Presentation on theme: "International Symposium on Confidentiality, Privacy and Disclosure in the 21st Century University of Manchester, 3 May 2005 RULES, TOOLS AND PRIVACY PROTECTION."— Presentation transcript:
International Symposium on Confidentiality, Privacy and Disclosure in the 21st Century University of Manchester, 3 May 2005 RULES, TOOLS AND PRIVACY PROTECTION CHARLES D. RAAB University of Edinburgh firstname.lastname@example.org
PRIVACY PROTECTION IS ABOUT RISK AND SAFETY So are (e.g.) environmental protection, health protection, food safety, road safety, etc. Safety is not measured. Risks are measured. Only when those risks are weighed in the balance of social values can safety be judged: a thing is safe it its attendant risks are judged to be acceptable. (Lowrance 1976: 75; emphasis in original) Measuring risk -- measuring the probability and severity of harm -- is an empirical, scientific activity; Judging safety -- judging the acceptability of risks -- is a normative, political activity. (Lowrance, 1976: 76-77; emphasis in original)
TEN QUESTIONS ABOUT RISK (1) What do we know about privacy risks - can they be assessed? Risks to whom? Risks of what? How do we know if they are great or small? Do some information practices objectively put privacy at risk, or are we only left with what some people subjectively think or feel?
TEN QUESTIONS ABOUT RISK (2) What risks are acceptable, and to whom? Should we see technologies and practices as safe until proven dangerous, or as dangerous until proven safe? Can privacy impact assessments tell us anything about risks? Are privacy risk/impact assessments merely pseudo-science, or can they help prqctitioners, regulators and the public? What are the consequences of individual self- help to reduce ones risk of privacy invasion?
TOOLS FOR PRIVACY PROTECTION Transnational, e.g.: OECD Guidelines, Council of Europe Convention, European Data Protection Directive Legal regulatory, e.g.: laws and enforcement machinery Self-regulatory, e.g.: privacy commitments, codes of practice, standards Technological, e.g.: privacy-enhancing technologies and infrasrtuctures (biometircs, lex informatica/code, trusted-third parties, etc.) Market-related, e.g.: consumer education, contracts, trust marks, opt-out/in choices
A TOOLBOX? What mixture? What synergy? What conflicts?
QUESTIONS FOR CONSIDERATION Is there a shift from legal tools to other ones? [if so, what are its consequences?] Is there a shift from national to global privacy regimes? [if so, what are its consequences?] Is there a shift from a rights-based conception of privacy to a consumerist one? [if so, what are its consequences?] Is there a shift from individualist to social conceptions of the value of privacy? [if so, what are its consequences?]