Wednesday, January 8, 2014

Turning our Backs on 2013

Looking back at 2013, I saw two big surprises that dominated discussions in the field of privacy. 

Privacy is all about the individual human being.  So, it's somehow fitting that the biggest privacy surprise in 2013 was created by one individual human being, the courageous whistleblower, Mr Snowden, who opened the world's eyes to the almost unimaginable scale and scope of mass government surveillance.  We'll have to wait until 2014 to learn if governments do anything meaningful to improve transparency and oversight of their spy agencies' work.  I have low expectations. 
The other big surprise of 2013 was something that didn't happen.  Europe's much-ballyhooed, and much-flawed, proposal to re-write its privacy laws for the next twenty years collapsed.  The old draft is dead, and something else will eventually be resurrected in its place.  We'll have to wait until 2014, or perhaps even later, to learn what will replace it.  Whatever comes next will be the most important privacy legislation in the world, setting the global standards.  I'm hopeful that this pause will give lawmakers time to write a better, more modern and more balanced law.  

Meanwhile, all the old trends in privacy continued uninterrupted throughout 2013.  The scale of security breaches continued to grow, with new announcements every week of major corporate and government databases being hacked by organized criminals.  More countries around the world passed privacy laws modeled on Europe's.  The US continued down its path of exceptionalism: the Federal government debated, but did not pass, any meaningful privacy legislation, but many US States actively filled the void with sweeping new privacy laws, fulfilling their historic role as laboratories of potential future Federal laws.  Technology advanced, raising new questions and igniting new debates.  Law suits and prosecutions came and went, and in my personal case, happily, mostly went.  

Whatever 2014 brings, I resolve to wake each day, like a swimmer ready to plunge into the pool, to swim through life like a frolicking dolphin, and to dive beneath the superficiality of the sargassum floating on the surface of the sea.  


Anonymous said...

Hi Peter,

As usual I may say :-) your blogs are a little subjective and ... gently provocative..
Sorry to disagree at 80% with you the proposed text is not "flawed" even if indeed it is far to be perfect.The MEP's made a lot of work summarizing thousands of amendments and listening to hundreds of experts... There is a lot of good progress into the right direction (privacy by design, accountability, BCR, no notification anymore...). There are also some significant issues to fix (I refer to the LIBE text which is the only "official" one ) such as clear definition of "one stop shop" for companies(which is not as illegal as some may think if we clearly define what it means for companies and not for data subject), less prescriptive requirements (article 13a is a gem of prescriptiveness!!) and more work on the mechanisms to make this regulation adaptable to context changes (role of EDPB, Implementing acts, delegated acts,....)and more easily implementable by private and public sectors.

In an nutshell , NO it is not dead and it must NOT be! As said before it is not perfect and most likely it will not be feasible to fix all major issues before the end of the Parliament and Commission term. Nevertheless it makes no sense to start again from scratch... The current work done by Commission, Parliament and Council is an excellent base to leverage from and it must be the priority of the future members of EU parliament and Commission.

We cannot wait much longer with a Data Protection framework which is not adapted to current and future context... The protection of citizens privacy and the mere existence (and success) of major business models and technologies are in danger...

Anonymous said...

During the extended period of time privacy issues have been in the news during 2013, I fail to understand why the U.S. Government refuses to pass privacy laws. While other countries have passed privacy laws, the U.S. continues to debate new laws. Many states are passing new privacy laws, while the U.S. Government sits back and watches, presumably to determine the reaction the U.S. citizens will have in consideration of these new laws. According to Ess,C. "In Digital Media Ethics" (2009)almost all email providers sends your IP address, which should be considered private and personal information, because through this address the computer that the email originated from can be identified, and from there, they can identify the owner. With the right program, placed in the wrong hands, this information could be utilized for illegal purposes such as cyber stalking, identity theft,and even locating an individual for malicious intent. In my opinion, the U.S. Government should address privacy issues making information such as your IP address personal and private information comparable to your social security number. The U.S. needs to proceed beyond just debating and pull together to enact legislation that guarantees an individuals complete privacy. I believe that tracking cookies should be opt-in and not automatic. When conducting a search on a home based computer, tracking cookies automatically share the computers location, while on a cell phone when conducting a search they will ask for permission to share your location. I believe that all devices should have this option available, where you are required to give permission to allow tracking by your location.

Jayne Kelley
Undergraduate student, Org.Development/Com.
Drury University

Ess, C.,(2009. Digital Media Ethics. Polity Press. Malden,MA