A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and
A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and marketing.
Positive-Sum, Not Zero-Sum Compliance alone, is unsustainable as the sole model for ensuring the future of privacy; for that, we must turn to proactive measures such as Privacy by Design: embedding privacy proactively into the core of all that we do. Lessig Book – Code: Version 2.0 Further, the average individual’s “information footprint” (digitization of entertainment, healthcare, security, and retail preferences) will grow from 1 terabyte per year to more than 16 terabytes by 2020. — IBM Press Release, September 8, 2008. The collection of personal information is not going to stop or decline. In fact, it will only continue to grow exponentially. Legislation can be proactive by requiring certain practices and standards; arranging for audits; providing incented activities; and by ensuring that certain large organizations, such as government departments themselves, will become models for the required change and activity - so maybe the contrast is not between legislation and PbD, but between proactive and reactive approaches with Privacy by Design being the best model for the proactive approach.
PbD – Build It In A Positive-Sum (or “win-win” or “non zero-sum”) paradigm, by contrast, describes a concept or situation in which participants can all gain or suffer together. That is, the sum of gains and losses by the participants are always more or less than what they began with, depending on their choices and behaviour. If privacy and security are not a ‘zero sum game’, and if we need to ensure strong security and strong privacy what are we left with? We can’t leave privacy to policies and procedures alone, as that ignores the reality of the systems in which so much personal information resides. We can’t focus on security alone, as I talked about earlier. There isn’t a balance to be sought. What is required is a WIN-WIN situation, in which strong privacy policies mutually reinforce a strong security focus. “ We need better options for securing the Internet. Instead of looking primarily for top-down government intervention, we can enlist the operators and users themselves.” — Jonathan Zittrain, Freedom and Anonymity: Keeping the Internet Open, Scientific American, February 24, 2011
Privacy by Design
Jerusalem Resolution I first developed the concept of Privacy by Design in the ’ 90s, as a response to the growing threats to online privacy that were beginning to emerge; Privacy by Design seeks to build in privacy – up front, right into the design specifications; into the architecture; embedding privacy into the very technology used – bake it in ; Data minimization is key : minimize the routine collection and use of personally identifiable information – use encrypted or coded information, whenever possible; Use privacy-enhancing technologies (PETs) where possible, but make it PETs Plus , invoking a positive-sum paradigm, and giving people maximum control over their own data.
PbD – 7 Foundational Principles
PbD in 29 Langauges Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
Privacy in Advertising and Marketing
Consumers Favour DNT As part of the report, the group is recommending a four-step process for building trust with consumers. These four elements are: control (ensuring people know what will happen to their information); choice (allowing people to choose what information to hold back from marketers); commitment (making people aware of privacy and security policies); and compensation (helping people understand "what's in it for me" if they share information
Berkeley Survey on Online Privacy
Quote from Chris Hoofnagle – Director of Berkley Center
Would you allow a social networking app to collect your contact list in order to suggest more friends? The FTC has called for consumers to be given a simple “Do Not Track” mechanism that would allow them to choose whether they want to allow websites to collect information about their Internet activity and use it to deliver targeted advertisements and for other purposes. The FTC specifically recommends a mechanism that would be practical, and would probably involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices (see the FTC’s 2010 preliminary staff report and 2012 Privacy Report: Balancing Privacy and Innovation). FTC’s DNT would consist of the following five elements: First, a Do Not Track system should be implemented universally to cover all parties that would track consumers. Second, the choice mechanism should be easy to find, easy to understand, and easy to use. Third, any choices offered should be persistent and should not be overridden if, for example, consumers clear their cookies or update their browsers. Fourth, a Do Not Track system should be comprehensive, effective, and enforceable. It should opt consumers out of behavioral tracking through any means and not permit technical loopholes. Finally, an effective Do Not Track system should go beyond simply opting consumers out of receiving targeted advertisements; it should opt them out of collection of behavioral data for all purposes other than those that would be consistent with the context of the interaction (e.g., preventing click-fraud or collecting deidentified data for analytics purposes).
Would you allow a coupons app to collect your contact list in order to offer coupons to your contacts ?
Would you allow your cell phone provider to use your location to tailor ads to you?
IPC Paper – Applying Privacy into Marketing
Why Privacy is Good for Business
The Privacy Dividend
Bering Media – IP Geolocation Taking a more resolute approach to protecting privacy could increase the magnitude of the benefits well beyond any increase in costs. This approach is sometimes referred to as “privacy by design.” How the organisation handles people’s personal information is central to the degree of trust on which the relationships the organisation has with the people it serves are based. Protecting privacy builds trust and strengthens those relationships, making them more long-lasting and productive. It also strengthens the organisation’s reputation and that helps to attract new customers. In the words of Ann Cavoukian, the Information and Privacy Commissioner of Ontario, Canada, (show book – “Privacy Payoff”) “The ‘payoff’ to privacy-respecting organisations is ... ultimately, enduring competitive advantage. In a world of increasingly savvy and inter-connected customers, an organisation’s approach to privacy may offer precisely the competitive advantage needed to succeed.”
The Bottom Line The Internet and its associated marketing practices have rapidly evolved, to a point where much of the online advertising is provided by companies with whom the individual does not have a direct business relationship. And yet, such companies collect and manage a great deal of data about individuals. This has opened up a broad and ongoing debate in the area of privacy and online targeted advertising. The purpose of this paper is to explore new, original contributions to this discussion, highlighting the solutions made possible through a combination of innovative thought and “baked-in” privacy – which I call Privacy by Design. The subject of targeted advertising brings with it a host of privacy issues, from those directly connected with the practice (the tracking of online behaviours, the use of location data as reported by mobile devices, etc.) to broader, Internet-wide topics (IP address as personal information, etc.). Privacy choices and consumer trust have remained at the forefront of these concerns. In this paper, we focus on a single facet of targeted advertising – the developing area of precise IP geolocation, and the potential role of ISPs in the ad serving model. In particular, we describe the work of Ontario company Bering Media, Inc. Bering Media set out to develop an innovative technology to allow ISPs that have made the decision to partner with an ad server to provide IP geolocation services, to do so with zero disclosure of potentially personally identifiable information about subscribers. This would further allow the ISP to partner with an ad server without the need for reading or modifying any packets travelling through the ISP’s network.
Costs of Privacy Breach
Consumer Choice and Privacy A U.S. study found that the cost of a data breach was $202 per record; the average cost per operating company was more than $6.6 million per breach. 2008 Annual Study: Cost of a Data Breach, Ponemon Institute, February 2009. Legal liabilities, class action suits; Loss of client confidentiality and trust; Diminution of brand and reputation; Loss of customers, competitive edge; Penalties and fines levied; Costs of crisis management, damage control, review and retrofit of information systems, policies and procedures.
Consumers Willing to Pay for Privacy
How to Contact Us
Say Good-Bye to Zero-Sum:Say Hello to Privacy and Marketing by Design Ann Cavoukian, Ph.D.Information and Privacy Commissioner Ontario, Canada Canadian Institute Advertising and Marketing Law Conference January 23, 2013
Presentation Outline1. We Need a Paradigm Shift2. Positive-Sum, NOT Zero-Sum3. Privacy by Design: The Gold Standard4. Privacy in Advertising and Marketing5. Why Privacy is Good for Business6. Operationalizing Privacy by Design7. Conclusions
Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated ... unknownRegulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy
The Future of Privacy Change the Paradigm to Positive-Sum,NOT Zero-Sum
Positive-Sum Model Change the paradigm from a zero-sum to a “positive-sum” model: Create a win-win scenario, not an either/or (vs.) involving unnecessary trade-offsand false dichotomies … replace the “vs.” with “and”
Privacy by Design: “Build It In”• I first developed the concept of “Privacy by Design” in the 90s, as a response to the growing threats to online privacy that were beginning to emerge;• “Privacy by Design” seeks to build in privacy – up front, right into the design specifications; into the architecture; embed privacy into the technology used – bake it in;• Data minimization is key: minimize the routine collection and use of personally identifiable information – use encrypted or coded information whenever possible;• Use privacy-enhancing technologies (PETs) plus where possible: give people maximum control over their own data.
Adoption of “Privacy by Design” as an International StandardLandmark Resolution Passed to Preserve the Future of PrivacyBy Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacyJERUSALEM, October 29, 2010 – A landmark Resolution byOntarios Information and Privacy Commissioner, Dr. Ann Cavoukian,was approved by international Data Protection and PrivacyCommissioners in Jerusalem today at their annual conference. Theresolution recognizes Commissioner Cavoukians concept of Privacyby Design - which ensures that privacy is embedded into newtechnologies and business practices, right from the outset - as anessential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
Privacy by Design: The 7 Foundational Principles1. Proactive not Reactive: Preventative, not Remedial;2. Privacy as the Default setting;3. Privacy Embedded into Design;4. Full Functionality: Positive-Sum, not Zero-Sum;5. End-to-End Security: Full Lifecycle Protection;6. Visibility and Transparency: Keep it Open;7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Personal Information Protection and Electronic Documents Act (PIPEDA)• Online behavioural advertising may be considered a reasonable purpose under PIPEDA;• PIPEDA requires an individual’s knowledge and consent for the collection, use, or disclosure of personal information;• PIPEDA also requires that the purposes for which an individual’s information is to be collected, used or disclosed be explained in a clear and transparent manner;• Any collection or use of an individual’s web browsing activity must be done with that person’s knowledge and consent.
Report from Advertising Standards CanadaAccording to a report from Advertising Standards Canada:•89% agreed with the statement, “people share far too muchpersonal information online these days;”•72% responded that they were worried about the erosion ofpersonal privacy;•73% said they were aware that businesses were trackingpeoples activities on the Web in order to understand theirinterests. — Susan Krashinsky, Give consumers choice, control on personal data, advertisers urged; ASC recommending a four-step process for building trust, Globe and Mail, November 20, 2012. www.theglobeandmail.com/report-on-business/give-consumers-choice-control-on-personal-data-advertisers-urged/article5461959/
Consumers Favour Do Not Track (DNT) by Default“Seventy-five percent of the consumers wesurveyed in the U.S. and Europe said theywanted DNT on, by default.” — Brad Smith Microsoft Executive Vice-President December, 2012. http://www.bloomberg.com/news/2012-12- 13/microsoft-rankles-advertisers-with-web-user- privacy-plan.html
Microsoft Internet Explorer 10 Do Not Track• June 2012 – Microsoft announced the Do Not Track option would be activated by default in Internet Explorer 10 on Windows 8, as part of its commitment to user privacy;• The Default Rules – research shows that whatever the default condition is, that is the one that will prevail;• Microsoft was criticized by advertising companies, who said Do Not Track must be a choice made by users and should not be automatically enabled – this despite the fact that they have been making the choice for users all along;• Companies have always made the choice for their users – the existing default is one of tracking/advertising;• Microsoft responded that users would prefer a browser that automatically respected their privacy – I totally agree – see my YouTube video here: http://www.youtube.com/watch?v=1OtV-sGu17U
Berkeley Center for Law and Technology Survey on Online Privacy• At the Amsterdam Privacy Conference in October, 2012, the Berkeley Center for Law and Technology released its survey findings: • 87% of those surveyed had not heard about proposals to create a Do Not Track option for the Internet; • 30% understood that advertisers can track users on medical information sites; • 40% believed they had fewer privacy rights when visiting a free website supported by advertising. www.law.berkeley.edu/13260.htm
“Most consumers want Do Not Track to meanexactly that: do not collect information thatallows companies to track them across theInternet. This may seem obvious, but even thedefinition articulated by the FTC may fall shortof these consumer expectations.” — Chris Jay Hoofnagle, Director, Information Privacy Programs, Berkeley Center for Law & Technology, October, 2012.
Would you allow a social networking app to collectyour contact list in order to suggest more friends? 51% 30% www.law.berkeley.edu/13260.htm
Would you allow a coupons app to collect your contact list in order to offer coupons to your contacts? 75% 18% www.law.berkeley.edu/13260.htm
Would you allow your cell phone provider to use your location to tailor ads to you? 70% 22% www.law.berkeley.edu/13260.htm
There is another way …Applying Fair Information Practicesto CRM: • Accountability • Identifying Purposes • Consent • Limiting Collection • Limiting Use, Disclosure, and Retention • Accuracy • Safeguards • Openness • Individual Access • Challenging Compliance www.ipc.on.ca/English/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=234
Permission-Based Marketing: The Personal Touch• Essential premise: persuade consumers to volunteer their attention;• Predicated on Consent: make consumers active recipients of marketing information;• Puts control in the hands of consumers; “Just because you somehow get my email address doesn’t mean you have permission.” . — Seth Godin, Permission-Based Marketing, 2001.
The Privacy Dividend1. The Business Case2. Personal Information in the Business Context3. Creating the Business Case“In the words of CommissionerCavoukian, “The ‘payoff’ to privacy-respecting organisations is ... ultimately,enduring competitive advantage. In aworld of increasingly savvy and inter-connected customers, an organisation’sapproach to privacy may offer precisely thecompetitive advantage needed to succeed.” www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_dividend.pdf
• Bering Media has built Privacy into IP Geolocation:• Using a unique double-blind privacy architecture;• Minimum-match thresholds/ Anti-inference algorithms;• Dynamic IP address management;• Persistent, permanent opt-out, globally. www.ipc.on.ca/images/Resources/pbd-ip-geo.pdf
The Bottom Line Privacy should be viewed as a business issue, not a compliance issueThink strategically and transform privacy into a competitive business advantage
Cost of Taking the Reactive Approach to Privacy Breaches Damaged Lawsuits Brand Name Proactive Reactive Loss of Consumer Trust
Consumer Choice and Privacy• There is a strong competitive advantage for businesses to invest in good data privacy and security practices;• “A significant portion of the population is becoming concerned about identity theft, and it is influencing their purchasing decisions.” — Rena Mears, Deloitte & Touche LLP, Survey Reports An Increase in ID Theft and Decrease in Consumer Confidence, 2005.
Online Consumers Willing to Pay for Privacy• A study conducted at Carnegie-Mellon University found that when privacy information is made more salient and accessible, some consumers are willing to pay a premium to purchase goods from privacy-protective websites;• When shopping online, participants made significantly more purchases from sites rated “High Privacy” (47.4%) compared to participants buying from sites rated “No Privacy” (5.6%). — Online Consumers Willing to Pay Premium for Net Privacy, Study Finds, ScienceDaily, July 11, 2011. Study conducted by Janice Y. Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti of Carnegie Mellon University http://www.informs.org/Pubs/ISR
Bottom Line: It’s All About Trust“Trust is more important than ever online …Price does not rule the Web … Trust does.” — Frederick F. Reichheld, Loyalty Rules: How Today’s Leaders Build Lasting Relationships
Reasons for Building Consumer Trust• Continuation of valuable business relationships;• Loyal, repeat customers;• Sustainable competitive edge;• Consumer confidence and trust. — Ann Cavoukian, Ph.D., Tyler Hamilton, The Privacy Payoff: How Successful Businesses Build Consumer Trust, McGraw-Hill Ryerson, 2002, pp. 13-14.
Operationalizing Privacy by Design9 PbD Application Areas•CCTV/Surveillance cameras inmass transit systems;•Biometrics used in casinos andgaming facilities;•Smart Meters and the Smart Grid;•Mobile Communications;•Near Field Communications;•RFIDs and sensor technologies;•Redesigning IP Geolocation;•Remote Home Health Care;•Big Data and Data Analytics. www.privacybydesign.ca
Conclusions• Make privacy a priority – ensure that privacy is embedded into your systems and operational processes – into your business practices;• It is easier and far more cost-effective to build in privacy up-front, rather than after-the-fact;• Privacy risks are best managed by proactively embedding the principles of Privacy by Design;• Get smart – lead with Privacy – by Design, not privacy by chance or, worse, Privacy by Disaster!
How to Contact UsAnn Cavoukian, Ph.D.Information & Privacy Commissioner of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario, CanadaM4W 1A8Phone: (416) 326-3948 / 1-800-387-0073Web: www.ipc.on.caE-mail: email@example.comFor more information on Privacy by Design, please visit: www.privacybydesign.ca