There is a wealth of data, or digital traces, being generated by people as they go about their daily lives in the 21st century – posting online, commenting on articles, making transactions, using mobile phones, sending postal packages. The increased use of various digital devices and growing tendency of maximized data collection by those devices poses many issues related to privacy and data protection.
Not surprisingly, during the 4 days of the 36th International Conference of Data Protection and Privacy Commissioners held in the Republic of Mauritius last week, regulators, private sector experts, civil society and academia from various nations gathered to discuss pending data protection and privacy concerns on the Internet of Things, Big Data, International Cooperation and the need for increased Data Security.
Privacy Landscape in the Age of Big Data and Internet of Things
Big data is already leveraged by private sector companies to gain consumer insights or optimize business practices, and this same type of information could be extremely useful in a global development and humanitarian contexts.
But, while there is increasing evidence to show that public sector can leverage big data to inform policy, enhance public services or humanitarian response, concerns related to privacy and data misuse remain a complex issue for many governments around the world.
As big data has a huge potential to be used by public sector for social good, proactively preventing new modes of discrimination that some uses of big data may enable – particularly with regard to civil and human rights protections – is a must.
Properly addressing the issues of data repurposing, data profiling, unlimited data storage and collection, lack of clarity and consensus of trans-border data regulations, the lack of efficient technological solutions for proper data anonymisation and aggregation, along with the lack of public unawareness of the benefits, risks and harms remain the key to successful data usage of big data for development and humanitarian causes.
Last week’s Privacy Conference looked at many of the issues related to the use of big data and remarks by various panelists noted that an essential step in responsible data usage is developing new privacy enhancing technologies, employing privacy by design, conducting privacy impact assessment systematically and also developing methodologies for proper anonymisation.
During a closed session, the Conference adopted a Mauritius Declaration on the Internet of Things. In addition, the Norwegian Data Protection Authority proposed a Big Data Resolution, which was also adopted during the conference. The resolution calls for paying extreme attention to the key privacy principles, such as purpose limitation and data minimisation. It also requested all parties making use of big data to obtain valid consent, where necessary to require privacy impact assessment (especially where big data analytics involved novel or unexpected uses of personal data), implement privacy by design and consider where anonymisation can improve privacy practices. In addition, it calls to consider appropriate care when publishing pseudononimised data where it is not directly linked to an individual, but may still have a potential to be re-identified.
It was also acknowledged many times during the conference with the raised awareness and increased transparency about the uses, associated benefits and also potential harms of big data, lack of trust, and the fear of data misuse has a potential to decrease. In particular, the Chairman of the Dutch Data Protection Authority, Mr. Jacob Kohnstamm stressed the importance for transparency and increased public awareness in regards to all big data uses.
While many countries are passing individual national legislations on data privacy and data protection, the absence of clear transnational procedures leads to increased legal and ethical uncertainty in big data practices.
Many times it was confirmed by the participating panelists of the 36th Conference that clear and consistent policies need to be developed with the focus on harmonizing procedural enforcement and cooperation between states and other stakeholders to ensure the coexistence of different norms across jurisdictions.
As an outcome of the conference, the Resolution on Enforcement Cooperation proposed by the Information Commissioner’s Office of the United Kingdom and the Office of the Privacy Commissioner of Canada has been adopted. The Resolution stressed the importance of enforcement cooperation among various jurisdictions and encouraged the efforts in bringing more effective cooperation in cross-border investigation.
Another resolution adopted that related to international cooperation and called for increased international community engagement is the resolution presented by the Dutch Data Protection Authority – Privacy in The Digital Age, echoing and intending to support the UN High Commissioner’s recent Report on The Right to Privacy in The Digital Age. It noted that the UN High Commissioner’s Report “may be the first step into realizing” the additional protocol to Article 17 of the International Covenant on Civil and Political Rights (ICCPR) “to create globally applicable standards for data protection and the protection of privacy in accordance with the rule of law ” – the idea adopted in the Resolution on Anchoring data Protection and the Protection of Privacy in International Law during the 35th Conference in Warsaw last year.
The opportunities presented by big data are considerable. To realize the benefits of big data, the global community needs to simultaneously address serious concerns about how to protect fundamental rights and values. Increased transparency, accountability, awareness of the risks, harms and benefits associated with big data uses, systematic implementation of privacy by design, development and use of privacy enhanced technologies and anonymisation techniques are the key steps in achieving the goal of successful use of big data for social good. Undoubtedly, consistent international cooperation and guidance is needed to provide clarity on joint adoption and enforcement of applicable rules, standards and best practices.
Additional links and coverage of the conference proceedings: