Jane Winn, Privacy By Design

Jane Winn, Privacy By Design

Comment by: Jane Winn

PLSC 2009

Workshop draft abstract:

“Privacy enhancing technologies” have been discussed for years by privacy advocates as a possible strategy for enhancing compliance with information privacy laws, but to date, none have ever had any significant impact on the way information technology is actually used.  This paper will suggest that the focus on “privacy enhancing technologies” is misguided because it reifies the social relationships that result in the production and distribution of information processing technologies.  In 2008, the Article 29 Working Party introduced the concept of “privacy by design” in its analysis of search engine information privacy practices, but did not elaborate on the meaning of this concept.  This paper will suggest that if “privacy by design” is interpreted as referring to the use of “adaptive management systems” in the design and distribution of information technology, then it would represent significant progress toward a more effective regulatory regime for information privacy.  Adaptive management systems are a widely used form of social regulation designed to permit dynamic identification and management of a wide range of health and safety risks.  Such “light touch” forms of regulation of upstream production and distribution of information processing technologies are more likely to enhance compliance with information privacy laws than a narrow focus on the features of products available to end users in downstream markets.