Irish Future Internet forum Conference, 2011. Session 1

1. Malcolm CromptonSocioeconomics of Privacy and the Future InternetKilkenny1 June 2011

3. where is our data?

4. who is the boss?

6. “Privacy” – Outdated? Incompatible? A problem? Facebook’s Mark Zuckerberg: “The Age of Privacy is Over” Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” Louis Freech former Director FBI: “the American people must be willing to give up a degree of personal privacy in exchange for safety and security” Sun Microsystems’ Scott McNealy: “You have zero privacy anyway.. get over it.”

8. No economic drivers for internet privacy

9. Much of the internet is “free”

10. No such thing as a free lunch

11. Must give access to ourselves in more & more detail

13. Australia, NZ, India, Latin America, USA and EU

14. More Data Protection/Privacy chiefs

15. More choices (Notice and Consent)

16. BUT:

19. Tends to be reactive

20. Requires enforcement !

21. Must address multi-jurisdiction activity

22. Must suit our ever-changing worldinformation + technology + world = challenge

24. Future as based on implementing stronger incentives to do the right thing by privacy: commercial reality + regulatory incentive

25. Globalisation and global data flows will also be very important – international regulation along lines of the Madrid declaration

26. “Law should not legislate on technology” – operationalise privacy by design, including more ‘privacy by default’ settings

27. Importance of ensuring effective accountability

28. Really getting privacy right: not just seeking compliance with privacy law but demonstrating that ‘all measures have been taken to ensure that compliance will be a result’. For more, also see blog: “EC thinking on privacy definitely on the move...”

29. Privacy: how can it keep up with the times?

31. many organisations around the world

32. many jurisdictions around the world

33. data should be safe and it can be safe

36. 44% of world trade

37. growth strategy includes: innovative growth to create an economic environment that promotes innovation, use of ICT products and services, and emerging economic sectors http://publications.apec.org/publication-detail.php?pub_id=1123

38. a goal for this year is to launch a new agenda to address issues such as innovation, data privacy and cyber-security http://www.apec.org/en/Press/Features/2011/0428_nextgen_trade.aspx

40. 2011: $12-13billion revenue

41. 2020: $100billion revenue, 20% of globalmarket share

42. Asia-Pacific software revenue

43. 2009-2014: compound annual growth rate of 11.5% (c.f. Western Europe: CAGR of 2.7%)

44. India share of global outsourcing market

47. free, made-just-for-you services

48. Innovation

49. Google Flu Trends

50. Connection with our own networks

51. User generated content

52. Let the internet be free, and we all win

54. USA: 533 686 527 records in 2 503 breaches made public since 2005

55. Sony breach: US$20 per person = >US$2 billion?

56. Honda Canada breach exposed data on 280,000 individuals: “It appears that even if you didn’t create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved”

57. Identity theft

58. UK: each year costs >£2.7billion, affects >1.8million people

60. how much are we willing to pay?

61. what will happen if we don’t get privacy right?

64. Layered Defence

65. How to build in the tools

66. Privacy by Design

67. How to know the tools are being applied year in, year out

69. Privacy by Design:The 7 Foundational Principles Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf

71. Begun with Galway project

72. Led by Centre for Information Policy Leadership (CIPL)

74. Billy Hawkes, Data Protection Commissioner, Ireland

75. implementation of accountability – how organisations demonstrate accountability, & how regulators measure it

76. Paris, France, 2010 – Phase II

77. objectives of accountability – common fundamentals to be demonstrated & measured

78. Madrid, Spain, 2011 – Phase III

81. Brings you into digital existence

82. Takes you out of digital existence

83. Watches every move in between …

84. A better way – relevant Verified Claims

85. User centric; user controlled eg Avoco CloudCard Selector

86. Rely on ID claims last

87. Pilot under way right now

88. Current Issues and Solutions in Identity ManagementInternational Conference of Data Protection & Privacy Commissioners, Jerusalem 2010

90. AU$467million project

91. Secure + Individual Health Identifier

92. stored in a network

93. accessed wherever I am“The overall economic benefit from increased productivity and reduced adverse events that would be achieved with a national individual electronic health record in Australia has been estimated to be between $6.7 billion and $7.9 billion in 2008-09 dollars over 10 years.” National Hospitals & Health Reform Commission 2008

94. Future Internet 2020

96. Global Access Partners – Cloud Computing Taskforce Report

97. Individuals expect defaults more favourable to them

98. Under control vs under my control

99. Automation; agents; privacy by default

100. Outcomes based privacy law

103. Fail over for the individual

104. Metrics for trust & privacy

105. Automated accountability

106. One stop shop resolution

107. User centred cloud services

108. When does cloud processing come to your data vs when does your data go to the cloud for processing

109. User centred verified claims

110. Beyond ‘ID’ management

112. buying (eg embed accountability in contracts)

113. selling (eg Privacy by Design in cloud computing products)

114. assuring (eg be a standards leader)

115. researchIreland as a superhighway safehouse