Let’s use Data Privacy Day (28 January 2016) to advocate for respect of Internet users’ privacy across the world!
User privacy faces more challenges today than ever before: mass online surveillance; commercial profiling; tracking; an Internet of sensors; and even confidential communications are at risk through governmental attempts to limit the use of encryption.
That is why it is so important that we, as Internet users, assert our rights and expectations, demand effective protection, and challenge practices that undermine our privacy.
It’s a question of ensuring an ethical approach to data collection and handling that provides legitimacy, transparency, accountability, proportionality and fairness, as well as empowering users so that they can exercise effective choice and control over their personal data.
The starting point should be “do no harm”.
The privacy risks that Internet users face are real and wide-ranging, extending beyond revealing something that was meant to be private or only shared for a specific purpose, to discrimination and other forms of harm.
It seemed like barely a day passed in 2015 without news of yet another major data breach affecting thousands or millions of Internet users. But, what about the silent privacy violations that occur every day that no one hears about? For example, organisations that misuse personal data entrusted to their care, industries that profit from your personal data without your knowledge or consent, and the covert pervasive surveillance that goes on in the background.
Also, the full extent of harm that today’s privacy breaches may cause in the future is still largely unknown. While it may be hard to prepare for the unknown, action can be taken now to mitigate privacy risks for Internet users through privacy-in-design, privacy-in-practice, strong internationally compatible privacy norms, effective enforcement, and user empowerment.
In this context, it is important to appreciate that there is an inherent power imbalance between data controllers and data subjects. Most often the person who handles the data (the data controller) makes the privacy risk management decisions. But, the person whose privacy is at risk, is the data subject. One way to address this imbalance, is to encourage data controllers to apply an ethical approach to data handling where they give due consideration to the interests of the data subject.
Also, data which is seemingly anonymous (e.g. sensor data) often can be easily linked to an individual. Further, the use of such data can have a privacy impact even if the identity of the individual (e.g. Amy, Maria or John) is unknown. Therefore, it is also useful to carefully and collectively consider how to mitigate the present and future privacy risks associated with such data: data that may not always fall within the legal definition of “personal data”, the gate-keeper criterion for privacy laws.
The Internet Society believes that privacy is key for reinforcing user trust in the Internet.
Also, this week, my colleague, Robin Wilton, will be moderating a panel at the 2016 Computers, Privacy & Data Protection Conference in Brussels exploring ethical data handling and privacy risk. We invite you to join us in person if you are attending CPDP2016, or online via Twitter (#CPDP2016), and watch out for a blog post shortly afterwards on our Tech Matters blog.
Join us in celebrating Data Privacy Day by sharing your ideas for better privacy on the Internet.Leave your thoughts here as comments, share them on social media - or write your own posts and articles.
Help us bring about a more trusted Internet!
Image credit: Stay Safe Online DPD banners