Salinger Privacy

  • About
    • About Salinger Privacy
    • Videos, Podcasts and Media Mentions
    • Work with us
  • Consulting
    • Our Consulting Services
    • Privacy Impact Assessment
    • Privacy by Design advice
    • Algorithmic Impact Assessment
    • Privacy Compliance Reviews
  • Training
    • Overview
    • Training Calendar
    • Public Courses and Workshops
    • In-house Privacy Training and Workshops
    • Online Training
    • Webinars
    • IAPP Certifications
    • Training Advisory Services
    • Login
  • Privacy Resources
    • Privacy Resources
    • Compliance Kits
    • Resources on key privacy topics
    • Free Handbook
    • Newsletter
    • Login
  • Who We Are
    • Anna Johnston
    • Melanie Casley
    • Andrea Calleia
    • Stephen Wilson
    • Chris Culnane
  • Blog
  • Contact
  • Compliance Kits
    • For Business
    • For NSW Public Sector
    • For Victorian Public Sector
    • For Australian Government
    • Login

A bridge too far: 85% of the world ignored at ‘international’ conference

November 3, 2015, Anna Johnston

Share this post

Share this post on twitter Share this post on Linkedin Share this on Facebook

Ah, Amsterdam. You can ride a bike, you can travel the canals by boat, you can walk around happily by yourself (ideally scoffing from a paper cone of hot frites doused in mayonnaise) or you can catch a tram with the locals, but you cannot escape one thing – the bridges. So many, many bridges. 1,539 of them, apparently.

Just like this year’s Eurovision song contest (but sadly without the glitter, outrageous outfits or Guy Sebastian), the theme for this year’s Data Protection Commissioners’ conference in Amsterdam was “Building Bridges”. I discovered this ‘bridges’ metaphor is extremely malleable. Every speaker somehow managed to make their topic related to bridges. It would have made a fun drinking game to down a shot every time you heard a speaker use the B word, but the fun might have worn off by the 57th vodka in the first panel session alone.

People then starting talking about “functional bridges”. (Really? Would anyone build a non-functioning kind? My Year 6 teacher would have been all over that tautological nonsense.) By the end of the first day I felt an itching desire for some metaphorical dynamite to blow up all the metaphorical bridges.

But leaving aside the tortured use of language, more frustrating was the exclusionary, EU/US-centric discussion.

These conferences have often tended to focus on analysing – to death, sometimes with heated debate from people holding entrenched positions – the differences between and relative merits of the EU and the US approaches to privacy regulation. The EU approach is similar to Australia’s approach: generalist privacy principles built into omnibus (aka cross-sectoral) privacy laws with specialist privacy regulators. The US approach is to have only sector-specific privacy laws (e.g. a video rental privacy law, financial privacy regulations, a health insurance privacy Act …), but also a powerful consumer protection regulator with a broad remit, in the form of the US Federal Trade Commission.

Occasionally at these conferences someone like me from TROTW (the rest of the world) will raise their hand and point out (a) that TROTW indeed exists, and (b) we tend to not argue about whose system is better, we just want to get on with it, and can we please now talk about concrete examples instead of theories?

2015 was supposed to be different. The ‘building bridges’ theme was intended to put aside all debates about the relative merits of legal approaches, let bygones be bygones, and instead focus on practical solutions to privacy problems.

“Hooray!” I thought. I was hoping for some enlightening discussion – nay, even actual examples! – of how to turn abstract legal principles into concrete operational decisions and systems design. But no such luck.

We were back to discussion of EU/US data transfers, to the exclusion of almost everything else. Each topic was seen through the lens of the recent unravelling of the Safe Harbor scheme, leading to much hand-wringing about what American companies and EU regulators are supposed to do now about their transborder disclosures. Back to square one: “my legal system is better than yours, nah nah nah nah nah”, and the more positive, but naïve, “hey, maybe we should instead design a universal set of privacy principles to cover both of us!” It was left to representatives from TROTW, like Colombia and Canada, to point out that the creation of a ‘universal’ set of privacy rules, as proposed in the 2009 ‘Madrid Resolution’, is not the task of the EU and US alone.

While the Privacy Bridges project itself was understandably written to meet its terms of reference, which were confined to non-legislative ways to “increase the transatlantic level of protection of personal data” – i.e. manage privacy issues arising from transborder disclosures between companies in the EU and the US – making the Privacy Bridges report the primary focus of this “international” conference was a disappointing waste of the time and expertise of the individuals assembled there.

The narrow focus on multinational companies sidelined voices from civil society, as well as our client base: small-to-medium businesses, NGOs and public sector agencies facing privacy challenges which have nothing or little to do with multinational transborder data flows. The topic of discussion offered nothing new or pragmatic to take away on privacy hot topics like Big Data, drones, the Internet of Things, re-identification or geolocation data.

And the arrogance was taken to squirm-inducing new heights when those of us from TROTW were repeatedly asked to identify ourselves in the audience; we were then told that the ten ‘bridges’ described in the report “may also be useful for those of you in the rest of the world”. Oh please. That is as patronising and offensive as a former Australian Prime Minister coming to Europe and telling you how to deal with the Syrian refugee crisis.

It was almost embarrassing to see how an “international” conference managed to sideline both the privacy concerns of, and the privacy expertise from, the 164 countries that are not either America or in the EU; that’s 85% of the 193 members of the UN. There are billions – yes, billions – of people who live nowhere near the Atlantic Ocean. China and India, anyone?

In my view, the ‘ten bridges’ report presented only a nice list of things to talk about, for a closed circle talkfest of European regulators and American businesses, while Rome burns.

I hope that next year’s conference organisers, including the hosting data protection authority of Morocco, are willing to take a more inclusive view of our world, and thus allow an array of truly international voices to be heard, and wider expertise to be shared amongst the privacy community.

 

Photograph © Anna Johnston

Filed Under: Uncategorized

If you enjoyed this blog, subscribe to our newsletter to receive more privacy insights and news every month.

Privacy Compliance Kits

Recent Posts

  • OAIC determinations shed light on when data is regulated as ‘personal information’
  • Big Tech, Individuation, and why Privacy must become the Law of Everything
  • Should birds of a feather be FLoC’d together?
  • Why can’t Aunty get the ABCs of privacy right?
  • Privacy law reform in Australia – the good, the bad and the ugly
  • Between 7 and 11 lessons you can learn from the latest OAIC privacy case
  • Privacy and gender: what to ask, when and why
  • What covid apps can teach us about privacy, utility and trust in tech design
  • Cat or carrot? Assessing the privacy risks from algorithmic decisions
  • Not too much identity technology, and not too little

Archive

  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015

Search

Salinger Privacy we know privacy inside out

Salinger Privacy can help you navigate the complexity of the regulatory environment, and ensure the trust of your customers.

CONTACT US

T: 02 9043 2632
PO Box 1250, Manly NSW 1655
Email Enquiry

© Salinger Consulting Pty Ltd
ABN 84 110 386 537

Our Privacy Policy

Subscribe to our newsletter.

These details will be added to our mailing list to receive the Salinger Privacy eNews and Product News newsletters. You can unsubscribe or adjust your preferences at any time, from the bottom of any newsletter.