Winds of Change: Reflecting on 2016 Data Privacy Day
This year’s International Data Privacy Day (DpD) marks the 35th anniversary of the first legally binding international treaty dealing with privacy and data protection. As our society warps towards an informational diamond age, DpD reminds us of the need to do more than just safeguard the personal data that fuels so much of our daily lives.
Beyond dating site breaches and top secret email controversies, here are the 5 privacy issues that peeked my interest in 2015:
5) Connected smart tech becoming smarter. “Open the pod bay doors, Siri” may be more than a tongue-in-cheek homage to HAL, the sentient computer from Stanley Kubrick’s visionary 2001: A Space Odyssey. In the summer of 2015, a privacy watchdog, the Electronic Privacy Information Center, urged the Federal Trade Commission to investigate ‘always-on’ consumer devices that record conversations and other personal information in real time. Concerns around eavesdropping electronics are going beyond smartphones and smart TVs. A new generation of voice- and motion-activated ‘assistants’ such as Amazon’s Echo are bringing artificial intelligence into the home. And then there are what are essentially computers on wheels — cars, requiring even more specialized approach to security and data ethics. “Dave, although you took very thorough precautions in the pod against my hearing you, I could see your lips move.”
4) Ad blockers vs AdChoices. The adware wars of 2000s are back, but this time with users taking up arms against online ads. At the core of the battle between users and the adtech industry is the question — Who controls what you see on a website? Users who find online ads annoying, distracting, intrusive or offensive are installing adblocking add-ons and apps in droves. According to the2015 Ad Blocking Report issued by the pro-ad advocate PageFair, the number of active adblock users has reached 198 million globally. And this number is expected to only rise. Shaken but not deterred, publishers and adtech firms have begun to fight back. Persuading users to pay for an ad-free experience is one strategy. Evangelizing cross-industry choice management tools AdChoices andAppChoices is another. When diplomacy fails, some publishers join the field of battle by deploying adblock killers. Persistent users can then counter with anti-adblock-killer countermeasures, turning the conflict into a true arms race. With the US online ad industry worth $60 billion business in the US, the ‘debate’ over attention will continue into 2016.
3) The Federal “Privacy” Commission. The Federal Trade Commission has been steadfast in rebranding itself as consumers’ top cyber cop in the U.S. Landmark actions against Wyndham Hotels and LabMD tested the FTC’s powers to regulate security practices under its “unfairness” authority. The FTC’s settlement with Wyndham was a major victory for the agency and validated the agency’s authority to sue companies over their security breaches. Not so with its case against LabMD, however. The dismissal of the FTC’s case against the clinical testing laboratory exposed an Achilles’ heel in the agency’s “fairness” doctrine. The administrative judge found that the FTC had to do more than speculate about the potential harm to consumers. The cyber cop needed to prove “substantial” rather than theoretical injury. And while the dismissal is a setback for the FTC, these are the kinds of battles that will continue to test the agency’s mettle in the technology space.
2) Rehabilitating EU — US data transfers. Tightrope brinksmanship isn’t only for the Flying Graysons. After the 15-year-old Safe Harbour agreement between Europe and the US was invalidated last October, negotiators on both sides scrambled to create a new transatlantic data transfer regime that would address surveillance concerns from EU citizens. And while an agreement for the 2.0 framework — the EU-U.S. Privacy Shield — has been reached, it will have to survive stress tests by the European Court of Justice before it can become legally binding. Companies that agree to participate in the Shield are expected to meet stricter obligations for data collection and processing, and be subject to policing by the Federal “Privacy” Commission. European citizens will also be granted the ability to sue alleged violators in U.S. court. In the meanwhile, transatlantic organizations are signing standardized data import contracts (model clauses) or install complex binding corporate rules to continue handling European data.
1) Internet grows taller geographic fences. Protectionist laws are not new, but the rise in data localization requirements are forcing cross-border companies to rethink operations in countries like Russia. The need to store data about a country’s resident in that country would require local data centers and staff. A related concern is if local privacy laws set a much higher compliance bar. Aligning international operations to a “King of the Hill” standard has tradeoffs that need to be carefully weighed. For example, dialing up electronic communication standards to meet Canadian anti-spam requirements, or the general requirements of the proposed General Data Protection Regulation in Europe, may increase opportunity costs for organizations used to operating in the U.S. Europe’s “Right to Be Forgotten” is another example where global companies like Google will need to apply a regional standard to global operations. The prospect of an Internet fractured into geolocated walled gardens is a concern for privacy and free speech advocates alike. Net neutrality, anyone?
If 2015 was the year of privacy advocacy, 2016 will be the year of change and adjustment. What issues struck a chord with you?
