Giuseppe BusiaSecretary General
Italian Data Protection Authority
Fundamental Rights Forum
Rights, Respect, Reality: the Europe of Values in Today's World
Wien, 21st June 2016
Protecting and Promoting Privacy
in a Data-driven Society
Problems
huge amounts of data
collected
continuous and
invisible surveillance
profiling
predicting personal
preferences
influencing decisions
Benefits
improved medical
treatments
sophisticated services
facilitated provision of
public services
encouraging sustainable
development
improving citizens’ quality
of life
1. How can regulators best serve their mission in the data-driven society?
Modern technologies:
Avoiding knowledge gaps
Traditional rules to be applied and adapted to a new
and dynamic landscape
New European rules (portability and access): must be
clarified, reinforced and reconciled with others’ rights
(trade and industrial secret, proprietary rights)
Simplify rules to disseminate the value of privacy
standards and the consequences of their breaches
The real challenge: a Forward-looking
Approach and a Well-balanced Action
1. How can regulators best serve their mission in the data-driven society?
less Bureaucracy, more Effectiveness: a Bottom-up Approach
European rules = regional applicability = influencing juridical regimes
of other countries because of:
* the new regime of applicability to all the entities that use data
coming from Europe
* the natural attitude of some rules to increase their effects
outside their boundaries, especially when they regulate the
processing of data on the web
Data protection is not a regional issue, but a global one and as such it
requires a global response:
* acting locally, to regulate globally
* protecting individuals also in other countries that have less
democratic traditions than Europe
Implementing Expansive Rules:
Promoting a “New Deal”
2. Implementing best practices
Changing Perspective: from the Single
Personal Data to the Profile
Data Protection is changed in these last years
Through algorithms and artificial intelligence, a vast amount of (automated)
decisions that affect individuals
Emerging risks of new discriminations
The real engine of the whole system is no longer the single personal data, but
the profile, i.e. the particular combination of data (collection of Big Data) that is
used to offer personalized services and products
The new EU legal framework can help regulators in this task, offering some
significant tools, in particular:
* the right to access and rectification, in order to counterbalance the
’tyranny‘ of algorithms
* the creation of the new, powerful right to data portability , which aims to
increase user’s choice of online services, due to the right to receive the
personal data concerning him or her and have such data transferred to
a different controller
Raising Awareness and Empowerment of Data Subjects
2. Looking for best practices
Responsibility vs. accountability
* data controllers must be accountable for their processing
* data subjects should be aware of the growing risks which depend
on the different types of processing and the different types of data
– biometric, sensitive – used (e.g. profiling = influencing decisions;
dissemination = losing control and identity theft; geolocation =
continuous surveillance)
Data subjects should take on a leading role in the future society:
* they can influence the market by selecting and preferring
companies and service providers that really protect their
personal data ; they should be the “masters of their data”, not just
“data sources”
The key role of transparency and its simplification: a traffic light to
immediately show the grade of risk of the treatment?
The crisis of the consent: a “sunset scheme” for some treatments?
Engaging public and private
Stakeholders
2. Looking for best practices
Respecting privacy rules should be regarded as an element to be valued
by European companies, as a competitive asset in offering better
services to their customers and users
In addition to the existing rules, companies should follow a widespread
privacy-oriented focus in their business in order to develop and improve
transparency and promote trust by data subjects
The same should apply to public institutions, which should target their
key policies at “privacy mainstreaming”
Thank you for your attention!
Top Related