Your SlideShare is downloading. ×
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

1,347
views

Published on

Irish Future Internet forum Conference, 2011. …

Irish Future Internet forum Conference, 2011.
Session 1


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,347
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Malcolm CromptonSocioeconomics of Privacy and the Future InternetKilkenny1 June 2011
  • 2. There’s money in them thar clouds
    BUT ...
    • what happens to information about you and me?
    • 3. where is our data?
    • 4. who is the boss?
    • 5. who wins?
  • Internet
    Privacy
  • 6. “Privacy” – Outdated? Incompatible? A problem?
    Facebook’s Mark Zuckerberg:
    “The Age of Privacy is Over”
    Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”
    Louis Freech former Director FBI:
    “the American people must be willing to give up a degree of personal privacy in exchange for safety and security”
    Sun Microsystems’ Scott McNealy:
    “You have zero privacy anyway.. get over it.”
  • 7. In fact, is internet privacy dead & buried?
    • The internet has outgrown privacy
    • 8. No economic drivers for internet privacy
    • 9. Much of the internet is “free”
    • 10. No such thing as a free lunch
    • 11. Must give access to ourselves in more & more detail
    • 12. AND MOSTLY WE LIKE IT!
  • But if that’s a problem, let’s hit back!
    • Privacy law reform all around the world
    • 13. Australia, NZ, India, Latin America, USA and EU
    • 14. More Data Protection/Privacy chiefs
    • 15. More choices (Notice and Consent)
    • 16. BUT:
    • 17. “ample evidence the “Notice and Consent” model of data protection regulation, which places a great burden on individuals to read and understand privacy notices, is not especially effective in practice, as shown by the overwhelming empirical evidence that individuals do not read – let alone respond to – Privacy Notices, especially if they are lengthy” www.huntonfiles.com/files/webupload/CIPL_European_Commission_Commentary_Jan2011.pdf
  • Tempting.
    First, some facts ...
  • 18. Law making helps, but ...
    • Can’t encompass all situations
    • 19. Tends to be reactive
    • 20. Requires enforcement !
    • 21. Must address multi-jurisdiction activity
    • 22. Must suit our ever-changing world
    information + technology + world = challenge
  • 23. Regulator insight in detail – Peter Hustinx (EDPS)
    • Rights of the citizen won’t change much – emphasis on easier access to exercising existing rights.
    • 24. Future as based on implementing stronger incentives to do the right thing by privacy: commercial reality + regulatory incentive
    • 25. Globalisation and global data flows will also be very important – international regulation along lines of the Madrid declaration 
    • 26. “Law should not legislate on technology” – operationalise privacy by design, including more ‘privacy by default’ settings
    • 27. Importance of ensuring effective accountability
    • 28. Really getting privacy right: not just seeking compliance with privacy law but demonstrating that ‘all measures have been taken to ensure that compliance will be a result’.  
    For more, also see blog: “EC thinking on privacy definitely on the move...”
  • 29. Privacy: how can it keep up with the times?
  • 30. Our data is everywhere
    • information about us is in
    • 31. many organisations around the world
    • 32. many jurisdictions around the world
    • 33. data should be safe and it can be safe
    • 34. who pays for it to be safe?
  • One time zone:
    • Europe
    • 35. keeping up with the times?
  • And where’s it all happening ? APEC & India !
    • 2009 GDP US$31 740 310 200 000 (54% of world GDP)
    • 36. 44%  of world trade
    • 37. growth strategy includes: innovative growth to create an economic environment that promotes innovation, use of ICT products and services, and emerging economic sectors http://publications.apec.org/publication-detail.php?pub_id=1123
    • 38. a goal for this year is to launch a new agenda to address issues such as innovation, data privacy and cyber-security http://www.apec.org/en/Press/Features/2011/0428_nextgen_trade.aspx
    • 39. APEC Cross-border Privacy Enforcement Arrangement (CPEA)
  • Asia & the digital economy
    • The Philippines call centres
    • 40. 2011: $12-13billion revenue
    • 41. 2020: $100billion revenue, 20% of globalmarket share
    • 42. Asia-Pacific software revenue
    • 43. 2009-2014: compound annual growth rate of 11.5% (c.f. Western Europe: CAGR of 2.7%)
    • 44. India share of global outsourcing market
    • 45. 2010: 55% (c.f. 2009: 51%)
  • Future Internet
    Privacy
    Socioeconomics
  • 46. Socioeconomics of internet privacy: the good
    • Big Data
    • 47. free, made-just-for-you services
    • 48. Innovation
    • 49. Google Flu Trends
    • 50. Connection with our own networks
    • 51. User generated content
    • 52. Let the internet be free, and we all win
    • 53. personalisation (search, geolocation, foursquare, google maps, etc)
  • ... and the not so good
    • Costs of privacy breaches
    • 54. USA: 533 686 527 records in 2 503 breaches made public since 2005
    • 55. Sony breach: US$20 per person = >US$2 billion?
    • 56. Honda Canada breach exposed data on 280,000 individuals: “It appears that even if you didn’t create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved”
    • 57. Identity theft
    • 58. UK: each year costs >£2.7billion, affects >1.8million people
    • 59. The Filter Bubble; Creepy; Lack of trust; ...
  • Yes, there is money in the clouds
    • but who is paying?
    • 60. how much are we willing to pay?
    • 61. what will happen if we don’t get privacy right?
    • 62. is anything being done about it?
  • Can privacy and socioeconomic gain co-exist?
    What’s being done?
  • 63. The emerging framework
    • Tools we can build in to our work
    • 64. Layered Defence
    • 65. How to build in the tools
    • 66. Privacy by Design
    • 67. How to know the tools are being applied year in, year out
    • 68. The Accountability Project
  • “Layered Defence”
    Accountability

    Trust
    Risk
    Control



    Business as usual
    Privacy
    ?
    Law
    Technology
    Governance
    The Future Internet
    Safety Net
  • 69. Privacy by Design:The 7 Foundational Principles
    Proactive not Reactive; Preventative not Remedial
    Privacy as the Default
    Privacy Embedded into Design
    Full Functionality: Positive-Sum, not Zero-Sum
    End-to-End Lifecycle Protection
    Visibility and Transparency
    Respect for User Privacy
    www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
  • 70. The Accountability Project
    • “Accountability” first included in 1980 OECD Guideline on the Protection of Privacy &Transborder Flows of Personal Data
    • 71. Begun with Galway project
    • 72. Led by Centre for Information Policy Leadership (CIPL)
    • 73. Framework for safe, global data flows
  • The Accountability Project
    • Galway, Ireland, 2009 – Phase I
    • 74. Billy Hawkes, Data Protection Commissioner, Ireland
    • 75. implementation of accountability – how organisations demonstrate accountability, & how regulators measure it
    • 76. Paris, France, 2010 – Phase II
    • 77. objectives of accountability – common fundamentals to be demonstrated & measured
    • 78. Madrid, Spain, 2011 – Phase III
    • 79. validation of accountability – effective, affordable validation tools for accountability-based governance
  • One is “... by Design”.
    The other is not.
    Both fail on “Privacy”.
  • 80. Case Study – ID management Australia
    • The old way: Digital God
    • 81. Brings you into digital existence
    • 82. Takes you out of digital existence
    • 83. Watches every move in between …
    • 84. A better way – relevant Verified Claims
    • 85. User centric; user controlled eg Avoco CloudCard Selector
    • 86. Rely on ID claims last
    • 87. Pilot under way right now
    • 88. Current Issues and Solutions in Identity Management
    International Conference of Data Protection & Privacy Commissioners, Jerusalem 2010
  • 89. Case Study – eHealth Australia
    • Personally Controlled Electronic Health Record (PCeHR)
    • 90. AU$467million project
    • 91. Secure + Individual Health Identifier
    • 92. stored in a network
    • 93. accessed wherever I am
    “The overall economic benefit from increased productivity and reduced adverse events that would be achieved with a national individual electronic health record in Australia has been estimated to be between $6.7 billion and $7.9 billion in 2008-09 dollars over 10 years.”
    National Hospitals & Health Reform Commission 2008
  • 94. Future Internet 2020
  • 95. We can see glimpses
    • More Cloud; More multi-jurisdictional; More complex supply chains
    • 96. Global Access Partners – Cloud Computing Taskforce Report
    • 97. Individuals expect defaults more favourable to them
    • 98. Under control vs under my control
    • 99. Automation; agents; privacy by default
    • 100. Outcomes based privacy law
    • 101. Built around Pbd & enforceable Accountability
  • AND it’s becoming a leader level issue
    “The effective protection of personal data and individual privacy on the Internet is essential to earn users’ trust. It is a matter for all stakeholders: the users who need to be better aware of their responsibility when placing personal data on the Internet, the service providers who store and process this data, and governments and regulators who must ensure the effectiveness of this protection. We encourage the development of common approaches taking into account national legal frameworks, based on fundamental rights and that protect personal data, whilst allowing the legal transfer of data.”
    Renewed commitment for freedom and democracyG8 Declaration, G8 Summit of Deauville, 26-27 May 2011
  • 102. Hence possible areas for research
    • Demonstrable Supply Chain resilience
    • 103. Fail over for the individual
    • 104. Metrics for trust & privacy
    • 105. Automated accountability
    • 106. One stop shop resolution
    • 107. User centred cloud services
    • 108. When does cloud processing come to your data vs when does your data go to the cloud for processing
    • 109. User centred verified claims
    • 110. Beyond ‘ID’ management
    • 111. Automation; agents; privacy by default
  • An opportunity for Ireland
    • Ireland as a leader
    • 112. buying (eg embed accountability in contracts)
    • 113. selling (eg Privacy by Design in cloud computing products)
    • 114. assuring (eg be a standards leader)
    • 115. research
    Ireland as a superhighway safehouse