A qualitative study into the “Future of Privacy” released by Pew Research summarises the opinions of more than 2,500 respondents about how they think privacy will be shaped in 2025. A minority of 45% of respondents predict that policy makers and technology innovators will be able to create a “secure, popularly accepted, and trust privacy-rights infrastructure” in the next 10 years, whereas the close majority of respondents do not share this optimism (and some expect privacy to be a historical concept by then). One thing becomes ever more clear from reading through the responses: privacy is at a crossroads right now, and the legal, technical and ethical choices we make today, will shape the state of privacy in 2025.
The more pessimistic opinions expressed in the Future of Privacy study are also echoed by some academics, who reflect on the ability of the proposed EU’s General Data Protection Regulation (GDPR) to help shape the future of privacy in the November 2014 issue of the International Data Privacy Law Journal. The myths surrounding the GDPR to be the tool that solves all our current privacy regulation issues are carefully dissected and debunked by Professor Blume from Copenhagen University. The very foundations of the GDPR are criticisedby Professor Polčák (Masaryk University) in a philosophical reflection on the regulability of networked digital information with a mere update of the current data protection mind-set that stems from pre-Internet times. Professor Koops from Tilburg Univeristy takes this reasoning a few steps further and outright declares the GDPR dead before it has even been adopted: The marginal effect of the current data protection law in the era of Big Data and profiling has widened the gap between law in the books and law in action beyond repair.
Professor Koops argues that governments should act as role models in privacy and data protection as they regulate the private sector. An excellent example of such an effort comes from the US National Institute for Standards and Technology (NIST), which has published a set of detailed guidelines for the assessment of privacy and security in government information systems, highlighting the benefits of privacy- and security-by-design. Two weeks after this document was published, the necessity and usefulness of such guidelines is demonstrated following the release of a huge amount of reports on the misuses (and systemic abuses) of the NSA’s digital surveillance tools on innocent citizens.
The Future of Privacy study and the NIST guidelines highlight the necessity of regulation and technology working in cohort to establish effective Internet privacy and to maintain user trust in future. It is no surprise that the privacy-enhancing-technologies research community is flourishing, organising workshops and conferencesto disseminate and discuss their newest findings. A particularly interesting EU funded project called ABC4Trust (Attribute-based Credentials for Trust) will present their results in Brussels, a day before the Computers, Privacy & Data Protection conference commences.
Socio-legal research into the law in action in privacy and data protection legislation will provide evidence and guide policy debates as well as business practices. However, the glue holding together the struggling legal frameworks, diminishing user trust and experimentation in technological solutions will likely – for the mean time – be ethics. Come participate in the discussions on the future of Internet privacy and more at the 2ndInternational Conference on Internet Science!
Bendert ZevenbergenAcademic Liaison at Princeton University