Internet Governance 14 September 2010

The Future of Privacy IGF workshop report

A report from a workshop co-organised by the Internet Society (ISOC) and the Electronic Frontier Foundation (EFF) at the 2010 Internet Governance Forum (IGF).

As countries around the world are currently reviewing their privacy frameworks, we saw this workshop as an opportunity to take a step into the next decade and critically examine the future of privacy in the online environment.


  • Joseph Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer for Oracle Corporation
  • Kevin Bankston, Senior Staff Attorney, Electronic Frontier Foundation
  • Rosa Barcelo, Legal Adviser, European Data Protection Supervisor
  • Ellen Blackler, Executive Director, Regulatory Planning & Policy, AT&T
  • Rafael GarcÍa Gozalo, Head of the International Department, Agencia Española de Protección de Datos, Spain
  • Pedro Less Andrade, Senior Policy Counsel Latin America, Google Inc
  • Catherine Pozzo di Borgo, Council of Europe Consultative Committee of Covention 108 (T-PD)
  • Christine Runnegar, Senior Manager Public Policy, Internet Society
  • Hugh Stevenson, Deputy Director for International Consumer Protection, Office of International Affairs, US Federal Trade Commission


It is important to emphasise in this report that considerable efforts are already being undertaken in many forums across the world to assess whether existing privacy principles remain relevant and effective in the 2010 and post 2010 environment. …

The workshop was an information sharing exercise and as such participants did not attempt to reach any consensus conclusions. Nonetheless, we wish to list here some of the points that were made during the workshop as they may prove useful in future policy discussions on privacy frameworks.

Please note that these points reflect some of the views of particular participants and are not necessarily consensus views. Further, in the time allocated, it was not always possible for participants to comment on all views that were expressed.

As these points are but a selection, we encourage the reader to read the whole report.

  • In a world of global data flows and new technologies:
  • privacy laws need to be harmonized (or perhaps, rather there needs to be convergence) with the aim of better adapting those laws to the characteristics of the Internet;
  • international cooperation among data protection authorities needs to be improved; and
  • resources need to be allocated to enforcement.
  • There are some challenges to achieving broad international harmonisation because privacy is a broad subject with limited international consensus in certain areas. Indeed, even at the domestic and regional level, privacy issues are currently undergoing re-examination. Further, there are also the significicant difficulties introduced by jurisdiction and conflicts of law.
  • It is important to support the open development of globally-applicable privacy standards, both technical and regulatory, to continue having confidence in the Internet Ecosystem.
  • Only by multi-stakeholder collaboration will viable solutions emerge, be deployed, and maintained.
  • Data protection must take into account many different rights and dovetail with other laws geared to ensuring the protection of individuals.
  • New paradigms will need to be considered – for example, accountability (i.e. the obligation to put in place appropriate and effective measures to protect personal data, independently of where the information flows).
  • Privacy by design is a concept of people, processes, practices and technology – privacy principles need to be embedded in the design from the very beginning right through to the end.
  • There needs to be innovation and focus on usability of solutions that offer individuals control over their personal data.
  • Transparency in data collection and processing is important to equip consumers so they can make informed choices, and give informed consent to the collection, use and disclosure of their personal data.
  • Consent should be informed, freely given and obtained through fair means.
  • Further work needs to be undertaken to inform and educate people as to how their personal data is being collected and used.
  • The future of privacy should include the protection of privacy vis-à-vis the governments, and especially legal safeguards against government access to citizens’ private communications, and related communications records.
  • The Future of Privacy IGF workshop report thumbnail Download
  • The Future of Privacy IGF workshop report thumbnail Download

Related articles

Internet Governance 3 May 2024

Global Digital Compact: Zero Draft Matrix

The Internet Society has analyzed the Global Digital Compact Zero Draft with the aim of supporting efforts to identify...

Internet Governance 16 September 2022

ITU Plenipotentiary 2022 Summary Issues – Matrix

We have analyzed proposals to the ITU Plenipotentiary 2022 (PP22) conference that may impact the future development of the...

Growing the Internet 8 September 2022

Background Paper on ITU Plenipotentiary 2022

Read about the ITU Plenipotentiary Conference 2022 and our perspectives on some of the main issues which may be...