A fight may be shaping up between experts who want to loosen recommended government privacy guidelines for developed countries and those who fear changes will lead to greater privacy infractions by government and enterprises.
The split emerged earlier this month when a report was released by three privacy experts — Ann Cavoukian, Ontario’s information and privacy commissioner; Khaled El Emam, Canada research chair in electronic health information at the University of Ottawa and Alexander Dix, commissioner for data protection for the German state of Berlin.
They complained about what they see is a proposal to diminish certain principles set out in guidelines by the OECD (Organization for Economic Co-operation and Development).
That proposal came from a trio asked to look into whether the 1980 OECD guidelines for data protection – called Fair Information Practice Principles (FIPPs)– should be changed. That report, written by Fred Cate, an Indiana University law professor; Peter Cullen, Microsoft Corp.’s general manger of trustworthy computing; and Viktor Mayer-Schonberger, professor of Internet governance at Oxford, recommended the guidelines shift responsibility for personal data protection away from individuals, and have governments and organizations be more transparent on how personal data will be used.
Among their recommendations is to “restore the balance between privacy and the free flow of information that was the original goal of the OECD Guidelines, and avoid suppressing innovation with overly restrictive or inflexible data privacy laws.”
“Encouraging the weighing of harms, benefits, and measures to mitigate harm means that unique circumstances should be given consideration,” Cate report says in part. “In addition, the principles address data collection by government entities separately and require “clear and understandable notice” when personal data “affecting the employment, health care, financial products or services, or legally protected rights of an individual” is involved.
It also says data users should be made more accountable for the personal data they access, store, and use, and held liable when harm to data subjects occurs.
However, the Cavoukian group calls the proposals “alarming.”
“We believe the proposal reflects a paternalistic approach to data protection that, if implemented, will likely weaken rather than strengthen privacy in the 21st century,” they say. “Leaving it up to companies and governments to determine the acceptable secondary uses of personal data is a flawed proposition that will no doubt lead to greater privacy infractions.”
“In light of Edward Snowden’s revelations of widespread mass surveillance by the state, and with governments also gaining access to large databases in the private sector (as well as the historical record of state abuses), we question the desirability of lowering the standards of privacy and data protection.”
The OECD is a association of 34 governments (including Canada, the U.S., Australia, Japan, and Israel) that studies economic issues and makes non-binding recommendations to foster prosperity.