Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

1. Malcolm CromptonSocioeconomics of Privacy and the Future InternetKilkenny1 June 2011

2. There’s money in them thar clouds BUT ... <ul><li>what happens to information about you and me?

3. where is our data?

4. who is the boss?

5. who wins?</li></li></ul><li>Internet Privacy

6. “Privacy” – Outdated? Incompatible? A problem? Facebook’s Mark Zuckerberg: “The Age of Privacy is Over” Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” Louis Freech former Director FBI: “the American people must be willing to give up a degree of personal privacy in exchange for safety and security” Sun Microsystems’ Scott McNealy: “You have zero privacy anyway.. get over it.”

7. In fact, is internet privacy dead & buried? <ul><li>The internet has outgrown privacy

8. No economic drivers for internet privacy

9. Much of the internet is “free”

10. No such thing as a free lunch

11. Must give access to ourselves in more & more detail

12. AND MOSTLY WE LIKE IT!</li></li></ul><li>But if that’s a problem, let’s hit back! <ul><li>Privacy law reform all around the world

13. Australia, NZ, India, Latin America, USA and EU

14. More Data Protection/Privacy chiefs

15. More choices (Notice and Consent)

16. BUT:

17. “ample evidence the “Notice and Consent” model of data protection regulation, which places a great burden on individuals to read and understand privacy notices, is not especially effective in practice, as shown by the overwhelming empirical evidence that individuals do not read – let alone respond to – Privacy Notices, especially if they are lengthy” www.huntonfiles.com/files/webupload/CIPL_European_Commission_Commentary_Jan2011.pdf</li></li></ul><li>Tempting. First, some facts ...

18. Law making helps, but ... <ul><li>Can’t encompass all situations

19. Tends to be reactive

20. Requires enforcement !

21. Must address multi-jurisdiction activity

22. Must suit our ever-changing world</li></ul>information + technology + world = challenge

23. Regulator insight in detail – Peter Hustinx (EDPS) <ul><li>Rights of the citizen won’t change much – emphasis on easier access to exercising existing rights.

24. Future as based on implementing stronger incentives to do the right thing by privacy: commercial reality + regulatory incentive

25. Globalisation and global data flows will also be very important – international regulation along lines of the Madrid declaration

26. “Law should not legislate on technology” – operationalise privacy by design, including more ‘privacy by default’ settings

27. Importance of ensuring effective accountability

28. Really getting privacy right: not just seeking compliance with privacy law but demonstrating that ‘all measures have been taken to ensure that compliance will be a result’. </li></ul>For more, also see blog: “EC thinking on privacy definitely on the move...”

29. Privacy: how can it keep up with the times?

30. Our data is everywhere <ul><li>information about us is in

31. many organisations around the world

32. many jurisdictions around the world

33. data should be safe and it can be safe

34. who pays for it to be safe?</li></li></ul><li>One time zone: <ul><li>Europe

35. keeping up with the times?</li></li></ul><li>And where’s it all happening ? APEC & India ! <ul><li>2009 GDP US$31 740 310 200 000 (54% of world GDP)

36. 44% of world trade

37. growth strategy includes: innovative growth to create an economic environment that promotes innovation, use of ICT products and services, and emerging economic sectors http://publications.apec.org/publication-detail.php?pub_id=1123

38. a goal for this year is to launch a new agenda to address issues such as innovation, data privacy and cyber-security http://www.apec.org/en/Press/Features/2011/0428_nextgen_trade.aspx

39. APEC Cross-border Privacy Enforcement Arrangement (CPEA)</li></li></ul><li>Asia & the digital economy <ul><li>The Philippines call centres

40. 2011: $12-13billion revenue

41. 2020: $100billion revenue, 20% of globalmarket share

42. Asia-Pacific software revenue

43. 2009-2014: compound annual growth rate of 11.5% (c.f. Western Europe: CAGR of 2.7%)

44. India share of global outsourcing market

45. 2010: 55% (c.f. 2009: 51%)</li></li></ul><li>Future Internet Privacy Socioeconomics

46. Socioeconomics of internet privacy: the good <ul><li>Big Data

47. free, made-just-for-you services

48. Innovation

49. Google Flu Trends

50. Connection with our own networks

51. User generated content

52. Let the internet be free, and we all win

53. personalisation (search, geolocation, foursquare, google maps, etc)</li></li></ul><li>... and the not so good <ul><li>Costs of privacy breaches

54. USA: 533 686 527 records in 2 503 breaches made public since 2005

55. Sony breach: US$20 per person = >US$2 billion?

56. Honda Canada breach exposed data on 280,000 individuals: “It appears that even if you didn’t create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved”

57. Identity theft

58. UK: each year costs >£2.7billion, affects >1.8million people

59. The Filter Bubble; Creepy; Lack of trust; ...</li></li></ul><li>Yes, there is money in the clouds <ul><li>but who is paying?

60. how much are we willing to pay?

61. what will happen if we don’t get privacy right?

62. is anything being done about it?</li></li></ul><li>Can privacy and socioeconomic gain co-exist? What’s being done?

63. The emerging framework <ul><li>Tools we can build in to our work

64. Layered Defence

65. How to build in the tools

66. Privacy by Design

67. How to know the tools are being applied year in, year out

68. The Accountability Project</li></li></ul><li>“Layered Defence” Accountability ► Trust Risk Control ► ► ► Business as usual Privacy ? Law Technology Governance The Future Internet Safety Net

69. Privacy by Design:The 7 Foundational Principles Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf

70. The Accountability Project <ul><li>“Accountability” first included in 1980 OECD Guideline on the Protection of Privacy &Transborder Flows of Personal Data

71. Begun with Galway project

72. Led by Centre for Information Policy Leadership (CIPL)

73. Framework for safe, global data flows</li></li></ul><li>The Accountability Project <ul><li>Galway, Ireland, 2009 – Phase I

74. Billy Hawkes, Data Protection Commissioner, Ireland

75. implementation of accountability – how organisations demonstrate accountability, & how regulators measure it

76. Paris, France, 2010 – Phase II

77. objectives of accountability – common fundamentals to be demonstrated & measured

78. Madrid, Spain, 2011 – Phase III

79. validation of accountability – effective, affordable validation tools for accountability-based governance</li></li></ul><li>One is “... by Design”. The other is not. Both fail on “Privacy”.

80. Case Study – ID management Australia <ul><li>The old way: Digital God

81. Brings you into digital existence

82. Takes you out of digital existence

83. Watches every move in between …

84. A better way – relevant Verified Claims

85. User centric; user controlled eg Avoco CloudCard Selector

86. Rely on ID claims last

87. Pilot under way right now

88. Current Issues and Solutions in Identity Management</li></ul>International Conference of Data Protection & Privacy Commissioners, Jerusalem 2010

89. Case Study – eHealth Australia <ul><li>Personally Controlled Electronic Health Record (PCeHR)

90. AU$467million project

91. Secure + Individual Health Identifier

92. stored in a network

93. accessed wherever I am</li></ul>“The overall economic benefit from increased productivity and reduced adverse events that would be achieved with a national individual electronic health record in Australia has been estimated to be between $6.7 billion and $7.9 billion in 2008-09 dollars over 10 years.” National Hospitals & Health Reform Commission 2008

94. Future Internet 2020

95. We can see glimpses <ul><li>More Cloud; More multi-jurisdictional; More complex supply chains

96. Global Access Partners – Cloud Computing Taskforce Report

97. Individuals expect defaults more favourable to them

98. Under control vs under my control

99. Automation; agents; privacy by default

100. Outcomes based privacy law

101. Built around Pbd & enforceable Accountability</li></li></ul><li>AND it’s becoming a leader level issue “The effective protection of personal data and individual privacy on the Internet is essential to earn users’ trust. It is a matter for all stakeholders: the users who need to be better aware of their responsibility when placing personal data on the Internet, the service providers who store and process this data, and governments and regulators who must ensure the effectiveness of this protection. We encourage the development of common approaches taking into account national legal frameworks, based on fundamental rights and that protect personal data, whilst allowing the legal transfer of data.” Renewed commitment for freedom and democracyG8 Declaration, G8 Summit of Deauville, 26-27 May 2011

102. Hence possible areas for research <ul><li>Demonstrable Supply Chain resilience

103. Fail over for the individual

104. Metrics for trust & privacy

105. Automated accountability

106. One stop shop resolution

107. User centred cloud services

108. When does cloud processing come to your data vs when does your data go to the cloud for processing

109. User centred verified claims

110. Beyond ‘ID’ management

111. Automation; agents; privacy by default</li></li></ul><li>An opportunity for Ireland <ul><li>Ireland as a leader

112. buying (eg embed accountability in contracts)

113. selling (eg Privacy by Design in cloud computing products)

114. assuring (eg be a standards leader)

115. research</li></ul>Ireland as a superhighway safehouse

Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

You are reading a preview.

Check these out next

Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics

More Related Content

Slideshows for you (17)

Viewers also liked (7)

Similar to Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics (20)

More from Irish Future Internet Forum (20)