Sunday, February 17, 2013

Don Quixote

Re-read Don Quixote as you follow the debate about revising Europe's privacy laws. Is it more noble to pursue the glory of fantasy over the indignities of the real world? Do we want to defend an obsolete chivalric code, while the rest of the world looks on with derision?  Do we want a strong privacy law that can be operationalized or a glorious piece of literature? 
American companies are starting to freak and shriek about Europe's upcoming new privacy laws. In turn, various European politicians are publicly posturing about how all this is required to rein in American companies, while feigning resentment that American companies are lobbying for their interests in Brussels. In reality, of course, the new proposed EU laws are full of flaws, in particular imposing lots of pricey new compliance-bureaucracy obligations, and threatening minor compliance violations with absurdly-high fines in the range of 2% of a company's global turnover. But let's not let reality sully this tale. Don Quixote is defending privacy against the American-mega-corporate-privacy-slayers. Don Quixote is defending the Right to be Forgotten.
Sadly, things don't end well for the noble knight, unsettling and unsaid...American companies will come out big winners, compared to their European rivals. European companies face decades of innovation-paralysis under the new rules. American companies will just reorganize and relocate certain operations out of Europe to mitigate risk.
Like many people in the privacy profession, throughout my career, I had always thought it was sensible to apply Europe's privacy laws worldwide, in the interests of maintaining one, consistent worldwide standard. I'm changing my mind now. As the proposals to revise the privacy laws in Europe become whackier by the day, I am starting to believe that the "world" will have to watch Europe do its own thing in its own backyard, while maintaining a different, faster, more innovative pace in the "rest of world". Granted, Europe is a market that is just too big to ignore, but that's no reason why special compliance rules for it should be exported globally. No one applies Chinese censorship rules outside of China, so this would hardly be the first time that companies apply special rules in one particular country/region.
Europe's proposed rules will end up costing a lot, if you care about innovation in Europe. I'm a technophile, in the sense of believing that fast innovation is the only hope to maintain high rich-world living standards for our aging Western societies in the future. But I am troubled by how many roadblocks are being put in place to drag down the speed of innovation. Don't get me wrong: I'm all for serious privacy ethics, for privacy sensitivity, for privacy by design. But I'm not a fan of privacy-bureaucracy-drag. Europe, as one would expect, developed the world's most extreme form of bureaucracy-drag, when it invented the notion of bureaucratic "prior approval" for new technologies. That means that a new technology is dependent on a bureaucracy's prior approval before being launched. Or prior approvals for international data transfers (how absurd, in the age of the Internet!). Or prior approvals for binding corporate rules, and a thousand other bureaucratic hills and hurdles. Reality, again, is often a rather dis-spiriting affair.
Despite all its good intentions, Europe is also giving the world hopelessly vague privacy laws, sometimes enforced with criminal penalties. For example, what does it mean to impose jail time on someone for "processing sensitive personal data without the data subject's consent"? Does that justify jail time for posting a photo to a social networking site, given that a photo will reveal a person's race and sometimes health conditions (all, "sensitive" categories)? I have faced personal criminal prosecutions on flimsier privacy-law grounds than that, so these are hardly hypothetical risks. In short, Europe is making it increasingly risky to pursue innovation in the field of Big Data, in Europe.
The cynical realists will see that Europe's innovation-inhibiting privacy laws will simply drive more Big Data and Internet innovation to move increasingly outside of Europe. Will we see companies choose to move their research arms elsewhere, for example, to the US or India or Singapore? Ask yourself whether US or European companies will turn out to be more hobbled by Europe's rules? The answer is obvious: European companies will have to swallow these new rules entirely, while non-European companies can simply ring-fence their slower, less innovative operations in Europe. Companies may end up offering a series of slower, less-cutting-edge services in Europe, given the significant risks that cutting-edge data-services could be smacked with massive fines.
I say all this with sadness, as the world moves on. Who am I to deride Don Quixote's dream? Who am I to celebrate the demise of his delusions?


Unknown said...

All of the above can be said about USA too.
Why would we Europeans want to follow US laws? And why does the US goverment threaten EU and single countries within Europe to comply with US laws? Is it not to make the competion easier for US companies? Difference is EU unlike USA more protective over their citizens. Privacy is not something to be taken lightly and therefore sometimes regulators come up with more or less smart ideas. Look at DMCA or the anti terrorist laws.

Anonymous said...

I'm trying to understand why you seem to think that privacy is the same thing as innovation...?

Anonymous said...

Privacy is under fire, more now than ever. Even europe's initiative is too little, too late. What I can't understand is why privacy should styfle innovation? You're free to innovate as much as you like. However, you're not free to implement and profit upon any innovation without inhibition, which, in the face of big data, is a good thing. Don't tell me that big data is consumer-friendly, I think most of us has seen otherwise. Europe is only trying to pressure you into being polite, since that's a forgotten notion these days.
Time to realize you're a cynical profit hog.
Comment moderation. Harrumph! Figures! So you're a cynical profit hog who can't take criticism. Or at least can't let anyone see you're getting any. Indecent AND dishonest! What a great guy.

Anonymous said...

The mathematical reality is that anonymisation is technically impossible without destruction (reidentification is always possible) and the same data can be used for stuff we don't like as well as do. The stuff we do like is used to entice us into the trap of stuff we don't.

The only sensible laws that could realistically prevent abuse would require either privacy by design or massive transparency and consent in how and when something is used.

Corporations like google won't like either of these approaches because it limits their options for business models and also their taste for secrecy.

On the other hand, applying copyright to personal info maybe one way to go if people just accept personal data is necessary for business it's fine to sell it. If this data trail we all produce is so valuable, then why is it not ours? Why is it not covered by copyright so some of that value has to come back full circle to it's original creator?

People may object less to giving up privacy if it is not only the commercial surveillance companies that gain from that.

I doubt if google would like any of the options that are realistic or fair.

Anonymous said...

Why do companies use the innovation argument anyway? It makes no sense.

Innovation isn't a good thing in and of itself. It depends on what is innovated.

Is innovating a new way to increase a power imbalance a good thing for everybody? No. Only for those who gain from the imbalance.

Considering law is there precisely to reduce power imbalances and abuses of them, innovation is a stupid argument to use without qualification.

Anonymous said...

I sure would like to see some innovation that increases the default level of privacy on the internet and elsewhere. Privacy always is presented as the tradeoff that must be sacrificed in the name of innovation, security, profit, convenience, freedom of speech, etc.
I would love to see someone in a position of power in some of these major corporations to whom privacy was actually important. And I don't mean important in the same sense that fraud is important to banks.

Anonymous said...

Seems to me that true innovation wouldn't take its first hold in the dystopia of 1982's ideas of watching everyone all the time but rather build on the individuals right. Innovation comes from all around the world and still many European countries are on top in the innovation sphere. Take all the asian countries on that and you will see that the only thing that is actually in short supply is the respect and freedom under integrity.
When innovation is used as an excuse of burning down the hard labour that is the integrity laws you have to see that we are no longer talking Don Quixiote, we are talking about Heart of Darkness...

A. Mantelero said...

Thank you Peter, you convinced me to be more incisive against US lobbying!

Anonymous said...

It sounds like you favored expansive privacy laws until your company realized they hindered its ability to exploit people's information for profit -- sorry, "innovate."

Anonymous said...

if you are joining a service in China, you are under chinese jurisdiction. Joining a webservice from US, why should this be different. You are under US-law. This might be hard to understand for European, but especially for German citicens. Shut down Internet-Services for Germany.

Mac Carol said...

We need a Data Boston Tea Party, charter a plane in Brussels and fly the US lobbyists home to where they belong. Google, Facebook, Microsoft, Oracle, IBM are not European companies. A corporation from the U.S. should leave it entirely to the democrats of Europe to strike the right balance. Any lobbying is undue because this is not their law and their democratic decision-taking. It is just the law they will have to abide because in Europe the European rule, not them. Washington may be broken, but we don't want the lobby interference in Brussels. We built a European democracy and fight for our rights.

Anonymous said...

Protecting peoples privacy is actually a good thing.

If Europa further protects the privacy of it population will Google withdraw their services from Europe or will it have to innovate to create different (less privacy invading) methods of delivering ads to Europeans.

I think the latter.

Anonymous said...

Privacy is not an innovation roadblock! This type of argument is called 'refuting a straw man'. Europe's privacy laws will only speed up innovation as companies will have to get smarter to handle user data.

Nevertheless, there are plenty of areas for businesses to innovate that don't require them to know what minute past the hour I took a dump yesterday and what it smelled like.

Anonymous said...

Well we in Euope (but not only Europe) have banished many old business practices who violated human rights and civilian rights. Children protection laws for example and we are still busy with equality for women. and so forth.

To suggest that we were finished in our human rights quests, and even worse we are overdoing it, is arrogant bording to morally corrupt.

Not any law is perfect right away, especially not in concept. To ignore the spirit of the law and going straight to the letter just to have it abolished is morally bankrupt again. As said it is all new and innovative and in practice laws are still way behind.

However it is the spirit of the laws which are attacked here and that means no privacy for civilians.

Now if one argues intellectual property rights are real property, one would assume that the one and only real non-abstract intellectual property right there is, privacy, should be forcefully protected by the ones advocating intellectual property rights.
That by law there is a difference, doesn't mean that there is one in concept and spirit.

As long as companies are just claiming "their rights", you know they are full of bs when they are talking about what is right or wrong or who is Don Quichotte. (which means one against many and not wrong in theory or moral, but in feasibility, so it can go both ways and behaving as one could be courageous in the right context.)

Innovative and creative in the right context, not back to the middle ages context.

S.Westerveld, Amsterdam

Anonymous said...

Interesting view, Peter.

At first, I have to remark that I am concerned about my privacy rights personally as it has been treated with disrespect by many companies in recent times. For example while registering for MySpace via FB account my complete data was transferred to MySpace without being consented before. I needed a bunch of uncomfortable actions and "clicks" to re-establish the situation back to "privacy friendly".

Secondly, I work now for quite some years in the privacy area myself and feel increasingly threatened by the developments (e.g. big data, data aggregation etc.) on a personal basis, because - as we all know - companies do not argue for easy rules in the favor of consumers rights, instead they favor regulations that maximize their profits and potential to grow. This is their only (legal - shareholders) aim. The innovation argument becomes boring in this context as we all know upon what context it is usually used by the companies who claim for it.

Given this situation I feel comfortable having "the old Europe" to go for a balanced approach and favor the right to privacy as what it is: one of the most important basic right of humanity in the future.

Anonymous said...

You might want to read an article called "We Aren't the World," which details American's skewed perceptions and assumption that those perceptions are somehow universal: It may be that you're Don Quixote...