Chatham House recently hosted a roundtable discussion with Julie Brill who was a Commissioner with the US Federal Trade Commission from 2010-2016 and has an extensive background in data protection, privacy and cyber security. ‘At the Intersection of Data Privacy and the Internet of Things’, chaired by Emily Taylor developed a number of interesting lines of discussion amongst the group. Eric Schmidt’s suggestion that ‘the Internet will soon disappear’ as it becomes more ubiquitous and pervasive, set the tone.
A central issue was the changing perceptions or understandings of what exactly constitutes ‘privacy’. One participant made the observation that while this used to refer to ‘the right to be left alone to ponder a decision’, it has shifted now to ‘the right to control’. In other words, people want to participate through online channels but they also want to be able to do so on their own terms.
Participants raised a number of challenges to the smooth implementation of the GDPR next year. Anecdotally, there are suggestions that many businesses are yet to become fully acquainted with their new obligations, let alone have developed the structures and processes necessary to deliver on them. There was a sense that the US private sector is doing relatively well in this regard, the EU is making progress but there is still plenty of work to be done in the UK.
At the level of Data Protection Agencies, the GDPR also raised questions about how these bodies will share information in the course of investigations. Unless these terms of engagement and cooperation are very clear and functional, derogations could cause real problems. There is arguably more research needed on how this will be handled across jurisdictions come May 2018.
One focus was the shifting geo-political landscape of privacy regulation and leadership. With the UK in Brexit mode and the US position unclear under the current administration, Germany, France and Ireland seem well situated to play a major role. There were mixed views on the utility of regulation but an agreed preference for ‘technology neutral’ laws that can be further adapted as the context changes.
We closed with a discussion of global data brokers and the power they wield now which will increase as the IoT grows. In a sense, it is these actors, typically obscured by the glossy coating of IoT devices, services and apps that warrant close scrutiny. Understanding how they work is essential to understanding how, as The Guardian recently put it, we are no longer customers in the digital economy – in fact, we are being ‘farmed for data’. A dystopian view but perhaps not an entirely unjustified one.