‹ Back
Internet Governance 14 September 2010

The Future of Privacy IGF workshop report

A report from a workshop co-organised by the Internet Society (ISOC) and the Electronic Frontier Foundation (EFF) at the 2010 Internet Governance Forum (IGF).

As countries around the world are currently reviewing their privacy frameworks, we saw this workshop as an opportunity to take a step into the next decade and critically examine the future of privacy in the online environment.


  • Joseph Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer for Oracle Corporation
  • Kevin Bankston, Senior Staff Attorney, Electronic Frontier Foundation
  • Rosa Barcelo, Legal Adviser, European Data Protection Supervisor
  • Ellen Blackler, Executive Director, Regulatory Planning & Policy, AT&T
  • Rafael GarcÍa Gozalo, Head of the International Department, Agencia Española de Protección de Datos, Spain
  • Pedro Less Andrade, Senior Policy Counsel Latin America, Google Inc
  • Catherine Pozzo di Borgo, Council of Europe Consultative Committee of Covention 108 (T-PD)
  • Christine Runnegar, Senior Manager Public Policy, Internet Society
  • Hugh Stevenson, Deputy Director for International Consumer Protection, Office of International Affairs, US Federal Trade Commission


It is important to emphasise in this report that considerable efforts are already being undertaken in many forums across the world to assess whether existing privacy principles remain relevant and effective in the 2010 and post 2010 environment. …

The workshop was an information sharing exercise and as such participants did not attempt to reach any consensus conclusions. Nonetheless, we wish to list here some of the points that were made during the workshop as they may prove useful in future policy discussions on privacy frameworks.

Please note that these points reflect some of the views of particular participants and are not necessarily consensus views. Further, in the time allocated, it was not always possible for participants to comment on all views that were expressed.

As these points are but a selection, we encourage the reader to read the whole report.

  • In a world of global data flows and new technologies:
  • privacy laws need to be harmonized (or perhaps, rather there needs to be convergence) with the aim of better adapting those laws to the characteristics of the Internet;
  • international cooperation among data protection authorities needs to be improved; and
  • resources need to be allocated to enforcement.
  • There are some challenges to achieving broad international harmonisation because privacy is a broad subject with limited international consensus in certain areas. Indeed, even at the domestic and regional level, privacy issues are currently undergoing re-examination. Further, there are also the significicant difficulties introduced by jurisdiction and conflicts of law.
  • It is important to support the open development of globally-applicable privacy standards, both technical and regulatory, to continue having confidence in the Internet Ecosystem.
  • Only by multi-stakeholder collaboration will viable solutions emerge, be deployed, and maintained.
  • Data protection must take into account many different rights and dovetail with other laws geared to ensuring the protection of individuals.
  • New paradigms will need to be considered – for example, accountability (i.e. the obligation to put in place appropriate and effective measures to protect personal data, independently of where the information flows).
  • Privacy by design is a concept of people, processes, practices and technology – privacy principles need to be embedded in the design from the very beginning right through to the end.
  • There needs to be innovation and focus on usability of solutions that offer individuals control over their personal data.
  • Transparency in data collection and processing is important to equip consumers so they can make informed choices, and give informed consent to the collection, use and disclosure of their personal data.
  • Consent should be informed, freely given and obtained through fair means.
  • Further work needs to be undertaken to inform and educate people as to how their personal data is being collected and used.
  • The future of privacy should include the protection of privacy vis-à-vis the governments, and especially legal safeguards against government access to citizens’ private communications, and related communications records.
‹ Back

Related articles

Policy Brief: Encryption
Encryption9 June 2016

Policy Brief: Encryption

Encryption technologies enable Internet users to protect the confidentiality of their data and communications from unwanted observation and intrusion.

Best Practices: Mobile App Privacy & Security
Building Trust1 October 2017

Best Practices: Mobile App Privacy & Security

As mobile usage and application development continues to grow, the need to adopt best practices in data security, app security...

Data Privacy on a global scale: keeping pace with an evolving environment
Internet Governance16 May 2012

Data Privacy on a global scale: keeping pace with an evolving environment

A report from a roundtable organised by the Internet Society at the WSIS Forum on 16 May 2012 at Geneva, Switzerland....

Join the conversation with Internet Society members around the world