In an interview with the Guardian, Joseph Cannataci – the first U.N. data privacy chief – said that he doesn’t use Facebook or Twitter and remarked that it is regrettable that so many people unwittingly sign away their digital rights.
What’s regrettable, however, is how wrong he is. When the U.N. special rapporteur for dataprivacy frames the issue as one of individuals ceding their privacy through ignorance, the general public has every reason to be disheartened. Cannataci’s remarks belie the fact that, whether or not you willingly acquiesce to the release of your data, it’s inevitable that you must entrust someone other than yourself with the responsibility of protecting it. The reason for this is simple: it is increasingly difficult to keep your data to yourself. This issue is not about Facebook deceiving end users and enticing them to hand over personal data for marketing purposes because users haven’t thoroughly scrutinized the applicable terms and conditions. Even something as seemingly benign as applying for a job can put your data at risk – look no further than the recent hacking of the U.S. Government’s Office of Personnel Management (OPM).
Given the sweeping nature of Cannataci’s mandate, it would have been much more reassuring to hear him acknowledge that consent in data privacy is somewhat of a red herring. Whether you consent to it or not, your data is at risk. The real issue here is how data privacy, encryption, and information security should be strengthened at all levels.
To be fair to Cannataci, who is after all a professor of technology law at the University of Groningen and the head of the department of Information Policy & Governance at the University of Malta, some aspects of his plan have undisputed merits. For example, he aims to develop a universal law on surveillance and to raise awareness among the public with regard to digital privacy, both would attempt to bring clarity and structure to what is otherwise a rather nebulous subject.
Cannataci’s scorn is directed primarily at the existing governmental oversight regulations on data privacy. He described British oversight as “a joke.” His mandate includes the systematic review of governmental policies and laws on the interception of digital communications and collection of personal data, which is perhaps a bit aspirational, but also encouraging.
However, there is yet another significant gap in Cannataci’s approach and mandate: there is no hint that he intends to learn from those institutions that are currently making strides in surveillance technology – specifically the private sector.
Cannataci believes that the business models of large technology corporations need to be “tackled” –despite the fact that those large technology companies are routinely, albeit reluctantly collaborating with institutions like the NSA. Their information security and encryption protocols are in some cases the only barriers standing between the government and the general public’s data. Google, for example, has strengthened its encryption of its infrastructure in an effort to steer the government away from using “backdoor” methods of accessing its network data. Cannataci’s proposed work on policy would be pointless without the technology corporations of the world continuing to innovate around encryption and information security.
Even in sectors as historically technologically-averse as law, companies already use extraordinary tools in order to prevent sensitive data from being inadvertently produced – an issue that one hopes will be central to Cannataci’s work as he addresses the permissibility of communications surveillance and data analytics for governments and corporations.
While the creation of Cannataci’s position by the U.N. is great news for privacy advocates, it feels like a half-step. It would have been more encouraging if the first-ever rapporteur had framed the struggle for greater privacy as a collaborative effort between the individual whose data is at risk and the institution which is responsible for hosting and securing that data. Instead, his statements frame the two parties as adversarial.
Data drives every aspect of our global economy. Very few people are isolated from information and most find it difficult to avoid information updates, communications and the consequences of data deluge for even a short amount of time. Put simply, we live in a datadriven world of open collaboration and communication that is facilitated by social media such as Facebook and Twitter. People don’t live under rocks. All companies, simply by virtue of being employers, are already trustees of critically important data. It is important that the first holder of this important new U.N. office realize that instead of implying that users of Facebook and Twitter are ignorant or misguided and that their decision to cede their privacyis regrettable, it’s more constructive to treat the world as it is. The world is a place where people must, for the fulfillment of their daily duties and tasks, have access to review analyses or provide personal data. It’s a world where we need clear and effective policies on privacy— not radical suggestions that insinuate that end users are at fault for leveraging innovative technologies that lead to their data being compromised.
It’s a world where we have to trust information security departments of major corporations and empower them to continue to innovate, not alienate them.