European citizens leave ever increasing quantities of electronic footprints. A report from EPTA points out how policy makers can address the new challenges to privacy.
Information technology and mobile communication are constantly developing, and dramatically extend the possibilities for data collection, storage and analysis. Wherever you go – in the Internet, driving your car in urban areas, or just walking around with your mobile phone turned on – you leave “electronic footprints”. These footprints can easily be stored, copied and searched for an indefinite period of time.
Short term gains from the use of new technology might have severe long-term effects for privacy unless action is taken by the authorities, stresses a report from the European Parliamentary Technology Assessment network (EPTA). The report summarises findings from seven different European countries.
Users can’t be solely responsible
The report discusses present and future challenges in five areas that affect privacy: Security, access to information and services, societal interaction, convenience and economic benefit. In addition, the report surveys the rapid development in e-government and e-health.
In all these areas there are trade-offs between conflicting societal values and rights. A balance has to be found – policy makers need to make decisions on the extent to which the individual should be responsible for protecting his or her privacy.
- Although many users may be aware that they disclose personal information when using ICT, they can’t be expected to have an overview of the long-term consequences, says Tore Tennoe from the EPTA group.
Securing the future privacy of European citizens presents many challenges for policy makers. The ETPA group presents policy options to meet these challenges.
Review of surveillance systems by independent body
An important task for governments is to provide their citizens with a high level of security. However, they need to consider whether more surveillance is justified.
It is important that surveillance systems are properly assessed. Their value depends on them being effective, not easily circumvented and resulting in a real security benefit. One option is periodical review of surveillance systems by an independent publicly accountable body.
Citizens’ access to their own records and logs
eGovernment increases the flow of information between different public units, in order to provide desired services. It has the potential to dramatically increase the amount of personal information officials hold about citizens.
- A vital challenge is how the technology can be used not only to increase efficiency for the public administration; but also to strengthen privacy for the citizen. Governments could consider a mutually transparent system that gives citizens access to their own records and logs, and allows them actively to control the flow of their own personal data, says Tennoe.
Empowering data protection agencies
The mandate of data protection agencies remains weak in many countries. As long as ignoring data protection rules bear no consequence, there will be no incentive for industries and public bodies to incorporate privacy principles into their IT systems and services.
A crucial question is the capacity of these agencies to handle complaints in due time. Governments may need to consider seriously whether data protection agencies should be able to proactively conduct investigations, impose effective penalties and monitor the activities of public and private organisations and their approach to data management.
Mandatory privacy impact assessments
The study shows that privacy threats could often be avoided if data protection concerns were built into information systems development from the start. Mandatory Privacy Impact Assessments (PIAs) can contribute to ensuring that privacy is taken into consideration.
In the public sector, PIAs could become a prerequisite for IT project procurement. Although they will involve financial costs, the benefits may be significant. It is cheaper to include privacy concerns in the design phase of systems than to make them privacy compliant at a later stage.
Privacy enhancing technologies (PETs) could be systematically integrated into systems development. An important PET principle is that systems should only collect data on a need to know – not a nice to know – basis. Delivering services without collecting excess data is cost-effective as well as socially desirable. International privacy standards can enhance consumer trust and promote equal privacy protection worldwide; and they encourage corporate response.
This is a good time for policy makers to rethink privacy policies, says Tore Tennoe. There is a rapid development of e-services and a new security situation. New technologies such as RFID, biometrics and pervasive computing are also developing rapidly and thus create new possibilities and threats.
- Our report shows that the value of privacy is underestimated by citizens, policy makers and enterprises. It concludes that there is need for more research on mid- and long-term effects of weakened privacy, and we would also like to see more public dialogue on these issues.