Data are creating robust and very necessary debates. And regulators are paying attention. In recent weeks, we’ve featured posts from the New Zealand Privacy Commissioner’s office and from Interim Privacy Commissioner of Canada Chantal Bernier. And several contributors have debated who the de facto privacy regulator is here in the U.S. (here, here and here).

Businesses, advocates, privacy professionals and the government are all taking part in the digital privacy conversation.

The classic “privacy is dead” refrain has made its way into Perspective several times. But more specific and hugely important debates have recently been taking place regarding the role of the Fair Information Practice Principles (FIPPs).

Are ubiquitous connected devices and machine-to-machine communications diminishing the practicality of notice and consent? Some say “consent is dead” and continuing to promote it is simply dangerous. Ontario Information and Privacy Commissioner Ann Cavoukian has chimed in, noting that the FIPPs—all of them including notice and consent—are as strong and necessary as ever. Prof. Viktor Mayer-Schönberger also responded. The debate has also included the “privacy crazies” and warnings not to get “privacy twisted.”

Is privacy dead? Could Rock n’ Roll tell us something about that? For Vint Cerf, privacy is an anomaly, and Omer Tene had something to say about such a contention.

And just today, Intel’s Zefo, with certain charm and wit, reminded us that, no, it may be freakishly changing right in front of our eyes, but privacy’s not quite ready to be counted out yet.

Hopefully, as we move into this exciting and challenging future—fraught with complex international frameworks, surveillance and civil liberties concerns, incredibly smart and predictive technology and changing laws and social norms—such a debate and conversation will continue.

And to all of you who have contributed, thank you. To those of you who would like to contribute, please reach out. I look forward to working with you all on this ongoing and important conversation.

photo credit: mortimer? via photopin cc

Written By

Jedidiah Bracy, CIPP/E, CIPP/US


If you want to comment on this post, you need to login.
  • Ruby Zefo Feb 18, 2014

    Nice roundup, Jed.I like the blog and am glad you started it. PS: anyone who wants a dose of my "certain" wit is invited to share a bevvie with me at the IAPP Global Summit.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»