The discussion on data privacy continues to be a hot topic. And for good reasons. Our online presence is becoming more and more an integral part of our daily life. Only two decades ago sending mail (snailmail) was protected by a law that explicitly stated that mail was not to be opened during transport to the addressee. Metadata did not exist and our life was still very much analog. With the internet now being our main infrastructure for mail, messaging, voice and other forms of communication, watching people’s behavior is easier than ever before. Add to that the ever increasing number of public and private camera’s – soon to be combined with drones – and privacy is more of a luxury than a right. Scott McNealy said it in 1999 “You have zero privacy anyway – Get over it”. Most will agree on the first part of his statement but as far as the second part is concerned the discussion is intensifying. Governments, businesses and criminals are equally interested in capturing as much data as they can for reasons of respectively security and control, profit, and theft. Reasons that often do not coincide with people’s interests. With the increased sophistication of data analysis algorithms private life has become an open book for those parties who have a business in capitalizing on individual and group behavior.
Still, while privacy as an issue has been dumbed down by governments and business for over the last two decades, privacy organizations in many countries have pushed hard to make it a top priority on the government and business agendas. It is an uphill battle as resources for these organizations are small. However recently some successes can be noted.
- Last year we reported on the right to be forgotten. Google was taking a tiny hit but with consequences; so far a quarter of a million request have been made to Google asking for link removal. Business should take data privacy issues more serious now.
- The EU is stepping up its data privacy efforts by looking into Facebook’s privacy policy. Data Protection Act (DPA) authorities from France, Belgium, The Netherlands, Germany and Spain have joined forces to probe Facebook’s privacy controls.
- In March a Dutch court proclaimed that Internet and Telecom providers no longer had to keep communication data. As a result the Dutch minister van der Steur explained that all kept data had to be removed since there was no legal basis for storing private data.
- After the NSA scandal the Obama administration recently unveiled an initiative for a Privacy Bill of Rights. The aim of the bill is to be “part of a comprehensive blueprint to improve consumers’ privacy protections and ensure that the Internet remains an engine for innovation and economic growth”
- The EU is currently updating its 1995 EU Data Protection Directive as it is considered outdated in the light of twenty years of globalization and technological change. The proposal seeks to update the EU’s data protection framework to give individuals more control over their data, to harmonize rules and enforcement throughout the EU, ensure data protection and to enable data use by police and criminal justice operations.
The intentions of both privacy initiatives are to work out be positively for the privacy of individuals but at the same time the details of these initiatives are heavily debated between other stakeholders. It therefore remains to be seen whether the final content of these directives, for both the US and the EU, will ultimately make a positive difference to the privacy of individuals. Trusting governments, businesses or criminals, their motives and plans, is naïve. For that reason, the Dutch privacy organization Bits of Freedom (BoF) recently updated its own Internetvrijheid Toolbox. The toolbox is filled with advise and links to apps and tools, and aims to protect individuals online privacy against aforementioned data hoarders. Of course it doesn’t guarantee 100% privacy but just like installing a second lock on your bike, it does slow things down. And just maybe it will spark a new generation of data policies that puts an individual’s data privacy first. But don’t count on it.
