IGF 2019 WS #320 What level of global privacy protection on the internet?

Relevance to Theme: The rights to privacy and data protection are universal human rights. The protection of these rights however varies considerably from country to country, from region to region. In the ages of data revolution, one of the biggest challenges is to determine the commonly acceptable level of protection for such rights, hence building a trust framework.

Legislative solutions having the vocation to address this issue include strict regulation imposing extraterritorial jurisdiction and heavy fines on data controllers, nationally controlled and forced data localisation regimes and free flow of data schemes with appropriate level of protection guaranteed, are already available. Would they be compatible with each other? Would they be fit to guarantee the expected level of protection for the whole internet? Would it make sense to regulate these issues nationally, regionally?

Therefore, to determine which would be the appropriate level for the protection of those rights on the internet which would also enable a sustainable and inclusive economic development, a proper assessment needs to be done. In this context, the inclusion of every stakeholder is essential just as to understand the data processing activities they undertake and the necessary improvements they need and/or intend to make to ensure the commonly expected protection. The current business practices where free services are offered in exchange of personal data just as state's practices built on the use of extensive collection and analytical capabilities to maintain and guarantee public security are to be discussed in details.

An inclusive dialogue between different stakeholders and between different regions has to start which needs to take stock of different expectations, concurring interests, national and regional differences between the interpretation of the right to privacy and personal data and notably between their various practical implementations. In this mapping exercise it is of primary importance to understand the international schemes that are already available and how they can interplay with each other and how the best they can be in the service of every internet users.

Relevance to Internet Governance: Public and private actors, the technical community as well as civil society and academia, in their respective roles, of shared principles, norms, rules, decision-making procedures have to have a consistent, if not consensual approach to ensure the right to privacy and to data protection in normative and in practical terms for every individual who is using the internet. The very nature of the internet is such that specific rules, standards and procedures need to be discussed, co-developed and implemented in a global and multi-stakeholder perspective in order to avoid a fragmented approach and to identify a set of common principles.

The rights to privacy and data protection are universal human rights. The protection of these rights however varies considerably from country to country, from region to region. In the ages of data revolution, one of the biggest challenges is to determine the commonly acceptable level of protection for such rights, hence building a trust framework.

Legislative solutions having the vocation to address this issue include strict regulation imposing extraterritorial jurisdiction and heavy fines on data controllers, nationally controlled and forced data localisation regimes and free flow of data schemes with appropriate level of protection guaranteed, are already available. Would they be compatible with each other? Would they be fit to guarantee the expected level of protection for the whole internet? Would it make sense to regulate these issues nationally, regionally?

Therefore, to determine which would be the appropriate level for the protection of those rights on the internet which would also enable a sustainable and inclusive economic development, a proper assessment needs to be done. In this context, the inclusion of every stakeholder is essential just as to understand the data processing activities they undertake and the necessary improvements they need and/or intend to make to ensure the commonly expected protection. The current business practices where free services are offered in exchange of personal data just as state's practices built on the use of extensive collection and analytical capabilities to maintain and guarantee public security are to be discussed in details.

An inclusive dialogue between different stakeholders and between different regions has to start which needs to take stock of different expectations, concurring interests, national and regional differences between the interpretation of the right to privacy and personal data and notably between their various practical implementations. In this mapping exercise it is of primary importance to understand the international schemes that are already available and how they can interplay with each other and how the best they can be in the service of every internet users.