Sunday, January 27, 2013

'No free lunch on social media' debate

Last Thursday I attended a debate event called “No free lunch on social media.” Since it was one of my fist ‘privacy’ events I visited in Brussels I had high expectations to hear something new on my favourite topic. Maybe even too high. During the debate few questions arose, which sadly never found their way to address a panel of experts.

The debate started with attempt to define ‘privacy.’ It was presented as a very broad concept that is impossible to define. Personally I disagreed with this (non)definition. Not only that the right to privacy is not a new right, it is also supported by case law. However, the concept of the right to privacy online, in my opinion, differs from the concept of the right to privacy in ‘real’ world. Regarding this issue a wanted to ask the panel if they think that the concept of privacy needs to be redefined for being used in an online world?

The second issue brought up was an individual’s expectation of privacy. It was said that people are getting aware of (mis)use of their private data. They have developed their own sense of privacy, with the use of encrypted messages. That is how they protect their public information. In this point of the debate I asked myself what is public information in their opinion?

The debate continued towards proposed Data Protection Regulation and additional ways to protect private data. The idea of privacy by design was supported; privacy tools would be transparent and users would be able to control what is being used and what not. In my opinion the main concern of privacy by design is a collective action issue… Another additional way to protect privacy, next to the Regulation, which was presented, is self-regulation.

While discussing pros and cons of the Regulation a few more questions were born. Regarding the issue of rectification and reassure I wanted to ask the panel about the difference between so called ‘the right to be forgotten’ set out in Articles 16 and 17 of the proposed regulation and Article 12(b) of the existing Data Protection Directive?

Next issue brought up was the issue of consent, especially when is not explicitly said. My never asked out loud question that arose regarding this part was related to the processing of personal data. Both, the proposed Regulation (Article 9) and current Directive (Article 8) have listed exceptions from general prohibition of processing. What does (in panel’s opinion) in practice mean, that the author has his persona data manifestly made public?

The last topic that debate touched (until I was there) was targeted advertising and with it related: data profiling. One of big issues of data profiling is also that I can be created wrong. Regarding this it was described that the development of technology decrease possibilities of wrong profiling. Since data profiling is problematic per se, designation of ‘do not track’ button was proposed. And to make data profiling even more personalized, user should have an option to opt-in; default settings would be off (no tracking). Personally I wonder how would this work in practice: who would pick ‘do track’ option? However upon reflection I remembered how I hate, when I use borrowed computer in a foreign land and how the usual search does not find what I seek or it is not on the first page of the search results.  I also remembered how annoyed I am when this happen. So, there probably are people who would opt-in; just because profiling can make user’s life easier. The only problem is its price.