Cybersecurity, Trust and Privacy
Subtheme: Data Privacy & Protection
In the digitalised world in what we are living today nobody seems to disagree that individuals need to enjoy the same right online that they enjoy offline. When it comes to the protection of privacy and personal data there is no global consensus however on how to ensure or to give back the control to individuals over their private life and/or their personal data. Some talk about lower level or non-existent privacy expectations on the internet, others want to maintain the protection of individuals' privacy at all cost including through anonymity. In the meantime countries all over the world have already enacted a national legislation on the protection of privacy and personal data (128 currently), others are on the way of preparing one. Global corporations in response to their clients' requests and mediatised data breaches are changing their policies or are passing new ones. Is there in this diverse environment a compass? Can we speak about international privacy and data protection standards? What exactly are those and what are the already existing instruments one can use as a reference? Do we need new ones? Can a minimum, yet appropriate and satisfactory level of privacy and data protection be reached in the Digital Era?
Steve DelBianco, IGF USA
Lucien Castex, IGF France
Ayden Férdeline, Mozilla Foundation
Alex Comninos, APC, VOUS.AI
- Session Type (Workshop, Open Forum, etc.): IGF 2018 LIGHTNING SESSION #16
- Title: Convention 108+ in the Digital Era
- Date & Time: 13 November 2018, 15:00 – 15:20
- Organizer(s): Council of Europe Data Protection Unit
- Chair/Moderator: Peter Kimpian
- Rapporteur/Notetaker: Peter Kimpian
- List of speakers and their institutional affiliations (Indicate male/female/ transgender male/ transgender female/gender variant/prefer not to answer):
Ayden Férdeline, Fellow, Mozilla Foundation
Alex Comninos, APC, VOUS.AI
- Theme (as listed here): Cybersecurity, Trust and Privacy
- Subtheme (as listed here): Data Privacy & Protection
- Please state no more than three (3) key messages of the discussion. [150 words or less]
The rights to privacy and data protection are universal human rights which must be respected throughout the world under every circumstance. For this we need solid, agile, modern, and robust international legal instruments and a workable and meaningful international cooperation which takes national specificities into account, notably when it comes to the level of privacy when using free internet-based services, the burden national legislation can impose on data subjects, and on countries’ capacities in safeguarding and enforcing privacy regulation. Flexibility in implementation should be ensured while an appropriate level of privacy and respect should be guaranteed throughout the internet to safeguard individuals against harm. Innovation and competition are key for the future of the internet and the services offered on it, so regulation should be kept at an appropriate level which does not disproportionately impact those positive processes.
- Please elaborate on the discussion held, specifically on areas of agreement and divergence. [150 words]
It has been discussed that compared to other jurisdictions, in the US over 2 in 3 consumers say that they trust tech platforms either somewhat or a great deal, and it seems to be clear that Americans appreciate the model of FREE services supported by ads, and are not significantly concerned about privacy when they see targeted ads.
Ayden Férdeline (Mozilla Fellow) advised that personal and sensitive information should not be used to manipulate individuals, and said existing data protection regulations do not succeed at safeguarding this data because they typically place the burden of protecting privacy on to individuals themselves. Most people can articulate few specific preferences about data practices because all they want is something very simple: not to be taken advantage of. He noted that in other sectors, like the automobile sector, the expectation is that industry will perform the risk assessment and protect individuals. He called upon data controllers to provide their data subjects with a reasonable baseline of respect.
In African continent where 18 countries have privacy legislation already, security often undermines data protection and privacy considerations. There are alarming trends in intercepting communications which go across border that need to be tackled. Assisting countries in enacting privacy laws and parallel empowering DPAs and strengthening the capacities for enforcement of privacy legislation are seen as urgent matters.
- Please describe any policy recommendations or suggestions regarding the way forward/potential next steps. [100 words]
To promote international standards on privacy and personal data protection
To contribute that an appropriate level of privacy and respect is guaranteed throughout the internet to safeguard individuals against harm
- What ideas surfaced in the discussion with respect to how the IGF ecosystem might make progress on this issue? [75 words]
To take into consideration international legal instruments when discussing rights to privacy and personal data protection
To ensure a better understanding of national, regional specificities as regards to the right to privacy and personal data protection
- Please estimate the total number of participants.
- Please estimate the total number of women and gender-variant individuals present.
- To what extent did the session discuss gender issues, and if to any extent, what was the discussion? [100 words]
There was no gender issues discussed during the session