This week I had the pleasure of attending the United Nations Internet Governance Forum (IGF) and participating in a session on 'privacy as innovation' organised by the Danish Media Council and the Dutch NLIGF. The session was aimed at finding practical, global solutions for privacy and data protection issues through innovation.
In my intervention I opined that in order for innovations in the field of privacy to succeed, the following three prerequisites must be met:
1. Level international playing field
A first prerequisite is a level international playing field. Historical, cultural, social and legal differences mean that whilst privacy is a universal right, it is regulated differently throughout the world. In order to get really global privacy solutions there must be some level of global harmonisation. Furthermore, by harmonising privacy and data protection rules, businesses can no longer move to countries with the most lenient approach to privacy protection and enforcement.
2. Real market demand for privacy friendly services
The second, and perhaps most important prerequisite is a real market demand for privacy friendly services. Currently, there is little incentive for businesses to change or improve their existing practices. Consumers don't turn their backs on Facebook and Google despite their questionable record in the area of privacy protection. Why? Because the benefits of these free services still seem to outweigh the privacy risks. And whilst there are some privacy-friendly alternatives available, almost nobody uses them. As long as consumers don't demand privacy-friendly business practices, the business world will not change.
An interesting comment made by Aral Balkan (www.aralbalkan.com) during the session was that we also need to look towards the funding of new technologies and services. The myopic venture capital model currently fuels the dominant business model of free services in exchange for personal data. Given the pressure for these services to grow and monetise their user base, it is inevitable that they will infringe their users’ privacy to an increasing extent.
3. Privacy must be a concern of business and engineers
A third prerequisite is that privacy is taken away from the privacy lawyers (since I am one, I'm allowed to say that). Currently neither the businesses nor the IT engineers are fully engaged in the privacy discussion. Only when privacy becomes a key issue for businesses and IT, will new privacy solutions be developed.
You can read a full transcript of the meeting at the IGF soon.