As users of Facebook, we exchange our personal details in order to connect with anyone and everyone. We sell our privacy to the supermarket when we allow loyalty programs to track purchases and reward us with frozen vegetables and gasoline discounts. We relinquish our privacy to airlines when we download their app to our smartphone to get more efficient service and better information. We disclose personal financial information to Quicken for a chance to win $1 billion in a NCAA basketball pool.
While we have become used to the idea of giving up a certain amount of privacy in exchange for a service or discount do we really understand what that means? How much does our personal privacy mean to us?
Earlier this month, the issues surrounding data privacy and security were discussed and debated at the Global Privacy Summit in Washington DC, sponsored by the International Association of Privacy Professionals (IAPP). [My prior post on becoming a certified privacy professional through the IAPP can be found here]. The three days at the Summit were filled with topnotch sessions covering a variety of privacy issues, including a particularly compelling talk by Julia Angwin about the cost of personal privacy.
Following are some highlights of the Summit:
1. The Cost of Privacy: Julia Angwin described how she spent $2,200 and countless hours trying to reclaim her privacy.
Ms. Angwin stopped using google and gmail. No longer was she going to have her gmail scanned with selected information offered to advertisers. She unfriended her friends on Facebook, started using DuckDuck Go, a privacy protecting search engine, purchased the OFF Pocket, a cellphone case that blocks signals to and from the phone, subscribed to Trusted ID – a company that promised to opt her out from large data brokers, added a privacy filter to shield her laptop screen from voyeurs in the coffee shop, and purchased other privacy related services. Her efforts and the price paid for enhanced privacy are detailed in her recent New York Times editorial, Has Privacy Become a Luxury Good? She analogized privacy to organic food. Consumers may now be willing to pay a premium for privacy and businesses would be wise to jump into this market for privacy sensitive products and services. Her book, Dragnet Nation: a Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, was also released at the Summit.
2. FTC Activity: Edith Ramirez, FTC Chairwoman, discussed FTC plans for the development of guidelines for data de-identification, the upcoming release of a FTC report on data brokers, and the need for new federal data security legislation. She supports stronger rulemaking authority and enforcement capabilities for the FTC relative to data security with more FTC efforts to come in mobile location tracking issues.
Ramirez also appeared with officials from the U.S Department of Commerce, Canada, and the European Union to announce efforts to help businesses ensure compliance with global data privacy rules. This was clearly in response to EU criticism of the Safe Harbor approach that has allowed US businesses to self certify compliance with EU privacy regulations. Ms. Ramirez pointed out that the FTC has recently brought 13 actions under the Safe Harbor.
3. EU Data Protection: Data protection regulators from the UK, France, and the Netherlands discussed the intense debate going on in the EU over the potential overhaul of the entire data protection regime. One of the key elements of the overhaul is a “one stop shop” approach that would allow multinational companies to deal with one data protection regulator rather than multiple regulators in each member state.
4. Privacy at the NSA Rebecca Richards, the newly appointed and first ever Civil Liberties and Privacy Officer (CLPO) at the National Security Agency (NSA), made her first public appearance at the Summit. Her job is to provide expert advice to the Director of the NSA and oversight of NSA’s civil liberties and privacy related activities. Her appointment was one of the reforms specifically called upon by President Obama. Ms. Richards identified the enormous challenge she faces of being the voice of privacy and supporting an agency with national security issues at stake.
5. Digital Medicine: George Savage, the Chief Medical Officer of Proteus Digital Health, demonstrated his latest innovation- an ingestible smart micro sensor. The size of a grain of sand, the sensor is co-formulated with a pharmaceutical product. When swallowed, it emits a signal like a digital heartbeat that is detected by band-aid like patch monitor worn by the patient. The patch tracks the heart rate, sleep pattern, and other activities of the patient. Dr. Savage ingested the micro-sensor and as he spoke we watched as the data was transmitted in real time through his smartphone to a colorful display on a television screen. While this tracking capability holds enormous potential benefits for healthcare research and medical treatment it also raises significant privacy issues.
So how much do we value privacy? Can the free market save us and give us choices that protect our personal information and privacy? Will government step in with more regulations? Will we follow the European model and make personal privacy a human right?
Stay tuned as the discussion and debate promises to become even more amplified and interesting.
And, watch out for the drones!