Privacy Advisor

The Big News from IAPP Data Protection Congress

Regulators trade ideas, keynoters provoke with new ideas, auditors provide top tips and a final panel provides fireworks

January 28, 2014

EU, U.S. Officials Indicate Potential Privacy Agreement

The keynote stage at the IAPP Data Protection Congress in Brussels in December became a diplomatic back-and-forth as Constantijn van Oranje-Nassau, Head of Cabinet of Vice-President of the European Commission, Commissioner for the Digital Agenda Neelie Kroes, delivered the European Commission’s view of data protection and then was followed by an address from U.S. Federal Trade Commissioner Julie Brill. Reading between the lines there were reasons to be encouraged that Safe Harbor and the free flow of data between continents will continue.

Both emphasized the need to encourage innovation. Both emphasized the threats to privacy posed by new Big Data business models. Both expressed hopefulness and optimism that the U.S. and the EU would find a way to work together on data transfer regulations. Both addressed whistleblower Edward Snowden’s revelations about the activities of the U.S. National Security Agency and other intelligence agencies.

Brill referred to Safe Harbor as the “elephant in the room,” but indicated her support to keep the mechanism alive.

Read a detailed report of the keynotes’ main points here

Mayer-Schönberger: Forget Notice and Choice, Let’s Regulate Use                                                                  

There are few privacy principles more generally ingrained than the ideas of notice and choice for consumers. However, said Viktor Mayer-Schönberger from the IAPP Data Protection Congress keynote stage, “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.” He suggests that rather than giving up on privacy, “what we need is a new protection mechanism. A paradigm adjustment to ensure privacy in the age of Big Data.”

That’s because rather than protect the consumer, notice-and-consent mechanisms have simply become methods whereby consumers can either accept, the co-author of Big Data and professor of Internet governance and regulation at the Oxford Internet Institute argued, “or remain outside modern society.”

Viktor Mayer-Schönberger (left) debates the merits of his keynote address with attendees of the IAPP Data Protection Congress.

“It is nothing more than another hoop we all go through,” he said, “when we want services online and offline.”

Once he came to this realization, he said, after years of studying data protection laws, “I started to doubt.” Perhaps the radical changes in storage capabilities, making it unnecessary to ever discard any data, combined with the much-improved capacity for collecting data, really did represent the death of privacy, once and for all.

See the full keynote here.

CPO, Activist, Former NSA Counsel Square Off

The most fiery discussion at the IAPP Data Protection Congress in Brussels came during its final session, with IAPP VP of Research and Education Omer Tene doing his best to referee a conversation between former U.S. National Security Agency (NSA) General Counsel Stewart Baker, anonymous Internet platform Tor’s Jacob Appelbaum, Vodafone CPO Stephen Deadman and Ralf Bendrath, policy advisor to German MEP and Data Protection Regulation Rapporteur Jan Philip Albrecht titled “Have You Been NSA’d? Government Access and the New EU Regulation.”

The highly anticipated session didn’t fail to deliver. Tene opened the discussion by declaring, “It’s already a great win for the privacy community that we’re having this session,” and it was hard to argue after seeing the likes of Baker and Appelbaum, polar ideological opposites, not only sitting side-by-side but later even posing for a goofy picture together.

However, the session was not without its heated moments. Read the full story on the session here.

Top Six Inadequacies Found During Privacy Audits

James Mullock, CIPP/E, broke his “Audit Programmes” session into two halves and challenged participants to identify the top six failure points his firm, Osborne Clarke, identified in its last 20 privacy audits.

They included basic internal privacy policy failures, lack of training and inadequate vendor contracts.

Read the full story on this here.