CookieLaw Blog December 12, 2012

Does Privacy Need a Complete Overhaul?

I have been reading, and re-reading a very interesting paper recently (Nov. 2012) published by Microsoft – Notice and Consent in a World of Big Data

It is a report on a series of summit meetings sponsored by Microsoft in Washington DC, Brussels, Singapore, Sydney, Sao Paulo and then a final one back at Microsoft HQ in Redmond.  The meetings brought together leading privacy experts from academia, government, business and advocacy groups for high level discussions on the future of privacy.

The discussions were held under the Chatham House Rule, which prevents the reporting of individual contributions and therefore encourages more open and free discussion.  As nobody goes on record, they don’t have to be seen to promote or adhere to the views of their employers or interest groups they may normally represent.

The aims of the meetings were not to establish or agree on particular policy approaches or specific issues in different part of the world, so they didn’t get booged down in specifics like the Do Not Track debate.  Rather the aim was to create a dialogue around some of the fundamental principles and ideas that underpin national, regional and industry laws and guidelines.

Those principles are the OECD Privacy Guidelines adopted in 1980, based on the Fair Information Practices concepts developed during the ’70s. 

Those OECD guidelines provide the underpinning for almost all privacy legislation around the world today.  They established the basic model that processing of personal information should be based on informing people about the processing, and obtaining consent.

It is these principles that have given rise to ever more complex privacy notices and tick-boxes for accepting terms and conditions that few people ever read, or even have time to.

The basic premise for the discussions was that these principles, written long before the emergence of the internet as a global communications tool, are not fit for purpose in a world ever more dependent on big data.

They don’t protect privacy when such a small proportion of those impacted by data collection and processing even read, let alone understand what they are effectively giving consent to.  They also create barriers in some cases, to the ability to exploit data processing power to drive huge potential social, scientific and economic gains that could benefit us all.

Therefore, according to the report, what is needed  are  a new set of principles that will power an entirely new approach to the use of data, better balancing the right to privacy with competing interests for both commerce and society as a whole.

Key phrases that jump out are ‘responsible stewardship’, ‘transparency’, the opportunity for individuals to exercise their rights, and clear oversight by regulators.  The need for better security of data against loss or theft was also highlighted.

The report recognises that this is a difficult goal, and is likely to take a lot of effort, especially if consensus is to be achieved.  However, it also rightly points out that some degree of global consensus is needed – because in an environment where data moves freely all around the world, there needs to be consistency of expectation that it will be secure and fundamental privacy rights respected.

Overall the paper is an excellent overview of the important issues that need to be tackled, and while it claims to provide no answers, gives some strong indications of where they may come from.

We are probably a long way away from a world where it no longer becomes necessary to read privacy policies of Shakespearian length in order to understand our rights, and have them protected.  However, it we can find a way to change the game, and give individuals greater control over their privacy more effectively and efficiently but without preventing innovation, then it will be a worthwhile journey.

If Microsoft can continue to help drive this effort forward, they should be encouraged at every turn.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter