In episode №6 of the Liberty. Equality. Data. podcast we are delighted to welcome Dr. Ann Cavoukian to discuss issues around data privacy, utility, and ongoing trends towards decentralization of data. Ann is one of the world’s leading privacy experts and has been recognized as being among the Top Women in Tech.
Ann is most well known as the visionary and a thought leader in all matters related to data privacy. One of her most impactful accomplishments is the notion of “Privacy by Design” — a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure, and business practices. In the past, Ann served three terms as the Information and Privacy Commissioner of Ontario, Canada and is helping businesses, and other industry stakeholders to embed privacy in technology solutions from the get-go.
Ann began by noting that at the time when she started her first term as the Privacy Commissioner, she quickly realized that rather than dealing with data breaches and privacy infractions after the fact, data privacy compliance framework should be prospective — oriented to the future:
“I wanted something that could be baked into the code and become an essential part of [company’s] operations; something that could ideally prevent data breaches from happening.” — Ann Cavoukian
That’s how seven Privacy-by-Design principles came into existence.
Ann expressed her disapproval of the zero-sum thinking which is usually presented such “false dichotomies” as privacy or security, privacy versus data utility. Ann advocates for discarding such either-or/win-lose thinking which she referred to as “the lazy man’s way out”. Instead, we should start thinking about positive-sum models where you can get both data privacy and data security, data privacy and data utility. We should — and can — achieve both: by combining data privacy with other considerations, companies, brands, and service providers can unlock even more value for their customers.
“I always try to focus on a positive side and bring it to the company’s attention and show them examples so that they get that it is not “either-or” or data zero-sum model; we can do this and achieve multiple gains.” — Ann Cavoukian
Ann shared many insights about the way how privacy-preserving technologies could help in unlocking value for individuals and companies.
The possibility to decentralize data and create an environment where data is residing in a secure enclave (e.g., personal data cloud) empowers individuals with opportunities to control those data and to whom those data are disclosed. Decentralization of data is critical for the individuals who can decide about the ways how those personal data can be used. Privacy concerns can be further alleviated by deeidentifying data which would also enhance the value of those data.
Stripping away personal identifiers is only one technological approach towards greater data privacy and utility. Many developments are taking place in the technology field that directly affects the current trends in the use of (personal) data: edge computing, federated learning, emerging serverless solutions, and blockchain applications.
From the Privacy-by-Design point of view, Ann encouraged companies and developers to think about privacy-related implications of such new apps before those new products and services are released:
“You are going to have massive data losses and class action lawsuits for having not thought about privacy… You can embed privacy into your operations by stripping the personal identifiers, deidentifying the data, and decentralizing. It is not hard, you just have to think about it before you race out of the door.” — Ann Cavoukian
Markus Lampinen from Prifina noted that large companies are starting to realize that holding the personal data of their customers is becoming a huge liability; and that those consumer-facing companies are looking for new ways how to empower individuals with their data. This could potentially open new doors to generate special use-cases for interactions with consumers without having an intermediary in the middle.
“It would be amazing if the individual would be in total control [of her data]; you wouldn’t have to share or disclose your data with someone else. It’s a total win-win if the data could reside with the data subject/individual.” — Ann Cavoukian
At the same time, many executives at well-established companies are of an opinion that newly-imposed data privacy requirements are putting breaks on their technology development. While it is true that privacy compliance can be costly, embedding Privacy-by-Design framework in technology development in many cases actually results in adding a competitive advantage vis-a-vis other market participants and also helps gain customer/consumer trust.
Podcast participants shared their frustration with endless cookie notifications, which make the life of an internet user quite miserable. Why should the burden of learning about the company’s data collection practices be placed onto individual users?
Looking into the future data use practices, it becomes clear that consumers should be able to benefit from simple and intuitive application design. The ease of use is going to be at the core. Certainly, building new products and applications is always, and getting the things correct right from the start is even more challenging. Ann suggested that adhering to Privacy-by-Design principles from the earliest stages of product development could be a huge step toward a more user-centric data ecosystem.
Markus Lampinen offered an insightful analogy that could explain the currently emerging consumer approach to their data:
“You know that eating non-organic food is slightly bad for you. And if you have the alternative, you’ll probably choose organic food. Similarly, you know that giving your data away is slightly bad for you. And if you had the alternative, you might want to take it.” — Markus Lampinen
Some parts of the discussions on the podcast were about opportunities that developers have with data on the user side. User-held data and apps that run on top of it offer uncharted terrain for developers to unlock the value of data sources such data coming from wearables, online services, and IoT.
New types of uses-cases for personal data apps have the potential of becoming intrinsically valuable. By getting certain insights about customer preferences directly from the individual, brands and service providers can offer discounts or special offers.
More generally, processing of data on the individual’s side makes of possible to capture the value from data while the data is still with the individual, without that data actually leaving the individual. There seems to be a lot of demand for these types of solutions if they are given easy alternatives.