According to a recent poll, an overwhelming percentage of people believe that their information is not private. They want new rules about how companies and governments can use online data about them. Its global survey found that 83% believe new rules are required to compel governments and companies to handle data more responsibly, whether personal or medical data, or data picked up on social websites or other platforms where people routinely engage.
A recent report found the rate of data breaches accelerating and the cost to business and consumers increasing. Clearly action is needed.
But while governments have a critical role to play, they should be careful of the policy traps that have littered the privacy field in the past.
First, “balancing” is a popular term in the policy world. But balancing privacy protection with the availability of new services is the wrong starting point. Users want both innovation and privacy protection. They should not be asked to trade-off basic protections for new services. Governments and businesses should make a commitment to achieve innovation and robust safeguards for personal data.
Third “interoperability” is also a policy dead end online privacy. The global network brings together consumers and businesses from around the globe. The key to online privacy are common standards for data protection that simplify data exchanges and provide trust and confidence in new services. End-to-end encryption, data minimisation, and Privacy Enhancing Techniques–not “interoperability”–are obvious solutions to many of the privacy and security challenges facing users today.
Regrettably as user concerns about privacy have increased, and the risks of data breach and data theft have grown, many governments have followed these insufficient strategies, which have only increased public concerns.
The good news is that the OECD has been at the forefront of efforts to promote good policies and good technologies to promote growth and innovation while safeguarding privacy since the early days of the Internet. The OECD Privacy Guidelines of 1980 remain one of the most influential data protection frameworks in the world. The OECD Privacy Guidelines have provided the basis for national law and international agreements. For example, in the United States the OECD Privacy Guidelines provided the basis for the privacy law to protect the personal information of subscribers to cable television services. Of the many privacy laws in the United States, the subscriber privacy provisions in the US Cable Act are among the very best.
The OECD also promoted the use of robust encryption with the OECD Cryptography Guidelines in 1997. Encryption is a critical data security technique that has helped make the possible the growth of the commercial Internet. No doubt crypto will pose some challenges for government, such as concerns about access to data of targets of criminal investigations. But the costs of poor security measures are also very real. Data breaches continue to rise, leading to identity theft and financial fraud. Many companies are collecting data they simply cannot protect. Governments should actively promote strong encryption particularly for cloud-based services, because it is not possible for users and businesses to monitor the security standards of those who store data remotely.
Of course, hi-tech firms are not waiting for policy makers to solve these problems. Companies such as Apple and WhatsApp have decided to build in strong security techniques to protect the data that has been entrusted to them by their users. These companies should be supported for addressing privacy challenges.
Protecting the interests of citizens a key responsibility governments, Yet many governments have experienced data breaches, including medical records, tax records, and even voting records. The Internet drives innovation, productivity growth and communication. But it is also a harbinger of data breaches, identity theft, and financial fraud, all of which have trended up during the Internet era. Users are rightly concerned about the protection of their personal information. And the indicators all suggest the problems will accelerate over the next several years.
Governments have a central role to play, but they should avoid hollow solutions, slogans, and failed strategies. If they want the digital economy to grow strongly, there is serious work ahead.
©OECD Observer No 307 Q3 2016