EU Privacy Legislation: an academic approach by Bendert Zevenbergen

Companies and governments that strive to operate online will invariably find themselves confronted with difficult privacy dilemmas. Not only are current and forthcoming European laws forcing strict legal compliance of data protection, but the attentive reader of front pages and technology blogs will have noticed that Internet user’s perceived privacy concerns can potentially make or break online services and technologies. Rather than mere legal compliance and security engineering, Chief Privacy Officers and privacy engineers are now tasked with gaining user’s trust via a sophisticated combination of technical solutions, legal assurance of rights, organisational accountability, transparency and effective communication strategies.

User’s trust can only be gained when the user is understood. But, since privacy values differ for individuals, groups of society, or whole cultures, finding out who the “user” is and what she wants, can be headache-inducing to say the least. To get an insight into the issues faced by privacy officers from an academic perspective, one could do worse than read through the abstract book of the recent conference organised by several EU funded projects titled “Citizens’ Perspectives on Surveillance, Security and Privacy: Controversies, Alternatives and Solutions,” followed by a close reading of Julie Cohen’s “What Privacy Is For?” in the Harvard Law Review last year.

These are some of the issues that I work on day-to-day at the Oxford Internet Institute, which is a multidisciplinary research department at the local university. My Ph.D. (I should say “D.Phil.”) is a socio-legal analysis of the technical, organisational and legal decisions made by organisations when the implementation of new and emerging information systems are met with stakeholder resistance based on privacy concerns. Main aim is to enhance current information privacy theory and subsequently strengthen technology impact assessments for information systems on the Internet.

I’m also a Senior Fellow at the US-based Open Technology Fund, where I run a research project into some ethical, legal and policy reasoning for networked systems research. This means that I work with Internet engineers, network researchers and computer scientists on both sides of the Atlantic to define the ethical limits of their work. My first effort has been to write ethical and privacy guidelines for engineers who collect vast amounts of data via mobile phones, and much more will follow. Finally, I work with the EU-funded multidisciplinary Network of Excellence in Internet Science, which has tasked about 150 researchers to explain to the European Commission what the Internet actually is and how it affects society. This network will host its second and final conference in Brussels in April 2015, where the many findings will be presented. An invitation for the readers of the Considerati newsletter will follow in one of my upcoming monthly contributions!

Bendert Zevenbergen Academic Liaison