Sunday, September 5, 2010

10 paths and they're all hard



We spent a couple days on mountain bikes in Switzerland recently. We got lost a lot. We didn't use GPS or geo-location-apps. We didn't really know where we were going, but we sort of had faith in our legs and our bicycles that we'd somehow get up and back down.

It was good to get out on a mountain. It clears my head. I was trying to think of the big privacy challenges this year.

And like choosing a mountain path that you don't know, these privacy challenges may turn out to be easy, or they may turn out to be the hardest ride of your life.

Here's my list of this year's cliff-hangers. And like any good cliff-hanger, I'll be back to comment on all of them in the months ahead.

1. Location: who should know where you are and where you've been and how can you control it?

2. Face recognition: how to enable useful apps without creating a mass surveillance device?

3. Data minimization: can we (or should we) restrict some data collection in the age of data ubiquity?

4. Notice and consent in machine to machine processing: e.g., how can a user meaningful exercise control and consent when apps instantly share data?

5. Communicating with end users: everyone agrees privacy policies aren't human-friendly, but does anyone have a better idea?

6. Social graph: what can algorithms know or deduce from your public social graph and what can you do about it?

7. Online mapping: what's private in a public place?

8. Droit a l'Oubli: can a line be drawn between "forgetfulness" and censorship?

9. Conflicts of laws: how can sites on the global web comply with conflicting rules from country to country, and is the global web balkanizing?

10. Anonymization: in the age of data mining, what is "anonymous", or is everything somewhere on a spectrum to identifiability, and what does that mean for privacy practices?

4 comments:

Regis said...

Dear Peter, first I d like to thank you for your blog, I am an attentive follower. Secondly, i am quite sure that your french is far better than my english, so i switch in French.

House counsel dans le monde du software je suis passionné par les TIC et dirige un Blog sur le sujet (http://pi-tic.over-blog.com/). La lecture de votre Post m’interpelle car, moi aussi à l’occasion de mes congés dans les Alpes, j’ai eu l’occasion de prendre du recul sur certains sujets, et notamment sur les ‘Privacy Policies’. Le constat est évident, la quasi-totalité des Policies sont illisibles pour un lecteur non-averti. Il me semble que dans d’autres domaines du droit, la ‘vulgarisation’ est plus avancée, par exemple pour le droit d’auteur avec les licences Creative Commons qui se répandent sur le net (http://creativecommons.org/about/licenses/). Ne pourrait on pas travailler dans ce sens ? Identifier les règles communes fondamentales et offrir aux individus un accès rapide et interactif à leurs droits en front, tout en conservant l’exhaustivité des Privacy Policies en back ? Qu’en pensez vous ?

Félix Haro said...

Hi, Regis

Our different European legislations don't ask us, the controllers, such a long 'privacy policies'.

Almost in Spain (and France, I can suposse) we have clear the concrete points about we have to inform our customers or users. The rest is simply 'an american tale', as I often say my colleages.

We tend to 'copy' things coming from USA, and they aren't all correct for us. They are correct for them.

Regis said...

Hi Felix, that's funny, because i first read 'an american tail', and it works too ;-)
I totally agree with you, but we have to 'swim' in a global context and it means that we have to care about the 'American Tale'. Here in France, i worked in a Marketing agency a couple of years ago, and privacy was a main point for us. Main doesn't mean unreadable and policies were actually pretty light. However, it was specific policies, what about a global service like Google? I guess it 's a legal Everest to rethink Global Privacy Policies... but well, let's do it ;-)

Anonymous said...

Please allow a tangent comment. You used the word "spectrum," and my mind supplied "continuum," instead. Upon consideration, I liked your word better. The color spectrum is a continuum in terms of wavelength, but the eye perceives discrete colors, nevertheless bound by ordinal rules. I wonder if the privacy "spectrum," can be successfully organized into a logical progression. The idea of reducing it to a continuum might motivate us to try :-)