Potential of Privacy

On request of several readers I will publish every two weeks a one-pager (or maximum two) discussing a privacy topic. If readers have a request for a specific topic, please let me know. And to proof that we are not limited to legal texts only…

Today we discuss the potential of privacy. I will do it in a little bit challenging way in order to make us think. This text is not part of a holy book, the statements are merely teasers, but at least they will open our eyes and lead us to think about the world we want to live in (from a privacy perspective). In one page I can not be exhaustive neither, sorry for that. And for the professionals amongst us, hereby a text which is an intermezzo between problem solvings.

Why should we defend our privacy in a world where data processing, storing and exchange of data is explosively expanding and where nobody can state to have still full control over his/her data processed, by who, where on this planet and why it is done?

In many countries around the globe, Privacy is considered a fundamental human right. Throughout history the idea what privacy is and its importance evolved. But privacy was always present (though often linked with the freedom of the person. Slaves had little privacy).

Statement 1: Privacy is in other words a marker for the quality of life.

Today we can not expect people to refuse the use of electronic equipement. The IoT (Internet of Things) makes that even simple devices will be linked to the web. And as a good web does, it closes itself around its victims (meaning us) allowing ‘spiders’ to attack us fast and efficiently. The information will end in mega computers controlled by the happy few which will not only know everything about everybody but even get extremely rich (powerful) by doing so.

Is it wise that we as a society just let things go? The GDPR (EU Privacy Regulation) is nice legislation, but it cannot stop the ongoing evolution (it is not its purpose, fortunately). The technology is complicated and evolving fast so that lawmakers are always behind (which on itself is not necessarly an issue). More worrying is that data subjects do not realise anymore what is happening. They only want to have no burdens to use the application, the tool, the website, etc. they are accessing. And by doing so they ‘consent’ to the use of their data. The GDPR indicates that consent must be explicit,freely given and informed. Is this possible? As long as data subjects are only interested in the product, they forget the consequences of consent. And it has to be said, the settings of browsers, applications, etc. are not privacy by design oriented. So here we have a second fundamental statement: Our free will is taken hostage by our lack of responsibility (and lack of knowledge). If we want consent (free will, free choice) to be a reliable basis for processing we should organise ourselves otherwise (be transparant, educate users, be ethical as a controller, …).

Regulators and law makers must make laws, standards, policies and where necessary break up too powerful companies in order to get things under control. And data subjects should be aware of the risks. Transparency and behaving in the interests of the data subjects should be the rule, not the exception. Legal and moral obligations must be enforced but also become natural behaviour of controllers processing personal data.

On the other hand, society as a whole must realise that ethical behaviour is the basis for a win-win for all. An example: it would be interesting for science and for health care if all citizens are in a large DNA database. Potential health threaths can be identified in an early stage, medication can be adapted to the specific DNA profile (instead of being broad spectrum), etc. Ofcourse humans are always intending to have second uses. Such a database could be dangerous too: what will your employer say if he knew all the potential deceases? Would your wife or husband still be loving you as much if your DNA showed some less interesting characteristics? Not to speak about insurance companies. And even promotors of a better birth control could use such a database allowing only the fit to get children. And why not, last but not least, the military would be enthousiastic too.

Because of the dangers of misuse, governments have the tendancy to ignore the benefits. Nevertheless it must be possible to have such databases which are fully anonymous unless for the data subject (and his mandate, e.g. his medical doctor) after proper identification and within very specific purpose limitations in order to make us benefit from them?

Statement 3: without ethical standards and behaviour we will get nowhere.

Privacy regulations and standards are important as demonstrated to avoid abuse of information. It is important because it makes us individuals, without that we would just be numbers. It is the task of governments (and regulators) to create awareness, to educate the public, to set rules and standards controllers must comply to. Without rules (and monitoring) things will go seriously wrong. Ethical behaviour is a good line of defense but not a stand alone solution. We must dare to dismantle companies not proving they have ethical standards or not complying to the standards. Individuals should also be punished when abuse is proven. In case of abuse of Privacy there should be zero tolerance, privacy is trust.

Abuses will always be a risk (we also drive now and then too fast), but control and corrective measures must be in place. These measures should be performant and fair. Information (and the money going with it) is an easily corruptive trigger: social control, breaking up too large (non transparent) entities, abusive users,  etc. should be sanctioned consequently and by doing so we will all win. Statement 4: privacy is useful, it allows us to use data for the benefit of all without fearing negative consequences if monitoring (and sanctioning) is consequently done.

We are living in a world in progress but still with many people lacking the required education to handle it. I think when we train our children the next generations will be able to coop with mega-data in a more mature way and by doing so will also be more sensible for abuses and benefit more the advantages. Statement 5: Education is key. Processing must be transparant and data subjects must be educated in order to understand.

As the Fifth Industrial Revolution announces itself: in the future only countries with performant governments will survive and give the required quality of live. Privacy will be amongst their major challenges. Statement 6: there is a major role for governments to become modern facilitators for the wellbeing of their citizens and this can only be done respecting privacy.

General statement: Privacy is our responsibility, do not ignore it, do not count on ‘someone else will take care’.

Koenraad Veltmans, Founder and Consultant Privacy Intelligence