Internet economy

The Evolving Role of the Individual in Privacy Protection: 30 Years after the OECD Privacy Guidelines

 

 

 

Conference held at the
International Convention Center (ICC)
Jerusalem, Israel
25-26 October 2010

 

Background | Agenda, biographies and presentations | Contact

 

For further information visit: www.oecd.org/sti/privacyanniversary.

 

Background

The second anniversary event was a conference on the Evolving Role of the Individual for Privacy Protection, held in Jerusalem, Israel on 25-26 October, back-to-back with the 32nd International Conference of Data Protection and Privacy Commissioners. The event was hosted by the Israeli Law, Information and Technology Authority, and brought together government officials and privacy authorities, together with representatives of international organisations, business, civil society, the Internet technical community, and academia.

 

Israeli Prime Minister Benjamin Netanyahu and OECD Deputy Secretary-General Richard Boucher opened the conference with welcome speeches, leading into a broad-ranging panel discussion on “Privacy in the Context of the Internet:  Recording Everything and Forgetting Nothing?”  The second day of the Conference was divided into 4 main topics, each the focus of a moderated panel discussion: (I) The Individual as Creator and Disseminator of Personal Data (II) Aggregation, Analytics, Identity and the Individual (III) Awareness, Choice and the Individual, and (IV) Innovations in Privacy Protection.  A final session considered the broader implications of the issues raised for protecting privacy and key principles.


Agenda

 

Agenda [PDF - 627kb]

Biographies [PDF - 682kb]

 

Opening Session:  The Oecd Privacy Guidelines in Context

 

Welcome Remarks

  • Benjamin Netanyahu, Prime Minister of Israel - Speech
  • Guy Rotkopf, Director General, Ministry of Justice, Israel
  • Ambassador Richard Boucher, Deputy Secretary-General, OECD - Speech  

Panel Discussion: Privacy in the Context of the Internet -- Recording Everything and Forgetting Nothing? 

This panel embarked on a broad-ranging discussion of the core privacy principles in the current context, to try to identify the key issues to be explored further and help set the scene for the following day. The opening speaker focused on a key technology-fuelled trend: the digital capture of increasing amounts of data about our activities and interests and its indefinite storage. This trend, among others, may bring economic and societal benefits from new uses of personal data, but also an evolution in the privacy risk environment.

 

Key Issues for Discussion   

  • What is the impact on privacy of the trend towards comprehensive digital memory?
  • What are the other key changes impacting the individuals and their role in privacy protection?
  • What are the key challenges in applying the core privacy principles, as well as the implications raised for the scope of privacy protections?

Panelists

  • Andrew Wyckoff, Director of Science, Technology and Industry, OECD 
  • Jeffrey Rosen, Professor of Law, George Washington University
  • Cameron Kerry, General Counsel, Department of Commerce, United States
  • Yanki Margalit, Founder & former CEO, Aladdin Knowledge Systems Ltd
  • Marie Shroff, Privacy Commissioner of New Zealand - Presentation  
  • Jennifer Stoddart, Privacy Commissioner of Canada

 

I. Data Creation and Sharing by Individuals about Individuals

When the Guidelines were conceived 30 years ago, the drafters could not have contemplated the dramatic increases in the capabilities of individuals to produce, share, and publish personal data. Large numbers of individuals actively volunteer personal information about themselves and others, posting pictures and videos online, blogging, conducting business transactions among themselves, and interacting with large groups of friends or the public through social networking sites.  With mobile computing devices like smart phones becoming commonplace, this trend seems set to continue, with location information added to the mix. In short, it’s not just businesses and governments that are engaged in data processing activities. This session examined the interest and value for individuals in generating and posting personal data online, as well as the implications of these behavioural changes for the scope and principles of the OECD Guidelines.

 

Key Issues for Discussion 

  • What are the trends in data creation and dissemination by individuals about themselves and others? 
  • While responsibility for privacy compliance is usually allocated to the organisations that control the data, are there circumstances in which it makes sense to consider a role for individuals in helping protect the privacy of data they help create and disseminate? 
  • What at are the most promising approaches for addressing the challenges posed to privacy by individuals themselves?

Panelists

  • Nataša Pirc Musar, Information Commissioner, Slovenia - Presentation  
  • Joshua Kauffman, Harvard University, Graduate School of Design - Presentation
  • Kasey Chappelle, Global Privacy Counsel,  Vodafone 
  • Tai Myoung Chung, Professor, Information & Communication Engineering, Sungkyunkwan University, Korea
  • Elizabeth Denham, Information and Privacy Commissioner for British Columbia, Canada
  • Peter Swire, Professor of Law, Ohio State University - Presentation   

 

II. Aggregation and Analytics: Constructing an Individual  Profile

When individuals browse the web, use their cell phones and make purchases, they leave data crumbs everywhere.  We live in a world where what we buy, what we tell our friends, how we spend our time, where we walk, where we drive and more are collected, analysed and linked to information about our gender, income, age, occupation, ethnicity and other demographic information. Even apart from more well-known tracking technologies like cookies, browsing the web reveals many other types of data that can often be combined to create unique fingerprint of our browser. These along with other techniques allow those crumbs to be combined, analysed and transformed by private and government actors into individual profiles – our digital personas.  And at the same time, the practical effectiveness of efforts to anonymise or de-identify data are being questioned. This session explored what “personal data” means in an age of data abundance and analytics.

 

Key Issues for Discussion   

  • What are the key trends in aggregation and analytics, and the abilities of organisations to monitor or develop profiles of individuals?
  • What are the best approaches to determining whether data relates to an indentified or identifiable individual, and how should we address occasions where technical progress allows data to be linked back to an individual in ways not anticipated at the point of collection? 
  • With the increasing capabilities to relate disparate pieces of data back to an individual, are the key concepts of privacy still working well?

Panelists

  • Daniel Weitzner, Associate Administrator for Policy, NTIA, Department of Commerce, United States   
  • Omer Tene, Senior Lecturer, College of Management School of Law - Presentation
  • Alexander Dix, Commissioner for Data Protection and Freedom of Information, Berlin, Germany
  • Gus Hosein, Senior Fellow, Privacy International
  • Betsy Masiello, Policy Manager, Google
  • Richard Thomas, Global Strategy Advisor, Centre for Information Policy Leadership

 

III. Awareness, Understanding, and Individual Decision-Making 

As data usage practices have become more complex, so too have the privacy policies that describe them.  For an individual, estimating the privacy implications of a particular action is often difficult, and numerous and subtle influences can create dichotomies between the individual’s privacy attitudes and actual behaviour. Some of the challenges for example relate, to the difficulty of reconciling the need for privacy with the need for publicity. Others stem from difficulties in navigating and understanding information not always presented in an easy-to-understand manner by organisations. Issues of presentation and default settings may have a great influence on user perceptions and choices. Drawing in part on insights from behavioural economics and the social sciences, this session explored how and why individuals make the decisions they do when it comes to privacy and what can be done to improve it.

 

Key Issues for Discussion   

  • What do individuals understand about how their information is to be used and the steps they can take to protect it?
  • Do individuals have the motivation and ability to make effective cost-benefit evaluations of how websites and marketers use their data?  What are the implications for privacy principles like consent?
  • What sorts of market mechanisms, technol¬ogies, or policy actions can help achieve a more desirable balance between information disclosure and protection?

Panelists

  • Peter Hustinx, European Data Protection Supervisor
  • Alessandro Acquisti, Associate Professor, Heinz College, Carnegie Mellon University - Presentation   
  • Anna Fielder, Steering Committee Member, Civil Society Information Society Advisory Council to OECD
  • Mozelle Thompson, Advisor, Facebook
  • Bjorn Erik Thon, Director General, Data Protection Inspectorate, Norway
  • Alan Westin, Professor of Public Law and Government Emeritus, Columbia University

 

IV. Fostering Innovations in Privacy Protection

While attention is often focused on the privacy challenges of the digital environment, the Internet and other technologies also bring new opportunities to offer individuals practical options to participate in the protection of their privacy. Integrated into IT systems and business practices at the design stage, innovative approaches have been proposed concerning, for example, identity and reputation management tools, “just-in-time” notices, privacy “dashboards”, anonymous routing services, and even attaching “sticky” privacy preferences to the data. Although the adoption of what were dubbed “Privacy Enhancing Technologies” in the 1990’s has been slower than expected, there is renewed interest in deploying technological tools for privacy today.  This session examined some innovative approaches being taken by organisations to provide individuals with appropriate and usable information to exercise control over their personal information and the challenges to making them effective.  It also considered the broader role of innovative approaches to privacy to address the current environment.

 

Key Issues for Discussion   

  • What technical innovations offer promise for giving individuals easier access to and control over information about them?
  • What are the incentives and barriers for innovating privacy tools and what are challenges to successful deployment?  
  • What is the role of technological innovation within a broader framework for privacy protection?

Panelists

  • Yoram Hacohen, Head of Law, Information and Technology Authority, Israel   
  • Jules Polenetsky, Director, Future of Privacy Forum - Presentation  
  • danah boyd, Senior Researcher, Microsoft Research and Associate Researcher, Harvard Berkman Center
  • Marit Hansen, Deputy Privacy and Information Commissioner, Schleswig-Holstein, Germany
  • David Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation
  • Christine Runnegar, Senior Manager Public Policy, Internet Society - Speech

 

V. Implications for Policy Making

This concluding session considered the broader implications of the issues raised during the conference for policy making to protect the privacy of individuals. A number of international organisations are reviewing their privacy instruments, including the OECD. Recognising the increasing importance of internationally compatible approaches to privacy, this session brought together experts on work in APEC, the Council of Europe, the European Union and the Global Privacy Enforcement Network, who joined civil society and business representatives to identify key issues and ways forward.

 

Key Issues for Discussion   

  • What have we learned from taking a closer look at how individuals act online and how they think about privacy? 
  • What is the role of businesses and other organisations in addressing the changing role of the individual in privacy protection? 
  • What do these changes means for privacy protection and for the core privacy principles?

Panelists

  • Anne Carblanc, Special Counsellor, Directorate for Science Technology and Industry, OECD - Presentation 
  • Joseph Alhadeff, Chair of the ICCP Business and Advisory Committee to the OECD, and Chief Privacy Officer, Oracle Corporation
  • Marie-Hélène Boulanger, Head of Data Protection Unit,  Directorate-General Justice, European Commission
  • Hiroshi Miyashita, Advisor, Office of Personal Information Protection, Consumer Affairs Agency, Japan
  • Jörg Polakiewicz, Head of Law Reform Department, Council of Europe
  • Marc Rotenberg, Steering Committee Member, Civil Society Information Society Advisory Council and Executive Director, EPIC
  • David Vladeck, Director, Bureau of Consumer Protection, Federal Trade Commission, United States

 

Closing Remarks

  • Jennifer Stoddart, Privacy Commissioner of Canada - Speech  

 

Contact

If you need any information, please contact privacy30th@oecd.org

 

 

Related Documents

 

The 30th Anniversary of the OECD Privacy Guidelines

30 Years After: the Impact of the OECD Privacy Guidelines

The Economics of Personal Data and Privacy: 30 Years after the OECD Privacy Guidelines

 

Countries list

  • Afghanistan
  • Albania
  • Algeria
  • Andorra
  • Angola
  • Anguilla
  • Antigua and Barbuda
  • Argentina
  • Armenia
  • Aruba
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Bangladesh
  • Barbados
  • Belarus
  • Belgium
  • Belize
  • Benin
  • Bermuda
  • Bhutan
  • Bolivia
  • Bosnia and Herzegovina
  • Botswana
  • Brazil
  • Brunei Darussalam
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cambodia
  • Cameroon
  • Canada
  • Cape Verde
  • Cayman Islands
  • Central African Republic
  • Chad
  • Chile
  • China (People’s Republic of)
  • Chinese Taipei
  • Colombia
  • Comoros
  • Congo
  • Cook Islands
  • Costa Rica
  • Croatia
  • Cuba
  • Cyprus
  • Czech Republic
  • Côte d'Ivoire
  • Democratic People's Republic of Korea
  • Democratic Republic of the Congo
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Equatorial Guinea
  • Eritrea
  • Estonia
  • Ethiopia
  • European Union
  • Faeroe Islands
  • Fiji
  • Finland
  • Former Yugoslav Republic of Macedonia (FYROM)
  • France
  • French Guiana
  • Gabon
  • Gambia
  • Georgia
  • Germany
  • Ghana
  • Gibraltar
  • Greece
  • Greenland
  • Grenada
  • Guatemala
  • Guernsey
  • Guinea
  • Guinea-Bissau
  • Guyana
  • Haiti
  • Honduras
  • Hong Kong, China
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Iraq
  • Ireland
  • Islamic Republic of Iran
  • Isle of Man
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jersey
  • Jordan
  • Kazakhstan
  • Kenya
  • Kiribati
  • Korea
  • Kuwait
  • Kyrgyzstan
  • Lao People's Democratic Republic
  • Latvia
  • Lebanon
  • Lesotho
  • Liberia
  • Libya
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Macao (China)
  • Madagascar
  • Malawi
  • Malaysia
  • Maldives
  • Mali
  • Malta
  • Marshall Islands
  • Mauritania
  • Mauritius
  • Mayotte
  • Mexico
  • Micronesia (Federated States of)
  • Moldova
  • Monaco
  • Mongolia
  • Montenegro
  • Montserrat
  • Morocco
  • Mozambique
  • Myanmar
  • Namibia
  • Nauru
  • Nepal
  • Netherlands
  • Netherlands Antilles
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Niue
  • Norway
  • Oman
  • Pakistan
  • Palau
  • Palestinian Administered Areas
  • Panama
  • Papua New Guinea
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Romania
  • Russian Federation
  • Rwanda
  • Saint Helena
  • Saint Kitts and Nevis
  • Saint Lucia
  • Saint Vincent and the Grenadines
  • Samoa
  • San Marino
  • Sao Tome and Principe
  • Saudi Arabia
  • Senegal
  • Serbia
  • Serbia and Montenegro (pre-June 2006)
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovak Republic
  • Slovenia
  • Solomon Islands
  • Somalia
  • South Africa
  • South Sudan
  • Spain
  • Sri Lanka
  • Sudan
  • Suriname
  • Swaziland
  • Sweden
  • Switzerland
  • Syrian Arab Republic
  • Tajikistan
  • Tanzania
  • Thailand
  • Timor-Leste
  • Togo
  • Tokelau
  • Tonga
  • Trinidad and Tobago
  • Tunisia
  • Turkey
  • Turkmenistan
  • Turks and Caicos Islands
  • Tuvalu
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • United States
  • United States Virgin Islands
  • Uruguay
  • Uzbekistan
  • Vanuatu
  • Venezuela
  • Vietnam
  • Virgin Islands (UK)
  • Wallis and Futuna Islands
  • Western Sahara
  • Yemen
  • Zambia
  • Zimbabwe