Generally speaking the trend towards ever expanding digitally-enabled opportunity in relation to education and democratic/political participation will continue across the developed and developing world – on a scale which is too large and diffuse for governments to prevent or control. However, freedom and privacy must not be taken for granted. Greater public education and awareness on these issues will be increasingly essential in order to promote an active public and consumer voice. This will also require enhanced levels of individual responsibility/regulation.
With the increasing uptake of cloud based services with companies operating across national boundaries with servers based in multiple national jurisdictions – what will be the implications for the security and privacy of personal data? There are already instances where national governments are seeking to compel companies to release personal data. For example it has been contended (see article) that the US Patriot act provides a legal basis for the US Government to access personal data held by servers by companies operating within its jurisdiction but not its borders (i.e. having some form of US-based commercial presence, even when the servers themselves are located in a different national jurisdiction.
The collection of personal information by one organisation is an important issue – but the correlation of multiple separate data sets and the migration of personal information to other databases are also significant concerns. It depends on who holds the right to the information itself and where that information is physically located. Privacy laws vary in different national jurisdictions – with significant variances between, for example, laws in the United States and the European Union (with the latter having higher privacy safeguards/requirements). Global companies often receive information in one country and then process it in a different country where a different regulatory framework applies. Therefore in a globalised world it becomes ever more challenging to ensure uniform standards of privacy.
These new developments also open the door for companies to engage in price discrimination based on personal data – for example in relation to the provision of discriminatory insurance policies based on enhanced knowledge of people’s lifestyle and dietary habits harvested from multiple online databases based upon online behaviour/choices.
The importance of building a legislative wall between governments and private entities which hold personal data was highlighted. In the US the 1986 Privacy Act attempted to do this – but this legislation is now obsolete in the modern information age. There is a pressing need for a legal framework which effectively prohibits Internet service providers and private repositories of personal data from acquiescing to government requests (or pressure) to release this information without due process. This is particularly important in terms of requests which cut across national jurisdictions. It was also suggested that such a framework should also be operated in relation to government departments sharing personal information – for example between the public health authorities and immigration authorities.
It was pointed out that many governments are reluctant to accept foreign companies refusing to hand over data held on domestic servers based on protections afforded by their own country’s legal framework – and that in many instances such companies eventually give in (e.g. RIM in India).
Centralisation of services is increasingly irresistible from an industry perspective because of the rise of mobile. Users want to be able to access their data from any device, which effectively requires that data and services be based on a cloud-based server. Whilst the open source community correctly identifies that individual households running their own servers would be the best way to safeguard privacy, civil liberties, freedom and competition – in reality consumers are unlikely to do this, which makes private sector operated cloud-based servers and services the most attractive and feasible option. Few individuals will want to actively administer their own server infrastructure.
It was pointed out that open source intelligence statistical techniques are able to collect, correlate and triangulate data in such a way as to de-anonymize previously anonymous information. In this context any potential mechanisms designed to protect private information could be subject to circumvention – and Internet users need to be educated on the importance of such developments, while organisations and entities which employ such techniques unlawfully should be held liable for such transgressions.
Current levels of trust in the online world may eventually plateau or even significantly decrease. Right now many people are quite comfortable with sharing significant amounts of personal information online (either via social networks or online activity tracking systems) – but this is likely to change. As the Internet matures people (and particularly young people) will wake up to the potential consequences of their behaviour online. This may create a broader and more energetic and innovative market for online privacy tools.