IGF 2019 WS #320 What level of global privacy protection on the internet?

Organizer 1: Intergovernmental Organization, Western European and Others Group (WEOG)
Organizer 2: Civil Society, Western European and Others Group (WEOG)

Speaker 1: Steven DelBianco, Private Sector, Western European and Others Group (WEOG)
Speaker 2: Mercy Wanjau, Government, African Group
Speaker 3: Shenuko Wu, Technical Community, Asia-Pacific Group
Speaker 4: Ceren Unal, Civil Society, Western European and Others Group (WEOG)
Speaker 5: Thiago Tavares, Civil Society, Latin American and Caribbean Group (GRULAC)

Policy Question(s): 

What would be the appropriate level for privacy and data protection on the internet?
Which measures are to be taken to guarantee this level and the effective exercise of data subject's protection at global and local levels?
Are the measures that are taken by countries, regional organisations so far addressing those issues adequately?
Would a global legal instrument be needed or the convergence of privacy law and soft law would suffice?
To what extent national, regional differences are to be considered when determining the level of protection?
What are the international standards in this field? Good and bad practices?

Relevance to Theme: The rights to privacy and data protection are universal human rights. The protection of these rights however varies considerably from country to country, from region to region. In the ages of data revolution, one of the biggest challenges is to determine the commonly acceptable level of protection for such rights, hence building a trust framework.

Legislative solutions having the vocation to address this issue include strict regulation imposing extraterritorial jurisdiction and heavy fines on data controllers, nationally controlled and forced data localisation regimes and free flow of data schemes with appropriate level of protection guaranteed, are already available. Would they be compatible with each other? Would they be fit to guarantee the expected level of protection for the whole internet? Would it make sense to regulate these issues nationally, regionally?

Therefore, to determine which would be the appropriate level for the protection of those rights on the internet which would also enable a sustainable and inclusive economic development, a proper assessment needs to be done. In this context, the inclusion of every stakeholder is essential just as to understand the data processing activities they undertake and the necessary improvements they need and/or intend to make to ensure the commonly expected protection. The current business practices where free services are offered in exchange of personal data just as state's practices built on the use of extensive collection and analytical capabilities to maintain and guarantee public security are to be discussed in details.

An inclusive dialogue between different stakeholders and between different regions has to start which needs to take stock of different expectations, concurring interests, national and regional differences between the interpretation of the right to privacy and personal data and notably between their various practical implementations. In this mapping exercise it is of primary importance to understand the international schemes that are already available and how they can interplay with each other and how the best they can be in the service of every internet users.

Relevance to Internet Governance: Public and private actors, the technical community as well as civil society and academia, in their respective roles, of shared principles, norms, rules, decision-making procedures have to have a consistent, if not consensual approach to ensure the right to privacy and to data protection in normative and in practical terms for every individual who is using the internet. The very nature of the internet is such that specific rules, standards and procedures need to be discussed, co-developed and implemented in a global and multi-stakeholder perspective in order to avoid a fragmented approach and to identify a set of common principles.

The rights to privacy and data protection are universal human rights. The protection of these rights however varies considerably from country to country, from region to region. In the ages of data revolution, one of the biggest challenges is to determine the commonly acceptable level of protection for such rights, hence building a trust framework.

Legislative solutions having the vocation to address this issue include strict regulation imposing extraterritorial jurisdiction and heavy fines on data controllers, nationally controlled and forced data localisation regimes and free flow of data schemes with appropriate level of protection guaranteed, are already available. Would they be compatible with each other? Would they be fit to guarantee the expected level of protection for the whole internet? Would it make sense to regulate these issues nationally, regionally?

Therefore, to determine which would be the appropriate level for the protection of those rights on the internet which would also enable a sustainable and inclusive economic development, a proper assessment needs to be done. In this context, the inclusion of every stakeholder is essential just as to understand the data processing activities they undertake and the necessary improvements they need and/or intend to make to ensure the commonly expected protection. The current business practices where free services are offered in exchange of personal data just as state's practices built on the use of extensive collection and analytical capabilities to maintain and guarantee public security are to be discussed in details.

An inclusive dialogue between different stakeholders and between different regions has to start which needs to take stock of different expectations, concurring interests, national and regional differences between the interpretation of the right to privacy and personal data and notably between their various practical implementations. In this mapping exercise it is of primary importance to understand the international schemes that are already available and how they can interplay with each other and how the best they can be in the service of every internet users.

Format: 

Round Table - Circle - 90 Min

Description: Each speaker will have 5-8 minutes to present her/his initial thoughts on the subject, followed by a round table discussion that concentrates on the practical issues and discuss the implementable policy questions. For this the moderator will prepare 5-8 questions to be asked to speaker in order to trigger an active interaction with the audience which could lead to a 40 minutes Q&A session.

Expected Outcomes: The workshop’s aim is to develop usable indications which could be considered as baseline for the protection of privacy and personal data on the internet. Which measures that are already in place are recommended to further expand and apply, which are not. It could potentially give indications on the next steps to take by different stakeholders to align their strategies, their actions towards a privacy impact assessment of the internet.

Discussion Facilitation: 

Preparation: several preparation call will be organized for all speakers and participants in order to share views and exchanges ideas. Questions will also be prepared for the speakers.

In order to foster participation, the organizers will use interactive visuals in English and short documentation and video materials. We will also disseminate information though social media (Internet Society and Council or Europe Networks).

The moderators, both online and onsite are expert and well experienced in animating multi-stakeholder discussions in an international setup. 40 minutes will be dedicated to a Q&A discussion.

We will also use ad-hoc polling tools to engage the audience

Online Participation: 

In order to foster participation, the organizers will use interactive visuals in English and short documentation and video materials. We will also disseminate information though social media (Internet Society and Council or Europe Networks).

The moderators, both online and onsite are expert and well experienced in animating multi-stakeholder discussions in an international setup. 40 minutes will be dedicated to a Q&A discussion.

We will also use ad-hoc polling tools to engage the audience

Proposed Additional Tools: Dissemination of information by social media (through Internet Society and Council of Europe channels)
Use of Ad-hoc polling tools (mentimeter)

SDGs: 

GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals