At Global Pulse we are advocates for robust data protection and privacy practices, and as the resident Privacy Officer, I was keen to see what would come out of the IAPP Global Privacy Summit
, which took place last week in Washington DC. The summit featured privacy commissioners, chief privacy officers from major corporations, experts, and academics from around the globe, and privacy in big data was one of the most heavily discussed topics.
A significant portion of the conversation focused on how companies can structure their business models to leverage the collection and use of big data, while conducting best privacy practice and fostering public trust. Unsurprisingly, issues related to cybersecurity were also widely covered during throughout the day. Much attention was directed towards the newly established relationship between the US and EU trans-border data flows. Right on the edge of the Summit, the US and EU announced a joint agreement between G29 and APEC countries
aiming to aid companies in achieving compliance with global data transfers. This followed a review of the "Safe Harbor" agreement
that was announced by EU Commissioner Viviane Reding in Jan 2014, following growing concerns about the collection of citizens' data by intelligence services.
Before being approved by the vast majority of the EU Parliament on Wednesday, the European General Data Protection Regulation was another highly discussed topic during the Summit. Interestingly, just a couple of days after the Summit the European Parliament re-confirmed their direction
in reforming the privacy framework by strengthening protections around data transfers of EU citizens’ data to non-EU countries. They also re-stated the concept of the right to be forgotten, to not be profiled, and increased the fines for breach of regulation.
During the closing summit session the leaders of Article 29 Working Party and the European data protection authorities, including from Denmark, France and UK discussed the two “leading” approaches taken by the policy makers in order to protect privacy: one approach is comprehensive data protection, introduced by the EU regulation, and the other approach is sectoral, generally led by the US.
As Dr. Kristopher Kuner has recently noted in his article
, countries around the world are struggling to decide which approach to adopt. The comprehensive approach (one-size fits all) has been criticized for being too prescriptive, while many have asked whether the US sectoral approach is too loose giving too much space for self-regulation. One of the points frequently raised during the summit discussion, was that a restrictive approach to regulating the rapidly emerging technology field might slow down innovation. The law cannot simply keep up with the ever-changing technological solutions and types of information that is being created.
Although progress may seem slow, privacy regulations around the globe are becoming an important component of national legislation aimed at protecting citizens’ privacy rights, primarily in the business-consumer relations context. At the same time this poses significant challenges regarding the use of big data, for example, in development or humanitarian sectors. While robust privacy measures could assist in making a company a powerhouse in the business sector, legislators should also acknowledge the utility of big data for public good, when choosing the right approach to general law. Let’s keep in mind that if big data is the new “oil,” privacy, indeed, should be the new “green”
The bottom line is that the right balance needs to be found between the privacy approaches in order to lead a better regulated IT industry to innovate, allow legislation to keep up with the changing world, and support the use of big data for humanitarian and development purposes.