Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D

Identity in the Information Society, Aug 2010

Ann Cavoukian

Article PDF cannot be displayed. You can download it here:

https://link.springer.com/content/pdf/10.1007%2Fs12394-010-0062-y.pdf

Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D

Ann Cavoukian 0 ) Information & Privacy Commissioner, Ontario, Canada In November, 2009, a prominent group of privacy professionals, business leaders, information technology specialists, and academics gathered in Madrid to discuss how the next set of threats to privacy could best be addressed. The event, Privacy by Design: The Definitive Workshop, was co-hosted by my office and that of the Israeli Law, Information and Technology Authority. It marked the latest step in a journey that I began in the 1990's, when I first focused on enlisting the support of technologies that could enhance privacy. Back then, privacy protection relied primarily upon legislation and regulatory frameworksin an effort to offer remedies for data breaches, after they had occurred. As information technology became increasingly interconnected and the volume of personal information collected began to explode, it became clear that a new way of thinking about privacy was needed. Privacy-Enhancing Technologies (PETs) paved the way for that new direction, highlighting how the universal principles of fair information practices could be reflected in information and communication technologies to achieve strong privacy protection. While the idea seemed radical at the time,1 it has been very gratifying over the past 15 years to see it come into widespread usage as part of the vocabulary of both privacy and information technology professionals. But the privacy landscape continues to evolve. So, like the technologies that shape and reshape the world in which we live, the privacy conversation must 1When Commissioner Cavoukian and John Borking (representing Commissioner Peter Hustinx) of the Dutch Data Protection Authority first presented their joint paper in 1995, Privacy-Enhancing Technologies: The Path to Anonymity, in Brussels, it was met with silence by the Commissioners in attendance. It was a further three years before the message strongly took hold and the concept gained global momentum. - continually renew and sharpen its focus. These days, the stakes are high; perhaps higher than theyve ever been before. Privacy is coming under increasing pressure from many different forces including online social networks, an explosion in social media, governments and businesses providing services that are highly individualized and information-dependent. The importance of privacy cannot be overstated. Our essential freedoms and liberty rest upon it. Indeed, history has demonstrated that privacy is the first thread to unravel as a free and democratic state morphs into a totalitarian state. As long as we value libertywe must also value privacy. Over the years, a zero-sum paradigm has prevailed, in which one value, such as privacy, competes with another value, such as security, in a zero-sum win-lose equation: The thinking goes along the lines ofin order to have adequate security and protect ourselves against the threat of terrorism, we must forfeit our privacy. This notion, however, is based on completely flawed logic and a false dichotomythat privacy and security must be considered mutually opposing, which is simply not true. Privacy can and must co-exist alongside other critical requirements: security, functionality, operational efficiency, organizational control, business processes, and usability in a positive-sum, or doubly enabling win-win equation. How we get there is through Privacy by Design. Where PETs focused us on the positive potential of technology, Privacy by Design prescribes that we build privacy directly into the design and operation, not only of technology, but also of operational systems, work processes, management structures, physical spaces and networked infrastructure. In this sense, Privacy by Design is the next step in the evolution of the privacy dialogue. Engaging in that conversation means engaging with technology, in all the myriad directions it is heading. Each evolution, each new design, each new implementation, is an opportunity to carry our core values well into the future, rather than allowing the future to fade them away. Twenty years ago, privacy advocates were focused on how to address the privacy implications of technologies that automated functions that had previously been paper-based. Now, mapping the direction of technological change, we can see a mounting interest in, and emphasis on, dense internetworking, large-scale data sharing, and new kinds of relationships between organizations. Firms are moving from multinational to global in nature, and the concept of an enterprise is being replaced by that of an ecosystem. In the online realm, concepts such as cloud computing, in which organizations share processing resources (and possibly data) to co-ordinate business processes and operations, are taking hold, creating new opportunities for collaboration. This marks a significant change from earlier enterprise-based models that were predicated on individuals interacting with (and providing information to) companies with which they have an established (and often, trusted) business relationship. In the emerging model, information may be shared within and across enterprises and value chains. Certainly, these developments are of great interest to those of us concerned with privacy and who seek to ensure that privacy remains protected, as these interactions evolve. Thankfully, this also piques the interest of the very enterprises engaged in ushering in this new future. Why? Because cloud computing, inter-networking, and large-scale data sharing require a simple but powerful, and often elusive feature in order to succeed: trust. In the past, the development of the Internet and the possibility of electronic commerce created demand for mechanisms to enable people and organizations to trust one another. Now, faced with increasingly diffused and complex relationships between consumers and the organizations they do business with, as well as new forms of interaction between organizations working together in federated models, the need for trust is greater than ever before. And yet, it is becoming more elusive and harder to earn. Responsible information management practices, including paying close attention to the protection of personal information, form an important part of building and maintaining successful relationships in this new world. For years I have argued that privacy is good for business (as evidenced by the title of my book: The Privacy Payoff), and that only becomes more true as time goes by. The business case for privacy focuses on gaining and maintaining customer trust, breeding loyalty, and generating repeat business. The value proposition typically reflects the following: 1. Consumer trust drives successful customer relationship management (CRM) and lifetime value in other words, business revenues; 2. Broken trust will result in a loss of market share and revenue, translating into lower stock value; 3. Consumer trust hinges critically on the strength and credibili (...truncated)


This is a preview of a remote PDF: https://link.springer.com/content/pdf/10.1007%2Fs12394-010-0062-y.pdf
Article home page: https://link.springer.com/article/10.1007/s12394-010-0062-y

Ann Cavoukian. Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D, Identity in the Information Society, 2010, pp. 247-251, Volume 3, Issue 2, DOI: 10.1007/s12394-010-0062-y