Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

1,580 views

Published on

Irish Future Internet forum Conference, 2011.
Session 1

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,580
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

  1. 1. Malcolm CromptonSocioeconomics of Privacy and the Future InternetKilkenny1 June 2011 <br />
  2. 2. There’s money in them thar clouds<br />BUT ...<br /><ul><li>what happens to information about you and me?
  3. 3. where is our data?
  4. 4. who is the boss?
  5. 5. who wins?</li></li></ul><li>Internet<br />Privacy<br />
  6. 6. “Privacy” – Outdated? Incompatible? A problem?<br />Facebook’s Mark Zuckerberg:<br />“The Age of Privacy is Over”<br />Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” <br />Louis Freech former Director FBI:<br />“the American people must be willing to give up a degree of personal privacy in exchange for safety and security”<br />Sun Microsystems’ Scott McNealy: <br />“You have zero privacy anyway.. get over it.”<br />
  7. 7. In fact, is internet privacy dead & buried?<br /><ul><li>The internet has outgrown privacy
  8. 8. No economic drivers for internet privacy
  9. 9. Much of the internet is “free”
  10. 10. No such thing as a free lunch
  11. 11. Must give access to ourselves in more & more detail
  12. 12. AND MOSTLY WE LIKE IT!</li></li></ul><li>But if that’s a problem, let’s hit back!<br /><ul><li>Privacy law reform all around the world
  13. 13. Australia, NZ, India, Latin America, USA and EU
  14. 14. More Data Protection/Privacy chiefs
  15. 15. More choices (Notice and Consent)
  16. 16. BUT:
  17. 17. “ample evidence the “Notice and Consent” model of data protection regulation, which places a great burden on individuals to read and understand privacy notices, is not especially effective in practice, as shown by the overwhelming empirical evidence that individuals do not read – let alone respond to – Privacy Notices, especially if they are lengthy” www.huntonfiles.com/files/webupload/CIPL_European_Commission_Commentary_Jan2011.pdf</li></li></ul><li>Tempting.<br />First, some facts ...<br />
  18. 18. Law making helps, but ...<br /><ul><li>Can’t encompass all situations
  19. 19. Tends to be reactive
  20. 20. Requires enforcement !
  21. 21. Must address multi-jurisdiction activity
  22. 22. Must suit our ever-changing world</li></ul>information + technology + world = challenge<br />
  23. 23. Regulator insight in detail – Peter Hustinx (EDPS)<br /><ul><li>Rights of the citizen won’t change much – emphasis on easier access to exercising existing rights.
  24. 24. Future as based on implementing stronger incentives to do the right thing by privacy: commercial reality + regulatory incentive
  25. 25. Globalisation and global data flows will also be very important – international regulation along lines of the Madrid declaration 
  26. 26. “Law should not legislate on technology” – operationalise privacy by design, including more ‘privacy by default’ settings
  27. 27. Importance of ensuring effective accountability
  28. 28. Really getting privacy right: not just seeking compliance with privacy law but demonstrating that ‘all measures have been taken to ensure that compliance will be a result’.  </li></ul>For more, also see blog: “EC thinking on privacy definitely on the move...”<br />
  29. 29. Privacy: how can it keep up with the times?<br />
  30. 30. Our data is everywhere<br /><ul><li>information about us is in
  31. 31. many organisations around the world
  32. 32. many jurisdictions around the world
  33. 33. data should be safe and it can be safe
  34. 34. who pays for it to be safe?</li></li></ul><li>One time zone:<br /><ul><li>Europe
  35. 35. keeping up with the times?</li></li></ul><li>And where’s it all happening ? APEC & India !<br /><ul><li>2009 GDP US$31 740 310 200 000 (54% of world GDP)
  36. 36. 44%  of world trade
  37. 37. growth strategy includes: innovative growth to create an economic environment that promotes innovation, use of ICT products and services, and emerging economic sectors http://publications.apec.org/publication-detail.php?pub_id=1123
  38. 38. a goal for this year is to launch a new agenda to address issues such as innovation, data privacy and cyber-security http://www.apec.org/en/Press/Features/2011/0428_nextgen_trade.aspx
  39. 39. APEC Cross-border Privacy Enforcement Arrangement (CPEA)</li></li></ul><li>Asia & the digital economy<br /><ul><li>The Philippines call centres
  40. 40. 2011: $12-13billion revenue
  41. 41. 2020: $100billion revenue, 20% of globalmarket share
  42. 42. Asia-Pacific software revenue
  43. 43. 2009-2014: compound annual growth rate of 11.5% (c.f. Western Europe: CAGR of 2.7%)
  44. 44. India share of global outsourcing market
  45. 45. 2010: 55% (c.f. 2009: 51%)</li></li></ul><li>Future Internet<br />Privacy<br />Socioeconomics<br />
  46. 46. Socioeconomics of internet privacy: the good<br /><ul><li>Big Data
  47. 47. free, made-just-for-you services
  48. 48. Innovation
  49. 49. Google Flu Trends
  50. 50. Connection with our own networks
  51. 51. User generated content
  52. 52. Let the internet be free, and we all win
  53. 53. personalisation (search, geolocation, foursquare, google maps, etc)</li></li></ul><li>... and the not so good<br /><ul><li>Costs of privacy breaches
  54. 54. USA: 533 686 527 records in 2 503 breaches made public since 2005
  55. 55. Sony breach: US$20 per person = >US$2 billion?
  56. 56. Honda Canada breach exposed data on 280,000 individuals: “It appears that even if you didn’t create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved”
  57. 57. Identity theft
  58. 58. UK: each year costs >£2.7billion, affects >1.8million people
  59. 59. The Filter Bubble; Creepy; Lack of trust; ...</li></li></ul><li>Yes, there is money in the clouds<br /><ul><li>but who is paying?
  60. 60. how much are we willing to pay?
  61. 61. what will happen if we don’t get privacy right?
  62. 62. is anything being done about it?</li></li></ul><li>Can privacy and socioeconomic gain co-exist?<br />What’s being done?<br />
  63. 63. The emerging framework<br /><ul><li>Tools we can build in to our work
  64. 64. Layered Defence
  65. 65. How to build in the tools
  66. 66. Privacy by Design
  67. 67. How to know the tools are being applied year in, year out
  68. 68. The Accountability Project</li></li></ul><li>“Layered Defence”<br />Accountability<br />►<br />Trust<br />Risk<br />Control<br />►<br />►<br />►<br />Business as usual<br />Privacy<br />?<br />Law<br />Technology<br />Governance<br />The Future Internet<br />Safety Net<br />
  69. 69. Privacy by Design:The 7 Foundational Principles<br />Proactive not Reactive; Preventative not Remedial<br />Privacy as the Default<br />Privacy Embedded into Design<br />Full Functionality: Positive-Sum, not Zero-Sum<br />End-to-End Lifecycle Protection<br />Visibility and Transparency<br />Respect for User Privacy<br />www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf<br />
  70. 70. The Accountability Project<br /><ul><li>“Accountability” first included in 1980 OECD Guideline on the Protection of Privacy &Transborder Flows of Personal Data
  71. 71. Begun with Galway project
  72. 72. Led by Centre for Information Policy Leadership (CIPL)
  73. 73. Framework for safe, global data flows</li></li></ul><li>The Accountability Project<br /><ul><li>Galway, Ireland, 2009 – Phase I
  74. 74. Billy Hawkes, Data Protection Commissioner, Ireland
  75. 75. implementation of accountability – how organisations demonstrate accountability, & how regulators measure it
  76. 76. Paris, France, 2010 – Phase II
  77. 77. objectives of accountability – common fundamentals to be demonstrated & measured
  78. 78. Madrid, Spain, 2011 – Phase III
  79. 79. validation of accountability – effective, affordable validation tools for accountability-based governance</li></li></ul><li>One is “... by Design”.<br />The other is not.<br />Both fail on “Privacy”.<br />
  80. 80. Case Study – ID management Australia<br /><ul><li>The old way: Digital God
  81. 81. Brings you into digital existence
  82. 82. Takes you out of digital existence
  83. 83. Watches every move in between …
  84. 84. A better way – relevant Verified Claims
  85. 85. User centric; user controlled eg Avoco CloudCard Selector
  86. 86. Rely on ID claims last
  87. 87. Pilot under way right now
  88. 88. Current Issues and Solutions in Identity Management</li></ul>International Conference of Data Protection & Privacy Commissioners, Jerusalem 2010<br />
  89. 89. Case Study – eHealth Australia<br /><ul><li>Personally Controlled Electronic Health Record (PCeHR)
  90. 90. AU$467million project
  91. 91. Secure + Individual Health Identifier
  92. 92. stored in a network
  93. 93. accessed wherever I am</li></ul>“The overall economic benefit from increased productivity and reduced adverse events that would be achieved with a national individual electronic health record in Australia has been estimated to be between $6.7 billion and $7.9 billion in 2008-09 dollars over 10 years.”<br />National Hospitals & Health Reform Commission 2008<br />
  94. 94. Future Internet 2020<br />
  95. 95. We can see glimpses<br /><ul><li>More Cloud; More multi-jurisdictional; More complex supply chains
  96. 96. Global Access Partners – Cloud Computing Taskforce Report
  97. 97. Individuals expect defaults more favourable to them
  98. 98. Under control vs under my control
  99. 99. Automation; agents; privacy by default
  100. 100. Outcomes based privacy law
  101. 101. Built around Pbd & enforceable Accountability</li></li></ul><li>AND it’s becoming a leader level issue<br />“The effective protection of personal data and individual privacy on the Internet is essential to earn users’ trust. It is a matter for all stakeholders: the users who need to be better aware of their responsibility when placing personal data on the Internet, the service providers who store and process this data, and governments and regulators who must ensure the effectiveness of this protection. We encourage the development of common approaches taking into account national legal frameworks, based on fundamental rights and that protect personal data, whilst allowing the legal transfer of data.”<br />Renewed commitment for freedom and democracyG8 Declaration, G8 Summit of Deauville, 26-27 May 2011<br />
  102. 102. Hence possible areas for research<br /><ul><li>Demonstrable Supply Chain resilience
  103. 103. Fail over for the individual
  104. 104. Metrics for trust & privacy
  105. 105. Automated accountability
  106. 106. One stop shop resolution
  107. 107. User centred cloud services
  108. 108. When does cloud processing come to your data vs when does your data go to the cloud for processing
  109. 109. User centred verified claims
  110. 110. Beyond ‘ID’ management
  111. 111. Automation; agents; privacy by default</li></li></ul><li>An opportunity for Ireland<br /><ul><li>Ireland as a leader
  112. 112. buying (eg embed accountability in contracts)
  113. 113. selling (eg Privacy by Design in cloud computing products)
  114. 114. assuring (eg be a standards leader)
  115. 115. research</li></ul>Ireland as a superhighway safehouse<br />

×