Privacy is everywhere: How to deal with emerging problems?

14 Jun 2018 02:00h

Event report

This session aimed at tackling the new challenges to ensuring the protection of human rights, especially the right to privacy and the protection of personal data, that come with new technologies.

With the everyday developments of the Internet of Things (IoT), the collection of personal data and its misuse is made easier. The session discussed the issues of the ethical use of data, a privacy centric approach – the so-called ‘privacy by design’, and reflected on the new EU General Data Protection Regulation (GDPR) which became applicable on 25 May 2018. Panellists from different stakeholder groups discussed the issues from their point of view.

Ms Ceren Una(Regional Policy Manager for Europe, Internet Society) moderated the session. Mr Pearse ODonohue (Director for Future Networks, Directorate-General for Communications Networks, Content and Technology, European Commission) sent a clear message at the beginning that ‘Privacy is everywhere. In everything we do, privacy should the centre issue’. He stated that the GDPR has triggered both praise and criticism. It is important to take into account small companies in terms of compliance costs, and to ensure that everyone understands, and complies with, the privacy requirements. He noted the there is clear data that shows that trust and security are one of the biggest inhibitors of the development of the Internet in wide terms. Digital technologies have the power to facilitate better living conditions. In addition, security has to be a central part, therefore both security by design and privacy by design need to be put in place.

Ms Ani Nozadze (Head of International Relations Department at the Office of Personal Data Protection Inspector of Georgia) noted that the GDPR is trying to provide solutions from a legal perspective. She noted that this new legal regulation became necessary because of increased collection and usage of individuals’ data by companies and organisations, without them also ensuring proactivity, regulation, transparency, and accountability. Taking into consideration the challenges that come with development, including development on the legislative level, such as the GDPR and other European legislations, the data protection authority (DPA) in Georgia offers guidance and advice in the form of free consultations to companies and organisations. She said that a recent survey in Georgia showed that ’81% of Georgian citizens think that personal data protection is a very important issue’. 

Mr Jean Gonié (Digital Policy Group Director, VEON) shared a private company’s point of view, and noted that privacy has became a top priority for everyone, including companies, telecoms, banks, hotels, etc. He stated that compliance is about accountability, and privacy is about demonstrating trustworthiness. Companies have to be in a position to clearly show that what they are doing is the right thing for their users, otherwise their work becomes ‘useless’. 

Mr Jörn Erbguth (University of Geneva, Geneva School of Diplomacy) advised against putting any personal identifiable information in plain text on blockchain. As for ensuring privacy on blockchains, he mentioned encryption, hash-values, zero knowledge proofs, homomorphic encryption, or specialised blockchains as some of the technologies that provide a high level of privacy and ensure privacy by design, which even an administrator cannot circumvent. ‘There are possibilities to use privacy enabling technology, even in the domain of public blockchain, which will ensure privacy even above current standards.’

Ms SusanneTarkowski Tempelho(Founder, BITNATION) said that nothing personal should ever be put on blockchains apart from hashes. She noted the difference between positive rights and negative rights. When it comes to ensuring privacy, she noted the importance of encryption and the freedom to create better software that people find useful: ‘Keep your hands off my code. Don’t make lives impossible.’ She noted that there is no radical privacy or radical transparency, but that there is plausible privacy. 

Mr James Ferron, a former UK government employee and now BITNATION employee, spoke from the audience noting that technologies are peer-to-peer and encryption enables everyone to control their own data. Within the EU there is a lot of fear about encrypted technology, however, encryption gives everyone the possibility to reclaim their privacy and sovereignty.

It was also noted by the audience that education and information are important for users to understand the importance of privacy and the issues surrounding it. 

Two youth fellows in the audience spoke about privacy. One noted that while she personally cares about privacy a great deal, a lot of her young peers do not. The second fellow noted that he takes a decision on what to share ‘with the world via any service I use. I don’t pay much attention to what I share if I agree with the Terms of Use’.