Hybrid Of Technical And Legal Approach To Data Privacy (by Michael Dizon)
The continuing digitisation of knowledge and culture, the increasing embeddedness of computers and software in people’s everyday lives, and the growing reliance on global information networks for personal communications, social interactions and public discourse are major trends that are changing and challenging how privacy is understood, viewed and exercised in today’s information-driven world. While trends such as digitisation, computerisation and globalisation have the benefit of opening up the wider world to any person to explore and interact with, the flipside is that the traditional separation between private and public spheres has been blurred and the internal world of the individual is potentially subject to the all-encompassing gaze and examination of the wider world and everyone else in it. Due to these socio-technical developments, privacy has become one the central issues and concerns of living in the information society especially since privacy, whether as a concept or a human right, has become more difficult to comprehend and much harder to preserve and protect.
While privacy has long been recognised as a human value and a legal right, the ability of the law to protect it has been severely diminished in recent years. Despite the presence of national and international laws on privacy and data protection, the law on the whole has struggled to keep up with the exponential growth in the collection, storage and analysis of information (including personal data) and properly deal with the accompanying results and ramifications. There have been attempts to develop technical solutions to deal with the evident erosion of privacy with the use of privacy-enhancing technologies such as encryption. However, the effectiveness of these tools is limited because of, among other reasons, the complexity and inconvenience of using these technologies, people’s general lack of awareness or their perceived inability to control how their digital identifies and data are accessed and used, the perceived impossibility of counteracting or reversing the entrenched, systematic and widespread trends and practices that encourage such sweeping, wholesale and indiscriminate collection of personal data by public and private actors that is now commonplace.
Are the cynics correct in pronouncing, “Privacy is dead, get over it”? We wholeheartedly disagree. Privacy is and remains an essential human right and value that deserves promotion and protection. While the threats to privacy appear insurmountable, we believe that a hybrid technical and legal approach that combines the fields of computer science and law may offer a possible solution to the privacy issues that we face. The key is to integrate and merge privacy and data protection laws and regulations with the technical standards, protocols and policies on data collection and processing. This is necessary because the protection of privacy requires the consideration of both its technical and legal foundations and effects. Thus, by examining and applying both laws and technical rules together, it would be possible to comprehensively address important privacy issues. This is one of the goals of the Data Privacy Foundation and its Data Privacy Matrix: to clarify, interoperate and harmonize the legal rules and technical standards on data protection with a view to producing global best practices on data privacy.