April 7, 1999 Privacy in Transition -- and What’s Next? Alan F. Westin Professor of Public Law & Government Emeritus, Columbia University and Principal, Privacy Consulting Group at the Summer Privacy Symposium, Cambridge, August 19, 2008
A Dramatic New Privacy Environment April 7, 1999 Last August, I outlined a set of powerful technology applications and societal trends that have fundamentally altered the relatively stable successive privacy law and practices environments of the 1960s to early 2000s I posed the question: do we need a new privacy framework for this environment or can we apply the Fair Information Practices concepts to the new challenges This is where I want to pick up today, by first noting the unprecedented effects of the new technologies and social trends… Then identifying the major privacy laws and regulatory initiatives I see as likely to unfold, in response, over the next 3-5 years
Ten Developments Transforming the Privacy Environment -- A Quick Review April 7, 1999 The all-pervasive Internet 2.0 “Identity crisis” and data breaches Social networking and video posting The Blogosphere Behavioral target marketing The mobile revolution Anti-Terrorist surveillance Monitoring and photographing public spaces Electronic patient health records In the U.S., a growing culture rejecting privacy constraints
Powerful Effects of These Trends April 7, 1999 Creation of vast storehouses of personal data on a large majority of the population: -- from voluntary personal communications -- emails, social networking and video posts, blogs -- from trackable online activities -- shopping, information seeking, games, etc. -- from the move to online banking, travel, and other services -- from citizen uses of new online/electronic government services -- from new computerization and networking of some previously manual sensitive personal record systems, such as patient health records -- from stored camera surveillance tapes at public and private venues x
With Three Troubling Realities April 7, 1999 1. Most of these personal data are being stored for long periods if not permanently, and are generally searchable by individual identity to retrieve desired elements or create profiles Existing laws and voluntary policies do not cover many uses of these new personal-data storehouses, by businesses, employers, police, etc. These storehouses stand today in a basically insecure data environment, marked by continuing data leaks and large-scale identity thefts
Effects of These Realities… April 7, 1999 Entering a period of major new national (and state) privacy law debates. Will include consideration of: A national online privacy law and regulatory administration 2. A privacy code for mobile communications and services 3. A new federal privacy code for electronic health records A new federal privacy act covering government electronic services and dissemination of public records Federal identity management standards for both the private and public sectors 6. Revision of federal anti-terrorist surveillance systems
Likelihood of Enactments? April 7, 1999 History of privacy legislation and regulation since 1970 warns that enactments often falter or produce weak outcomes And, new social drives to communicate, reveal, and network often trump privacy worries by the public, however majorities lament threats to privacy But, I see the next 2-4 years as a period of serious national consideration of new privacy standards and processes Much depends on how industries adopt voluntary programs and IF they can earn public trust for these My guess: 2012 will see a major new privacy-law system, adopting Fair Information Practices to the new electronic-information-driven environments
Our Symposium Will Explore these Issues April 7, 1999 What is happening in all of these new privacy environments, how well or poorly existing laws and voluntary policies are doing, and what are the choices for new privacy rules are what will be explored in the Symposium sessions today and over the next two days