Monday, 19 September 2011

The art of respecting privacy in a digital age

I actually think it's impossible to fully safeguard our privacy in the digital age. For most intents and purposes, we can (currently) only be assured of our privacy by returning to an analogue world. This may change in my lifetime. But I don't think that all the tools that are necessary to properly ensure our privacy have yet been created.

Of course, thanks to teams of brilliant software engineers working for companies like Google and Facebook, more privacy is becoming more possible within the social networking world. But, national governments still need to safeguard the security of their citizens (and their States) so it is entirely understandable why we might wish the State to be able to penetrate some of the protective shields we erect to hide some of our actions from our friends and work colleagues.

But where should the lines be drawn? And who should be involved (outside the national security environment, I mean) in sensitive decision which involve judgments about national security?

These are discussions that could be derailed if they are held in too great an atmosphere of transparency. If law enforcement investigators are to make their case effectively, then many of the discussions will need to take place behind closed doors. If they are to reveal the limitations of their current capabilities, then the investigators will have to trust those to whom this information is imparted that they won’t "give the game away". And it can take quite a considerable time for the bonds of trust to be built before constructive discussions can take place.

But, at some stage in the process, it does become necessary to be more transparent about capabilities. Democracy and justice does, after all, allow the defence teams access to virtually all of the material assembled by investigators as they mount a case against a defendant. They are, yes they are, presumed to be innocent until the reverse is established.

And how does a society show its transparency? By ensuring that the rules are as clear as possible and that they are made available to as many people as possible. Here is where Parliaments can play their role. They can review legislative proposals and make sure that the final sets of rules are clear.

Of course, this does not always happen. Politicians can be tempted to approve stuff they have neither read nor have had explained to them. And they can be tempted to leave the implementing details to public officials - who can be placed in the invidious position of being required to implement stuff that didn't make much sense in the first place. Sound familiar? It's certainly where we are on the European privacy front.

So what do I intend to do about it? If I were able to, I would suggest that European policymakers revert back to basics. I would suggest that we give up on the concept that a single set of very detailed rules will deliver positive results in a field in which different sets of cultures deal with each other in different ways. Even within the European Community, we are not the same. We live in different countries and our Governments have distinct sets of rules. We have different economies and different social models. Our people have different cultural expectations of each other. Just as the Euro is facing difficulties as a common currency for so many EU states, so the current Data Protection Directive is facing similar difficulties as a common set of standards for all European citizens.

That is not necessary an easy message to send to European policymakers, many of whom have a firm belief that only deeper European integration will bring the citizens to the Promised Land. But what if these citizens don't actually all want to go to that same land? What if all they really want is bread and circuses?

I'm not confident that enough people have actually asked that fundamental question.

But I sense that, with draft proposals for a new Data Protection Directive currently being circulated amongst the highest levels within the European Commission, before they are made available to a wider audience, this question ought to have been debated much more thoroughly.

What could we see soon?

I expect that we'll see an attempt at joined-up thinking between European and American policymakers. But there will be a tension between regulators who feel a desire to impose detailed rules and those who want a looser approach. And I sense that most of these discussions will pass the general public, and the internet application developers, by.

I sense a twin track approach to privacy developing momentum. With regulatory rules on the one side, and self-regulatory standards emerging, which may not be as tight as the formal rules but which basically deliver (most of) the goods.

And I sense a tension increasing between politicians (and a few regulators) who resent the way that self-regulatory initiatives gain momentum, and those who are less willing to endorse a more pragmatic approach.

What will the public want?

I don't think that most of the public will really want too many rules. We all break enough of them every day, anyway. To my mind, the public basically want circuses. If they get something which entertains them, then they'll, for the most part, be happy.

Bu enough of what I think will happen. Whatever does happen will be happening soon. And I am looking forward to playing my part, however minor that may be, in shaping the final outcome.