1. The EU Data Protection Directive has aged remarkably well — especially since it is based on principles that date back to a 1973 US Health, Education and Welfare report, updated by the OECD and Council of Europe in the early 1980s.
BUT purely legal protection isn’t sustainable given:
- Ongoing rapid increase in CPU, bandwidth, storage
- Sensors everywhere (CCTV, mobiles, ubicomp)
- Corporate and government data-lust (marketing/Phorm, counter-terrorism, efficiency and personalisation drives)
- Flaky systems and insiders
- Speed of judicial system — DNA Database case took 17 years before decision by European Court of Human Rights (S & Marper v UK)
2. The UK's Database State/Transformational Government programme shows one possible direction of travel — a National Identity Register supports databases on steroids (NHS care records, DNA, Intercept Modernisation Programme, ContactPoint, ANPR), with CCTV everywhere.
3. Web Science can help! Privacy by Design is needed:
- Accountability for data use — explored by people like Danny Weitzner at MIT — BUT subject to legal and social changes such as greater acceptability of profiling
- Minimisation is critical — proper requirements engineering, and design of protocols and systems that limit 2nd-party access to identifiable data
- PETS can make a large contribution to this (like the anonymous credentials in CardSpace and Idemix)
- Understanding user and organisational concerns eg Privacy Value Networks.
4. Immediate wins:
- Web 2.0 encrypt cloud data for storage and processing, decrypt at client with eg Google Gears
- Privacy-friendly advertising with client-side user-controlled segmentation and Private Information Retrieval to access adverts
- Ubiquitous communications encryption
5. Privacy by Design is a good opportunity for Web Scientists to bring together expertise from law, computer science, political science and psychology to safeguard fundamental human rights on the Internet and throughout society.