Tagged: privacy

Annual Data Summit “Harnessing the Power of the Digital Revolution”

news10-22-politicoOn the 13th of October, Politico Europe, in partnership with Telefonica, organized the second Annual Data Summit, under the heading “Harnessing the Power of the Digital Revolution”. The focus was on the opportunities that processing data could bring, as opposed to underlining the risks which get too much of the spotlight, according to Telefonica’s representative. Keeping in mind the importance of privacy, he went on to stress the benefits that Big Data could bring such more efficient and smart transportation/logistics, healthcare, education, access to financial services, all of which will contribute to creating economic growth.

COFACE-Families Europe has been very skeptical about the so called “benefits” of Big Data. In an article entitled “Fintechs: Milking the Poor”, Families Europe denounces the illusions of improving access to financial services via Big Data driven innovations, especially in Europe.

Commission Vice-President Andrus Ansip stressed in his keynote the importance to enable free data flows across borders, especially within the EU, and therefore in opposition to the “data localization” trend where in the name of privacy, data about users would have to be hosted at their national level. In the European Union, there are already 50 laws in 21 Member States about data localization and this could greatly increase the costs of hosting/processing data as setting up data centers in each Member State is inefficient as some countries’ climate and environment is better suited for optimizing data centers’ energy use. EU startups would be most penalized by data localization as the “big” players such as Amazon, Google, Facebook have the means to comply with data localization measures.

While data localization laws aim at addressing national security concerns as well as privacy concerns, Andrus Ansip stressed that free data flows and privacy are not incompatible. He went on to underline the necessity for guaranteeing data portability as another precondition for enabling free data flows.

While COFACE-Families Europe does not deny that public data which can be used to serve the common good: healthcare data or transportation data could help prevent or fight more effectively a number of health risks/diseases or prevent road accidents and enable smoother and smarter traffic management. As always, the devil is in the details. The same data sets can also be used to carry out individual risk assessments and price certain citizens out of the insurance market. And this is but one of the most evident dangers. In some countries like China, data has also been used to identify “good” and “bad” citizens. Therefore, a number of conditions need to be fulfilled to ensure that data serves the common good, including the possibility for independent bodies to audit algorithms working with data to check whether they contain any form of human bias or have harmful consequences (social exclusion, discrimination…) on a part of society.

In the debate around the benefits/risks of big data, COFACE Families Europe insists on one key aspect: there is, as of yet, no objective measurement for deciding whether benefits outweigh risks/harm. How many consumers need to suffer detriment before there is a need to become concerned and intervene? 10? 100? 1000? And unfortunately, if we are to look at certain recent cases, it seems as if (macro)-economic considerations trump consumer protection.cFor instance, in the Volkswagen Dieselgate scandal, it seems as if the German authorities will not penalize or fine Volkswagen, and Volkswagen doesn’t plan on compensating consumers, at least in Europe. In essence, it is more important to defend a National “champion” than protect consumers from fraud, which, of course, directly fuels moral hazard, encouraging companies to reach systemic importance to be relatively immune from consequences in case of fraud. Thus it is important to strongly regulate big data or what can be done with consumer data rather than wait for market players to reach systemic importance, at which point it will be too late.

With regards to data localization, COFACE-Families Europe agrees that such policies carry many risks among which limiting freedom of expression, the possibility for governments to target dissidents more easily or forced jurisdiction (by localizing your data in one country, you are forcibly subjected to the laws of that country which may not be to your advantage). At the same time, the risks of data concentration in select countries also has some disadvantages such as creation of monopolies, an unequal share of the economic benefits of data, and the same threats for spying and targeting dissidents, simply concentrated in a few countries instead of being spread across the Internet.

COFACE-Families Europe advocates for a balanced approach where users should have the right to choose whether they want their data to be hosted inside their country or not. While it is true that setting up data centers in certain countries is less economically efficient than in others (linked to energy efficiency concerns mostly), concentrating data centers in a select few countries is simply an extension of the “comparative advantage” economic theory, which has led to massive trade imbalances between highly industrialized/developed nations and under-developed nations solely reliant on raw resource extraction. Data hosting and data centers should be part of the public infrastructure and public services, much like telephone lines, electricity, water supply or roads. In each country, there should be a minimum public service for data hosting, in addition to private data hosting solutions and users could choose, inside the services they use, if they wish their data to be hosted in their country or not. Such debates, however, might become obsolete anyways, since decentralized data hosting solutions are currently being tested and would enable users to host their data directly on their devices, bypassing the need for centralized data centers altogether.

Justin Atonipillai from the US department of Commerce followed Andrus Ansip and stressed, in his speech, the support for the open source movement, which has created many different ways to share and analyze data in an ethical way, respectful of privacy. Families Europe fully agrees with this approach.

The first panel of the conference touched upon key topics such as consumer choice, interoperability, openness and data portability. MEP Julia Reda underlined several important points which Families Europe fully supports:

  • Consumers must have the possibility to access their Internet of Things devices. For instance, the owner of a pace-maker could not access his own device to diagnose it for bugs even though he felt something was wrong.
  • Users should have the right to move their data, but at the same time, the right to data portability shouldn’t be mistaken or mixed up with the concept of “data ownership” and especially, the danger of transforming data into a commodity or a property that can be “transferred” or “sold” like any other good. This goes directly contrary to data protection rights as some types of data, such as highly sensitive data like health related data, should never be “sold” or treated like a commodity.

COFACE-Families Europe addressed the panel during Q&A to insist on including mesh networking capabilities for IoT. Mesh networking would allow users of IoT devices to connect directly to those devices without going through the Internet and the servers of the companies selling these IoT devices. Mesh networking also allows IoT devices to talk directly to each other and enable interoperability. At the moment, the technologies which enable mesh networking include WiFi and Bluetooth, but the upcoming 5G standards, which will equip most IoT devices, also need to allow mesh networking.

For more information about the event, please visit the Politico website here.

 

Digital Festival 2016 – an event promoting disruptive thinking in the digital world

by Martin Schmalzried

On the 21st of June, Forum Europe organized a Digital Festival, which consisted in a savant mix of high level panel discussions on the opportunities and threats of digitalization, a variety of live demonstrations of nascent or future technologies, and parallel workshop sessions covering many key issues such as Data Protection and Privacy, Connected Cars, Internet of Things, Blockchain technology and the emergence of Fintechs.

Data Protection and Privacy

With the enforcement of the GDPR, there will be an opportunity to strengthen data protection and privacy.  Although there were data protection laws in place before the GDPR, companies had little incentive to enforce them.  The penalties for breaching data protection and privacy laws were so low that some companies simply violated the law with the intention of paying any penalty if necessary.

With the GDPR, the penalty can now amount up to 4% of a company’s worldwide turnover, which should be a strong deterrent for breaching data protection and privacy laws.

Each company should now set up a data ethics department, which constantly reflects on how their use of data affects users and whether data analytics are compatible with key principles and values such as human rights, inclusion, anti-discrimination and so forth.

Finally, while there are new “tech driven” solutions to problems with the existing World Wide Web such as the Decentralized Web, speakers at the workshop agreed that we should focus on “fixing” the existing Web which was intended to be open and decentralized.

Connected cars

The workshop on connected cars consisted in the presentation from a company, Intelsat, pitching the advantage of using direct satellite connectivity for connected cars.  While it was clear that satellite connection has many advantages including a much higher coverage and reliability as opposed to mobile networks, there are several issues which need to be addressed.

Firstly, since putting satellites into orbit is highly costly, satellite service is a near monopoly which could cause many problems such as abuse of dominant position, price setting, “lock in” effect, even net neutrality issues all over again.

Secondly, assuming that connected cars will always require an Internet connection is linked to business strategies than fact. Mesh networking (via a mesh enabled 5G standard for instance) could enable connected cars to communicate directly between each other and inform cars in a certain area of accidents or road conditions without the need to go through the Internet (which of course goes against the interests of mobile network operators or satellite service providers).

More fundamentally, there are a myriad of other topics related to connected cars which deserve attention:

– How such data will be used and for which purposes? For instance, if we see insurance premiums based on data generated from connected cars, should we allow the “richest” drivers from paying for the right to drive like maniacs?

– How will connected cars affect the current business models of car manufacturers? There are already examples of GM which locks consumers into using “GM approved” repair shops whenever they need to fix their vehicles.

– How “safe” are connected cars in terms of hacking (there have been examples of connected cars being hacked from a distance) or even spying from governmental agencies?

 Fintechs

Several recent developments at EU level will affect the development of Fintechs.  First, the passporting of financial services will allow financial service providers to operate across all EU Member States.  Second, the enforcement of the PSD2 Directive will enable greater competition in the field of payment services via the use of an API. Third, it is not yet clear whether Fintech providers will fall under the scope of the EU Commission consultation and future policy on platforms which may affect issues such as how they treat consumer data and their business models.

There are many potential benefits from the emergence of Fintechs but also many risks to consumers and to that end, all speakers agreed that we need to closely monitor the market in order to decide whether regulation is necessary or other forms of policy tools should be used in case there is a clear risk of consumer detriment.

For more information about the Digital Festival, see the event’s website

Digital Values: Advancing Technology, Preserving Fundamental Rights

by Martin Schmalzried

On the 18th of January, Carnegie Europe, in partnership with Microsoft and in association with the Dutch Presidency, organized a conference on devising policies which help to maximize the value of technology while preserving our core values. Several high level key note speakers took the floor including Brad Smith, President and Chief Legal Officer of Microsoft, and Věra Jourová, European Commissioner for Justice, Consumers, and Gender Equality.

The key topics discussed, from COFACE’s perspective were balancing privacy with security/safety, the latest developments and implications for the Internet of Things, transparency and user trust and finally, the development of Big Data.

Balancing privacy with security/safety

Given the recent terrorist attacks in France and in many other parts of the world, the “mood” has shifted from a focus on privacy following the Snowden revelations to security and public safety. Privacy is often pitched against security and safety, in the sense that one cannot have both privacy and security/safety. To some extent, this is true. If States were allowed to limitlessly monitor and skim through all data, perhaps some terrorist attacks could be prevented. However, the assumption on which this trade-off is built is a gross over-simplification of the world we live in. Pitching privacy against security/safety fails to address more pressing issues such as rethinking the foreign policies of our National governments and actions at international level which may indirectly or directly encourage terrorism. Should we therefore keep selling weapons all over the world, apply very cynical policies or “real politik” across the world, failing to address the hardships that citizens in Iraq, Syria or Afghanistan are facing, failing also to recognize our governments’ responsibilities in creating the mess and at the same time implement mass surveillance as a means to prevent terrorism? There may be no dilemma or trade-off between privacy and security/safety after all. Privacy simply needs to go along with measures to curb inequalities, bring about more responsible, humanist foreign policies and eliminate discriminations, exclusions and the ghettoization of specific minorities.

The Internet of Things

While for end users, innovations in the field of IoT (Internet of Things) seem very attractive, especially in their potential to make their lives easier (automated heating, managing your fridge’s content…), they also gives rise to a number of challenges:

– A lack of standardization in terms of communication protocols, security, privacy protection, etc could break the very principle of the openness that the Internet was built on, with each actor trying to impose his “standard” for IoT.

– How can users access data generated by IoT and under which format should they receive it?
– How can users control data generated/transmitted by IoT? Will there be a way to switch the connectivity off?

– How much of the devices functionalities should run through the Internet as opposed to run either “offline” or only on the local “house” network? For instance, should a talking pet require permanent connectivity to interact with a child, it may be very restrictive in terms of use. Also, if a toy monitors a child, should the “recordings” be uploaded to the Internet or rather stored on a local computer on the “house” network? The latter point raises the question of privacy and intrusion of IoT into the privacy of minors. This is especially tricky from a legal point of view as IoT devices may monitor and collect data about adults but also about children. This may give rise to a new form of privacy protection model, based on Privacy by Design or Privacy by Default.

– IoT is extremely complex from a liability point of view and includes many “layered legals”. Who is responsible in case something goes wrong? Often, there multiple companies involved to make IoT work. For instance, in the case of an automated heating service, car companies are involved (to send a signal from the vehicle when the user gets close to home), online cloud services, the IoT device itself and potentially even more (if there is a third party software on the IoT device…).

– The combination of Big Data and IoT may also usher in a “Premium” vs. “Freemium” era, where consumers are offered discounts based on their behaviours, at the expense of quality of service. Many examples illustrate how IoT and Big Data can be used for better or for worse. Hotels for instance, can gather data on a consumers’ habits (does he/she usually heat the room, how many towels does he/she use, etc…) to save energy, water… but this data could also be used to propose “Ryanair” type discounts to consumers at the expense of quality (if a consumer agrees not to use the air conditioning, or not use any towels, he/she will get a discount…) or even discriminations (should a consumer take long showers or baths, he/she would be proposed systematically higher prices for hotels).

Transparency and user trust

User trust is absolutely essential if companies wish them to embrace the current revolutions in IoT, Big Data, Artificial Intelligence etc. However, this poses a serious challenge. How can a company be transparent about highly technical and complex issues such as Big Data? To give a concrete example, credit scores, which are automatically calculated using algorithms and Big Data are all but transparent to consumers.

In the end, while transparency is a necessity, ensuring that a quality regulatory framework is in place will also help in securing user’s trust. As Brad Smith has pointed out, regulation should be clear and predictable, rights of people need to be respected and their rights need to have remedies.

Big Data

Big Data is a relatively new phenomenon and users are only getting familiar with its implications and the possibilities such a technology offers. There are many questions that users are struggling with:

– How much is my data worth? Am I getting my “data’s worth” when I’m using a service which relies on the use of personal data in its business model?
– Is there a trade-off between sharing my personal data and the service I am receiving? Can this data be used against me?
– How can I have more control over the data I am sharing and how the data I share influences my online experience?
All of which will need to be addressed if users are to entrust companies with their data.

To finish, COFACE fully agrees with the lead statement of the conference: advancing technology, preserving fundamental rights. This balance will certainly need to be struck in the years to come and COFACE will reflect on all the latest developments to ensure that users get the most out of technology.

Keeping children safe from Cyberbullying

News-09 SaferInternet

On the 22nd and 23rd of September, German and Polish Safer Internet Centers jointly held another edition of their major Safer Internet Conference in Warsaw, Poland. The conference revolved around several key topics such as privacy, sexuality, risky content, data ethics, cyberbullying and inappropriate online behaviours. Many key issues were touched upon such as:

-The growing use and exploitation of private data as a business model and the dawn of private data as a currency to pay for online content.

-The impact of sexting and exposure to sexually explicit content on children’s and young people’s sexuality, which borders on cyberbullying as well.

-How to secure your right to privacy online and some concrete tips to keep your data safe from unethical uses.

COFACE, represented by Martin Schmalzried, sat on a panel discussion dedicated to challenges and visions concerning child safety online in the present and in the future. The three main points addressed by COFACE were related to cyberbullying.

How to reach out to parents that are unaware of cyberbullying?

Some parents will always be left out and feel helpless when it comes to dealing with cyberbullying. Just like other topics such as sexuality, not all parents feel ready to discuss certain topics for a variety of reasons. Schools and teachers remain the best way to ensure a common knowledge and awareness about issues such as cyberbullying. That was why a universal schooling system was set up in the first place: to level the playing field and give each child the same chances in life through education. However, this is no reason to give up on parents and we should always try to reach out to them to make them feel more concerned and involved about issues such as cyberbullying. Examples include:
-Organising parents evenings in schools or through organisations such as family associations.
-Presenting them with easy tools and steps to protect their children online.
-Information campaigns via magazines and newsletters from family associations or the provision of easy tools and multimedia resources such as those delivered by the #DeleteCyberbullying project.

How do you explain the difference in awareness about cyberbullying between EU countries?

It all has to do with cultural differences and the environment. For instance, in some countries such as the Scandinavian countries, topics like sexuality, violence or gender roles are openly discussed by the wider public, while in other countries such as the southern Member States, these topics are much less “taboo”. Such cultural differences, among many other factors, may explain the differences in attitudes towards an issue like cyberbullying. For instance, in COFACE’s awareness raising video about cyberbullying, we have received many comments implying that cyberbullying is not such a tragic issue, after all, it’s “just” a few online words that you can easily ignore, especially if “you are a man”.

Parents often don’t come to parent evenings at school. How can they be more inclined to come?

There are many strategies for securing parents’ participation but we would like to put the focus on work-life balance. Parents and teachers are living busy lives. With both parents working, there is little time left for parenting, personal activities, social activities and household responsibilities. Securing a better work-life balance would enable parents to have more time to attend parent evenings and get more involved in their parenting, including digital parenting. COFACE has carried out a full campaign last year on work-life balance.