Saturday, 28 April 2012

Introducing “Billy the Great”

I had an excellent booking last Thursday morning – I was the warm up act to introduce the keynote speaker – the Irish Data Protection Commissioner - to delegates attending the first IAPP Europe Data Intensive Conference ever to be held in London. As we all ought to know, Billy Hawkes was first appointed Commissioner in 2005 for a five year term, and again in 2010 for a further five years.

I won’t explain in any great detail just what my warm up act comprised - let’s say it didn’t take too long before some of it appeared on Twitter. But it was warm, from the heart, and had the audience ready and oh so willing to receive Billy’s address.

And what Billy had to say was very interesting. Again, as we all ought to know, his office has taken an extremely close look at Facebook recently, in the light of various complaints about some of their processes. He explained that he would be announcing the results of his latest audit, and his official response to the complaints that have been received, in July. He did not indicate what he was likely to say, other than to refer to the importance of the need for Facebook to better control the applications that use and share information that Facebook users transfer to their personal sites. But there were no other words of criticism about Facebook. They have evidently been as transparent as possible with their processing operations, and have fully respected the role that he, as an independent regulator, has to play in the current process.

Billy may be the type of man that prefers his local pub as his social network of choice, but I have full confidence in his impartiality, when it comes to assessing Facebook.

What a refreshing change from the approach recently taken by some other opinion formers when considering complaints about Google’s processes. Those opinion formers preferred to publicly denounce the company for operating processes which, in their view, could conflict with European privacy laws, without even waiting for the results of the evidence they had requested to help them make up their minds as to whether the relevant laws had been breached.

Give me Billy’s approach, any time.

Billy was followed to the stage by Alessandro Acquisti from Carnegie Mellon University, the co-director of CMU Centre for Behavioural Decision Research. Alessandro astounded the audience with the results of his recent and ongoing academic research into how data controllers can get users to share ever more confidential types of personal information with either their friends – or with the data controller. In a stunning reveal, he gave us a glimpse into the way that modern processing speeds were capable, using facial recognition techniques, to gather significant amounts of other information from data freely available on the internet, to enable a data controller to peer deep into the soul of whatever individual was being photographed.

What I thought was science fiction is, perhaps, not that far away from reality.

But there is hope for us all – we all just need to wear our “Prince William” masks when we step onto the public pavement, and then we’ll be treated with courtesy and respect wherever we go.

Watch out for Alessandro’s work when the next batch of his research is formally published. This research (if it's right, and I have no reason to suspect otherwise), is literally changing the privacy game. If data controllers are going to be capable of using some of those techniques, and individuals are going to feel so engaged that they share ever more information about themselves with their friends and other data controllers, then we really do need to call for a stiff drink and ask ourselves what privacy actually means to emerging generations of citizens. We won’t need that Regulation. But I won’t explain why in this blog.

So, I sense that soon it will be time to quietly put away the European Commission’s current proposals for a new legal instrument to govern data protection matters. Then we’ll all be off to join Billy and his colleagues for a pint of two at his favourite social network in Portarlington, County Laois, to work out just how much this privacy stuff realistically can be regulated.

Note to event organisers:
From the end of May I’m available for bookings for other speaking gigs. Get in touch if you require a passionate and/or somewhat irreverent compere for your privacy event!