Conference on the Evolving Role of the

 Individual in Privacy Protection: 30 Years after the OECD Privacy Guidelines

 


 

Conference on the Evolving Role of the Individual in Privacy Protection: 30 Years after the OECD Privacy Guidelines

 

Conference to be held at the
International Convention Center (ICC)
Jerusalem, Israel
25-26 October 2010

 

Background | Draft agenda | Contact

Registration and practical information

 

 

WEBCAST

 

 

Background

This year marks the 30th anniversary of the OECD Guidelines for the Protection of Privacy and Transborder Data Flows (“Privacy Guidelines”). Adopted in 1980, the Privacy Guidelines were the first international statement of the core information privacy principles and have proven highly influential over the years. 

This conference is one of three events organised during this anniversary year, to better understand the current environment for protecting privacy. The other two include a roundtable on the impact of the Guidelines held this past March in Paris, and roundtable on the economics of personal data and privacy to be held at the OECD on 1 December 2010. Along with these events, the OECD is preparing an anniversary report on the evolving privacy landscape. Work in 2010 will lay the foundations for a review of the Guidelines in 2011, to determine whether they need to be updated or revised to address the current environment for privacy and transborder data flows.

Hosted by the Israeli Law, Information and Technology Authority, this Conference is focused on the role of the individual in privacy protection. Held back-to-back with the 32nd International Conference of Data Protection and Privacy Commissioners, it will bring together government officials and privacy authorities, together with representatives of international organisations, business, civil society, the Internet technical community, and academia.

Following an opening session with speeches from senior officials and a broad ranging discussion on individual and their privacy, the Conference will be divided into 4 main topics, each the focus of a moderated panel discussion: (I) The Individual as Creator and Disseminator of Personal Data (II) Aggregation, Analytics, Identity and the Individual (III) Awareness, Choice and the Individual, and (IV) Innovations in Privacy Protection.  The final session will consider the broader implications of the issues raised for protecting privacy and key principles.   For further information visit: www.oecd.org/sti/privacyanniversary.

Agenda

 

Agenda [PDF – 627kb]

Biographies [PDF – 682kb]

 

Monday 25 October, 18.00-20.00

Opening Session:  The Oecd Privacy Guidelines in Context

 

Welcome Remarks

  • Guy Rotkopf, Director General, Ministry of Justice, Israel
  • Ambassador Richard Boucher, Deputy Secretary-General, OECD 

Panel Discussion: Privacy in the Context of the Internet — Recording Everything and Forgetting Nothing? 

This panel will embark on a broad-ranging discussion of the core privacy principles in the current context, to try to identify the key issues to be explored further and help set the scene for the following day. the opening speaker will focus on a key technology-fuelled trend: the digital capture of increasing amounts of data about our activities and interests and its indefinite storage. This trend, among others, may bring economic and societal benefits from new uses of personal data, but also an evolution in the privacy risk environment.

 

Key Issues for Discussion   

  • What is the impact on privacy of the trend towards comprehensive digital memory?
  • What are the other key changes impacting the individuals and their role in privacy protection?
  • What are the key challenges in applying the core privacy principles, as well as the implications raised for the scope of privacy protections?

Panelists

  • Andrew Wyckoff, Director of Science, Technology and Industry, OECD 
  • Jeffrey Rosen, Professor of Law, George Washington University
  • Yanki Margalit, Founder & former CEO, Aladdin Knowledge Systems Ltd
  • Andrew McLaughlin, Deputy Chief Technology Officer, United States 
  • Marie Shroff, Privacy Commissioner of New Zealand 
  • Jennifer Stoddart, Privacy Commissioner of Canada

Closing speech

  • Benjamin Netanyahu, Prime Minister of Israel 

 

Tuesday 26 October, 09.00-18.00

I. Data Creation and Sharing by Individuals about Individuals

When the Guidelines were conceived 30 years ago, the drafters could not have contemplated the dramatic increases in the capabilities of individuals to produce, share, and publish personal data. Large numbers of individuals actively volunteer personal information about themselves and others, posting pictures and videos online, blogging, conducting business transactions among themselves, and interacting with large groups of friends or the public through social networking sites.  With mobile computing devices like smart phones becoming commonplace, this trend seems set to continue, with location information added to the mix. In short, it’s not just businesses and governments that are engaged in data processing activities. This session will examine the interest and value for individuals in generating and posting personal data online, as well as the implications of these behavioural changes for the scope and principles of the OECD Guidelines.

 

Key Issues for Discussion 

  • What are the trends in data creation and dissemination by individuals about themselves and others? 
  • While responsibility for privacy compliance is usually allocated to the organisations that control the data, are there circumstances in which it makes sense to consider a role for individuals in helping protect the privacy of data they help create and disseminate? 
  • What at are the most promising approaches for addressing the challenges posed to privacy by individuals themselves?

Panelists

  • Nataša Pirc Musar, Information Commissioner, Slovenia
  • Joshua Kauffman, Harvard University, Graduate School of Design
  • Kasey Chappelle, Global Privacy Counsel,  Vodafone 
  • Tai Myoung Chung, Professor, Information & Communication Engineering, Sungkyunkwan University, Korea
  • Elizabeth Denham, Information and Privacy Commissioner for British Columbia, Canada
  • Peter Swire, Professor of Law, Ohio State University

 

II. Aggregation and Analytics: Constructing an Individual  Profile

When individuals browse the web, use their cell phones and make purchases, they leave data crumbs everywhere.  We live in a world where what we buy, what we tell our friends, how we spend our time, where we walk, where we drive and more are collected, analysed and linked to information about our gender, income, age, occupation, ethnicity and other demographic information. Even apart from more well-known tracking technologies like cookies, browsing the web reveals many other types of data that can often be combined to create unique fingerprint of our browser. These along with other techniques allow those crumbs to be combined, analysed and transformed by private and government actors into individual profiles – our digital personas.  And at the same time, the practical effectiveness of efforts to anonymise or de-identify data are being questioned. This session will explore what “personal data” means in an age of data abundance and analytics.

 

Key Issues for Discussion   

  • What are the key trends in aggregation and analytics, and the abilities of organisations to monitor or develop profiles of individuals?
  • What are the best approaches to determining whether data relates to an indentified or identifiable individual, and how should we address occasions where technical progress allows data to be linked back to an individual in ways not anticipated at the point of collection? 
  • With the increasing capabilities to relate disparate pieces of data back to an individual, are the key concepts of privacy still working well?

Panelists

  • Daniel Weitzner, Associate Administrator for Policy, NTIA, Department of Commerce, United States   
  • Omer Tene, Senior Lecturer, College of Management School of Law
  • Alexander Dix, Commissioner for Data Protection and Freedom of Information, Berlin, Germany
  • Gus Hosein, Senior Fellow, Privacy International
  • Betsy Masiello, Policy Manager, Google
  • Richard Thomas, Global Strategy Advisor, Centre for Information Policy Leadership

 

III. Awareness, Understanding, and Individual Decision-Making 

As data usage practices have become more complex, so too have the privacy policies that describe them.  For an individual, estimating the privacy implications of a particular is often difficult, and numerous and subtle influences can create dichotomies between the individual’s privacy attitudes and actual behaviour. Some of the challenges for example relate, to the difficulty of reconciling the need for privacy with the need for publicity. Others stem from difficulties in navigating and understanding information not always presented in an easy-to-understand manner by organisations. Issues of presentation and default settings may have a great influence on user perceptions and choices. Drawing in part on insights from behavioural economics and the social sciences, this session will explore how and why individuals make the decisions they do when it comes to privacy and what can be done to improve it.

 

Key Issues for Discussion   

  • What do individuals understand about how their information is to be used and the steps they can take to protect it?
  • Do individuals have the motivation and ability to make effective cost-benefit evaluations of how websites and marketers use their data?  What are the implications for privacy principles like consent?
  • What sorts of market mechanisms, technolŹogies, or policy actions can help achieve a more desirable balance between information disclosure and protection?

Panelists

  • Peter Hustinx, European Data Protection Supervisor
  • Alessandro Acquisti, Associate Professor, Heinz College, Carnegie Mellon University
  • Anna Fielder, Steering Committee Member, Civil Society Information Society Advisory Council to OECD
  • Mozelle Thompson, Advisor, Facebook
  • Bjorn Erik Thon, Director General, Data Protection Inspectorate, Norway
  • Alan Westin, Professor of Public Law and Government Emeritus, Columbia University

 

IV. Fostering Innovations in Privacy Protection

While attention is often focused on the privacy challenges of the digital environment, the Internet and other technologies also bring new opportunities to offer individuals practical options to participate in the protection of their privacy. Integrated into IT systems and business practices at the design stage, innovative approaches have been proposed concerning, for example, identity and reputation management tools, “just-in-time” notices, privacy “dashboards”, anonymous routing services, and even attaching “sticky” privacy preferences to the data. Although the adoption of what were dubbed “Privacy Enhancing Technologies” in the 1990’s has been slower than expected, there is renewed interest in deploying technological tools for privacy today.  This session will examine some innovative approaches being taken by organisations to provide individuals with appropriate and usable information to exercise control over their personal information and the challenges to making them effective.  It will also consider the broader role of innovative approaches to privacy to address the current environment.

 

Key Issues for Discussion   

  • What technical innovations offer promise for giving individuals easier access to and control over information about them?
  • What are the incentives and barriers for innovating privacy tools and what are challenges to successful deployment?  
  • What is the role of technological innovation within a broader framework for privacy protection?

Panelists

  • Yoram Hacohen, Head of Law, Information and Technology Authority, Israel   
  • Jules Polenetsky, Director, Future of Privacy Forum
  • danah boyd, Senior Researcher, Microsoft Research and Associate Researcher, Harvard Berkman Center
  • Marit Hansen, Deputy Privacy and Information Commissioner, Schleswig-Holstein, Germany
  • David Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation
  • Cameron Kerry, General Counsel, Department of Commerce, United States
  • Christine Runnegar, Senior Manager Public Policy, Internet Society

 

V. Implications for Policy Making

This concluding session will consider the broader implications of the issues raised during the conference for policy making to protect the privacy of individuals.  A number of international organisations are reviewing their privacy instruments, including the OECD. Recognising the increasing importance of internationally compatible approaches to privacy, this session will bring together experts on work in APEC, the Council of Europe, the European Union and the Global Privacy Enforcement Network, who will join civil society and business representatives to identify key issues and ways forward.

 

Key Issues for Discussion   

  • What have we learned from taking a closer look at how individuals act online and how they think about privacy? 
  • What is the role of businesses and other organisations in addressing the changing role of the individual in privacy protection? 
  • What do these changes means for privacy protection and for the core privacy principles?

Panelists

  • Anne Carblanc, Special Counsellor, Directorate for Science Technology and Industry, OECD
  • Joseph Alhadeff, Chair of the ICCP Business and Advisory Committee to the OECD, and Chief Privacy Officer, Oracle Corporation
  • Marie-Hélčne Boulanger, Head of Data Protection Unit,  Directorate-General Justice, European Commission
  • Hiroshi Miyashita, Advisor, Office of Personal Information Protection, Consumer Affairs Agency, Japan
  • Jorg Polakiewicz, Head of Law Reform Department, Council of Europe
  • Marc Rotenberg, Steering Committee Member, Civil Society Information Society Advisory Council and Executive Director, EPIC
  • David Vladeck, Director, Bureau of Consumer Protection, Federal Trade Commission, United States

 

Closing Remarks

  • Jennifer Stoddart, Privacy Commissioner of Canada