One thing’s certain in yet another watershed year for privacy: There’s been no shortage of opinion and insight on its many nuances. From the outset, the difficult questions and the bold answers to some of privacy’s most pressing and complicated issues has seared its way onto Privacy Perspectives. Nearly two years ago, we created Perspectives to be a place for you to voice your opinion, to make your thoughts heard, to add to privacy’s conversation, and this year, once again, so many of you responded.
The earliest, wintry days of 2014 brought with it the heated debate about the notice and consent model and whether it’s just high time to focus on regulating use. In this unplanned series of point-counterpoint posts—mainly between former Information and Privacy Commissioner of Ontario Ann Cavoukian and Oxford Prof. Victor Mayer-Schoenberger—serious questions about information control and the effects big data is having on the Fair Information Practices were volleyed back and forth.
But high-level debates about privacy’s future weren’t confined to the philosophical stratosphere. On the ground, K Royal answered a very straight-forward, but essential question many of you must think about: What makes a good privacy officer? Royal explains that privacy officers aren’t just compliance officers, but rather, “A good privacy officer runs the department like a successful CEO. S/he needs vision, execution, organization, candor with compassion and pragmatism.” And while, yes, compliance is a huge part of the job, privacy officers are salespeople, executives, managers, social workers, investigators, inventors and so much more.
This past year also challenged businesses and privacy pros to think about how data is used in new and previously unthought-of ways. Data ethics is becoming a hugely important component in the privacy world. This was touched upon in Trevor’s post on the popular genetics service 23andMe and “some of the fascinating questions about the ethics of choice and the value of forgetting.” The ethical use of data is making the headlines nearly every day—whether it’s Facebook’s controversial mood manipulation experiment or Uber’s “God’s view.” Businesses, government agencies and just about every organization are facing these tough questions about responsible data use. Plus, 2014 Privacy Vanguard Award winner David Hoffman, CIPP/US, discussed the dramatic change in the privacy profession and called organizations to make the data innovation pledge.
Responsible data use also requires strong data security—a resounding issue that played out in a number of posts this year on information security. It turns out, for example, that a large swath of webcams around the world—nearly 73,000 to be more precise—were vulnerable because the default setting was something as simple as “password” or “admin.” Someone recognized this vulnerability and created a website for any curious user to peruse live feeds in real time—from beaches in the tropic to a child’s bedroom. The site eventually received the attention of several data protection regulators and has since been shut down.
Default passwords were not the only popular information security topic this year. Aurobindo Sundaram, CIPP/US, reminded readers to not fall for the encryption fallacy. He wrote, “It has become fashionable these days to say, “If only the information had been encrypted.’” Like most things, the answer isn’t that simple and silver-bullet solutions are about as common as a Werewolf.
Profs. Peter Swire, CIPP/US, and Annie Anton tackled the thorny topic of finding ways to get engineers and lawyers on the same page—no small task by any means. For one, lawyers and engineers, respectively, tend to make simple things difficult. And how the heck do you code “reasonable”? Ian Oliver also brought his insight to bridging this gap.
Richard Beaumont offered an additional solution: define personal information. He notes that “while many people see the importance of a multidisciplinary approach to privacy, it is difficult to think of a true ‘privacy profession’ when it is, albeit with very good historical reasons, dominated by a language and thinking that is perhaps legal first, privacy second.”
Brooks Dobbs, CIPP/US, offered another explanation of the problem that lies at the heart of the privacy profession. “Simply stated,” he writes, “as privacy professionals, we generally believe our jobs revolve around maintaining controls for the appropriate use and disclosure of either PII or personal data, but we can’t agree on what those terms mean.”
Though the surprise factor of the Snowden leaks wasn’t as shocking to us in 2014 as it was in 2013, the Snowden effect clearly made its way into Perspectives. John Kropf discussed what he found remarkable in the National Security Agency’s Section 702 report and the creation of the first-ever Civil Liberties and Privacy Office within the agency. What was remarkable about this report? Well, I guess you’ll have to read it and see for yourself…
Surveillance culture has infiltrated the holiday season as well, in the form of a small, jolly, but, to me, at least, sinister domestic spy. Often, surveillance is paved with good intentions. And though I will always think upon my childhood Christmas experiences positively, it serves as a good reminder for all that privacy starts in the home.
Finally, but not least of all, as we near this year’s end, and look toward the future, the EU may very soon update its data protection regime, and beyond bringing EU data protection into the Internet Age, the move will have huge effects across the world. One big one could be the future of the EU-U.S. Safe Harbor agreement. In May, shortly after the EU Parliament voted to suspend the vital agreement, Eduardo Ustaran was there to give us an honest recap.
Whether we’re talking about the EU regulation, another disastrous hack, or some other issue yet to be defined, 2015 should provide ample opportunity for you to chime in—either with your own post or comment on someone else’s. Don’t hesitate to contact me if you’re interested: firstname.lastname@example.org
If you want to comment on this post, you need to login.