Where everybody knows your name

June 30, 2008 · Posted in data protection, privacy, public policy, rights, Web 2.0 · 1 Comment 

Although the Darklight Symposia weren’t quite like the bar in Cheers where everybody knows your name, there was a lot of familiar names and faces at this event. A good sign for Darklight because it means that they touched a chord with the topics they chose and also attracted a respected panellists. I attended the first symposium of the day “Letting it all hang out: Privacy vs. Publicity in the Virtual World” and caught the very end of the second “Web 3.0: Where next for the Internet”. Brendan Hughes, chair of the IIA Social Media Working Group gives a good overview of the topics on his own blog. The festival continued in venues around Dublin all weekend.

I was particularly interested in the first symposium they ran this morning. Regular readers might recall that I was at another seminar last month about privacy in the Institute of International and European Affairs. While the two audiences were very different (Peter Fleischer from Google would not have been making jokes about Google employees non-tie-wearing* at today’s event, let me encapsulate it like that!) they had many of the same concerns albeit from a different angle. There was a strong sense of “us” and “them” to many of the comments from the floor. “Us” seemed to refer to the private citizen and “them” to anyone who wasn’t; but even “them” is made up of private citizens who have rights too; among them a right to earn a living. Also “them” variously referred to businesses and government: businesses who are retaining data about those using their services; governments using that data to for crime-fighting purposes. However there was little acknowledgement of the fact that those companies were generally obliged by those governments to keep that information but also to protect it. And where does the government get the mandate to oblige those companies to keep AND to protect it? From this “us”. However it would be disingenuous not to acknowledge that many of the concerns in the room were about the lack of disclosure about and access to exactly what information certain larger internet companies are retaining about individuals and their use of their services.

Businesses are, of course, not without their influence when it comes to data-protection policies. Involvement in bodies like the IIA allows businesses to come together and debate these issues and present a united view to the government. It is also essential that businesses remain aware of their obligations under data protection and privacy legislation and the IIA hopes to keep businesses abreast of these issues.

The keynote speaker was Daniel J. Solove, Associate Professor of law at the George Washington University Law School, and the author of “The Digital Person: Technology and Privacy In The Information Age”. This book can be downloaded for free from www.futureofreputation.com Chaired by solicitor and digital rights expert Caroline Campbell, the panel included journalist Jim Carroll, Hotline.ie director Cormac Callanan, Relevant Media owner Niall Larkin and Irish blogger Damien Mulley. The audience was made up of a mix of bloggers, developers, researchers, consultants and policy makers.

* Tie-wearing: I recall being irked at the IIEA seminar because Fleischer made a flip comment about how he could spot his Google colleagues a mile off because they were always the ones not wearing ties. This annoyed me because I had spoken to one of his colleagues earlier and SHE was most definitely not wearing a tie and probably never does. Similarly Annette Clancy from Inter-Actions, who I was sitting beside at the Darklight symposium on Friday, made a point from the floor that there were no women (bar the chair) on the panel on Friday and this was the case in both of the sessions. Working for an organisation that is constantly seeking good speakers and presenters for a variety of event types I understand the Darklight’s conundrum when they approach people and some of them are unavailable and unfortunately that effects the gender balance on their panel. Similarly I appreciate the viewpoint that to deliberately seek women because they are women could be just as sexist as not having women at all. However I do tend more to the side that it is essential that all aspects of a question are discussed. Women experience and use technology differently and for different purposes to men. I’m sure there’s research to back this up and would appreciate any links to same. Annette said to me later that one issue that was not discussed, and she feels, that this was due to the lack of women on the panel, was the issue of privacy and cyber-stalking. While this may not be solely experienced by women, if virtual life reflects real life chances are the majority of its victims are women.

Is the virtual life experience of women and their absence from some fora a reflection of the real life experience of women in technology and business? Why are the women unavailable? Where is the brave new world that the internet promises to all of us?

Tags: , , , , ,

Protect us from all anxiety

June 4, 2008 · Posted in Uncategorized · 8 Comments 

One of the many things I have been doing since I began working here in the Irish Internet Association has been responding to queries that come in from members and from the general public. In order to do this I have to try very hard to keep abreast of the kind of issues that are concerning our members. One of our newer members originally contacted me with a query about data protection legislation and I felt terribly ignorant when he seemed to know more than I did. Happily he still joined the IIA!

So last week I gratefully accepted an invitation from the Institute of International and European Affairs to attend their event “Perspectives on privacy in the Internet Age” with presentations by Peter Fleisher, Chief Privacy Counsel, Google Inc., and Billy Hawkes, Data Protection Commissioner. There was also a brief presentation from the floor by Inspector Pat Burke of An Garda Síochána. Here is a brief synopsis but please if you were present and feel I am misrepresenting anyone, I would welcome corrections and clarifications. Thanks!

Both Peter and Billy opened their presentations quoting Scott McNealy’s now infamous and eight year old comment “You have zero privacy anyway. Get over it.” although it became quickly clear that neither of them are even remotely as blasé as McNealy was way back then when it comes to privacy and data protection.

It\'s the Google logo!Both of the speakers talked about how, now that information storage is so cheap, it’s actually more cost effective to keep rather than delete information. Fleisher suggested that corporations who are required to comply with privacy and data protection legislation could deal with this in a number of ways:

  • Time based anonymisation: forgetfulness should be programmed in so that once information reaches the time limit required by law, it is forgotten by the database.
  • Include privacy controls so that users can choose what level of privacy they wish to set for the information that they are storing or publishing online.
  • Education: Corporations like Google have a responsibility to educate users about privacy and data protection in a clear and accessible manner.

However Google’s biggest difficulty in relation to privacy legislation is that they are required to comply to location based regimes as he called them. Even within the EU and based on the EU directive countries could set their own time limits for data retention and Google has to comply to all of these while in reality all of this data exists in the cloud rather than any specific location. He also pointed out that in the US there are 39 Security Breach laws each with their own details because the legislation that governs privacy in the US is not federal.

In relation to education Fleisher told us that Google have developed a selection of videos about privacy which have been viewed by half a million viewers. He suggested that corporations might consider video as a more personable approach to privacy statement than the current privacy statements that can now be found on most websites. Fleisher said that the APEC privacy framework was, so far, Google’s preferred framework with it’s emphasis on preventing harm and focus on accountability. 

He finished up by reminding us that the big question should be what do we want technology to do for us rather than what is technology doing to us?

Data Protection CommissionerBilly Hawkes, the Data Protection Commissioner, had some very interesting statistics about data protection in Ireland and attitudes to data protection and privacy among Irish citizens. Firstly he pointed out that only 10% of companies in Ireland transfer data outside the EU so there may not be currently a requirement for global laws. Citing the Eurobarometer 2008: Data Protection in the European Union: Citizens’ Perceptions, he pointed out that Irish people were slightly more concerned about privacy than the EU average but were also among those most opposed to monitoring of internet usage. All these details can be accessed via the Eurobarometer website. (PDF) Nora Owen, who chaired the session, in her summing up made particular reference to Hawkes use of the phrase “function creep”. He used this when referring to the reasons why data is being kept. Does less privacy and more monitoring equal enhanced security for citizens? Does it equal less crime.

When talking about the future he suggested that corporations should include privacy by design or commission privacy enhancing technology. Similar to Fleisher he emphasised the need to educate people about revealing information, making the point that privacy rights are technology neutral.

Inspector Pat Burke from An Garda Síochána also added from the floor that through their cooperation with the Data Protection Commissioner and always operating within the law and with the right to do proper, legitmate investigation they have had some success in tackling crime which uses the Internet as a platform such as child pornography, internet fraud and identity theft. They have also been able to tackle transnational crimes such as human and child trafficking.

Questions from the floor were put by TJ McIntyre from Digital Rights Ireland and Mark Kelly of Irish Council for Civil Liberties who asked if Google would use a human rights framework to which Fleisher responded that Google are very focussed on the ethical use of the Internet and while they were forced into  “the odious concept of censorship” in China, their search results in China include a statement that the results have been filtered. They also will not offer Gmail in China. Brian Greene also made the point that 90% of people using the internet are consumers rather than content producers and there are issues when corporations get and retain data about consumers. Fleisher clarified that Google comes in two flavours: plain ol’ search or search enhanced via logging into your Google account where Google gets to know you and offers you results based on your search history. It’s the consumers choice which search to use.

An interesting afternoon and do you know what? The lunch was delicious too!

As I mentioned at the top of the post I’m new to a lot of these issues so I would really appreciate any comments or clarifications via the comments below.

Tags: , , , , , , , , , , , , , ,