Globally, although most business groups insist current privacy legislation is sufficient, there are strong incentives for politicians to introduce new legislation to protect individuals’ privacy in the digital world. Loopholes in privacy legislation for the digital age can be tackled either by the Judiciary, widening the scope of existing law, or, as is clearly the trend, via new legislation and regulation. The best response from business groups in telecom and IT—instead of advocating against new legislation, which is not working—is to reach reasonable agreements on the rules of the road and, more importantly, expand Privacy by Design (PbD). Businesses properly getting on board with this trend protect consumers while still leveraging data for commercial gain.
In its broadest sense, Privacy by Design (PbD) refers to embedding privacy features into technologies and business practices. At the level of the Internet, these features allow the deletion of “digital trails” so individuals do not leave any traces of web sites they have visited or anything they have downloaded or uploaded. They can also delete metadata related to picture or video files.
The “Clear History” feature in Apple’s Safari web browser is an example of PbD in action, as is Facebook or Twitter automatically erasing the date and location information in photos posted by users. Not that they — or other technology giants — are by any means saints in the universe of privacy protection.
Incentives for companies to adopt Privacy by Design are still weak, while there are in fact strong disincentives. Enforcement of privacy rights is lagging behind the ever-growing tsunami of personal digital data, dubbed “the new oil of the digital world” by European Commissioner for Consumer Protection, Meglena Kuneva. Digital personal information is so widely traded it has become a major source of revenue from today’s Internet.
PbD is relevant to the Internet of Things (IoT). The IoT it is generally perceived as networks of machines communicating with other machines (M2M), and this is true on one level. But what the machines are communicating about is important in the PbD context. They are providing masses of information both about human behavior and the immediate surroundings in which this behavior is taking place. How are you driving? What are you eating from your refrigerator? What movies and entertainment are you enjoying? Thanks to M2M and radio-frequency identification (RFID) all this information can now be digitalized and tracked.
Commercially, enormous inputs of consumers’ data are guiding marketing and sales (“big data”), while state intelligence agencies increasingly rely on commercial databases. But a new wave of privacy legislation targeted at the digital world is emerging around the globe, because it has become apparent that self-regulation is not working. In the US this could shackle the National Security Agency (NSA), but not private business. In Europe, a stronger regulatory approach champions “the right to be forgotten” but the big question is how to effectively implement this right.