The summary of the article Big Data for All: Privacy and User Control in the Age of Analytics (Tene & Polonetsky, 2012) adeqately correlates the economic Big Data promise to the issues of e-privacy and data protection:
1 – Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded by orders of magnitude the scope of information available for businesses and government.
2 – Data are now available for analysis in raw form, escaping the confines of structured databases and enhancing researchers’ abilities to identify correlations and conceive of new, unanticipated uses for existing information.
3 – In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data.
4 – Data creates enormous value for the world economy, driving innovation, productivity, efficiency and growth. At the same time, the “data deluge” presents privacy concerns which could stir a regulatory backlash dampening the data economy and stifling innovation.
5 – In order to craft a balance between beneficial uses of data and in individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of “personally identifiable information”, the role of individual control, and the principles of data minimization and purpose limitation.
6 – [. . .] Providing individuals with access to their data in usable format [. . .] will let individuals share the wealth created by their information and incentivize developers to offer user-side features and applications [. . .] 7 – In addition, organizations should be required to disclose their decisional criteria, since in a big data world it is often not the data but rather the inferences drawn from them that give cause for concern.
Privacy by Design
Now, apart from all well-meant existing principles and regulation worldwide, in Europe, the U.S., Canada and Australia for instance, plus the new U.S. Consumer Bill of Rights framework and the beforehand already overly famous EU proposal of early 2012, experts are convinced that so-called Privay by Design needs to complement all regulatory efforts.
The recent brochure Operationalizing Privacy by Design by the Canadian Information and Privacy Commissioner Ann Cavoukian is even meant to be A Guide to Implementing Strong Privacy Practices. So we surely must be underway quite nicely, wouldn’t you think?
Slowly Bridging the Gap
Not if we follow Deirdre Mulligan’s assessment in her latest article Bridging the Gap between Privacy and Design. According to Mulligan, Privacy by Design is a fine and necessary objective but for now it still remains in the conceptual phase:
The call for Privacy By Design — the practice of embedding privacy protections into products and services at the design phase, rather than after the fact — connects to growing policymaker recognition of the power of technology to not only implement, but also to settle policy through architecture, configuration, interfaces, and default settings. [. . .] Ideally, there would be a widely used set of methods and tools to aid in translating privacy into design. Today, neither is true.
Where Are We Now?
So, what would be required and where are we now? Although it may not be quite up to date anymore the Handbook of Privacy and Privacy-Enhancing Technologies (2003, 350 pages) by TNO, the Dutch institute for Applied Physics Research has filled in this question for intelligent software agents. An endeavour like this makes one humble again!
Systemic Data Protection by Intuitive Icons
Recently, Alexander Alvaro, Vice-President of the European Parliament, has pleaded for systemic data protection by design through lifecycle data protection management. His aim is “to modernize European data protection law in a way that allows consumers to continue having trust in technological advances as well as in their own ability to determine how their personal data is processed.” To ensure the latter Alvaro proposes the intuitive set of icons listed above. Keeping it simple this way may well be the third necessary condition, next to regulation and Privacy by Design.