Steve Wright, Partner at Privacy Culture opened Tuesday’s proceedings at EUDPS Manchester by emphasising how data is the new global currency.
Elaborating on the “currency” element, Steve revealed that personal data can start trading on the dark web for £200, a sum that only goes up as the complexity of personally identifiable information increases.
“We have to be conscious that people are trying to get hold of our data for malicious purposes. Trust is a key issue, because cyber-attacks are becoming increasingly sophisticated. We are in an environment of unprecedented levels of challenges, and data privacy law has intensified accordingly,” Steve said.
Steve explained how perspectives on what data privacy means, the value of the term, differ globally; in the US, “a lot of people naturally feel it’s okay for their data to be used and shared. In Europe, we’re more protectionist. With the evolution of global data law, the two systems are starting to merge.”
Detailing positives to have come out of the GDPR so far, Steve noted:
- The number of complaints received by data protection authorities is increasing
- The number of data breach reports is increasing
- Authorities are starting to fine and sanction firms for privacy violations
- Google’s fine of €50M imposed by CNIL
- British Airways’ fine of £183 million imposed by the ICO
- Marriott International’s fine of £99.2 million imposed by the ICO.
- Security investment is increasing
- Privacy-first services approach of business.
Steve highlighted how the GDPR effect is now truly taking hold in the US, where around 12 states are now looking at data privacy legislation.
Marketing Leader and GDPR specialist, Julia Porter then developed on the positive and negative effects of GDPR since its implementation. Julia opened the morning’s second keynote with a grounded guideline to follow when dealing with private data: “In the end, don’t piss people off; don’t annoy people.”
She went on to describe confusion among businesses when it comes to understanding obligations under new data laws.
“Not everyone has the same perspective on what privacy means,” Julia said, before introducing some concerning insight taken from Information Commissioner’s Office Research.
According to ICO research, 50% of consumers were aware of the GDPR this year, as opposed to 55% last year.
“Does this research mean GDPR is drifting off people’s radars? The level of complexity with which we talk about data privacy is making it harder for people to care about it. We are failing to explain why we need consumers’ data in a way that makes sense,” Julia said.
Julia highlighted a gulf between what politicians think is possible, and how data privacy rights can be implemented at ground level. Recently, a joint committee on human rights said the UK government “should look at creating a single online registry that would allow people to see in real time all the companies that hold personal data on them and what data they hold.
“The problems are correct but this solution is fantasy,” Julia reflected.
After the morning break, Head of Privacy and Data Protection at Gemserv, Ivana Bartoletti, chaired a debate on privacy in the era of emerging technologies, AI, robotics, big data and algorithms with a panel of experts.
Rowenna Fielding, Senior Data Protection Lead at Protecture, (and self-confessed data geek), cited the automation at speed and scale of “human stupidity” as one of the greatest challenges to machine learning development.
“AI isn’t really very intelligent, it’s just machine learning. Fundamentally, AI seems to be at a tangent to basic principles in GDPR. We have to feed AI huge amounts of data and we’re not quite sure why it does what it does,” backed up Rob Masson, Founder at the DPO Centre.
The discussion explored bias in AI, and how bias can double and triple when applied to algorithms.
“We’ve got to get companies who want to use AI to be able to see this clear bias problem,” said Tash Whitaker, Global Data Privacy Director at Whitaker Solutions Ltd.
Before the break, Alan McGillivray, Privacy Consultant at OneTrust underlined why third-party risk (vendor risk) is important and what the main challenges of the vendor market are.
GDPR was highlighted as a key market driver, impinging on companies to put in sufficient guarantees on a vendor to ensure technical measures are in place to protect the consumer.
“The CCPA reinforces this responsibility, and the number of cloud software companies in California makes this a huge issue in the States,” Alan said.
Pointing out the urgency of hyper-diligence in this sector, Alan added:
“Despite tech being at its pinnacle in human history, we’re having more data breaches than ever before. This is linked to the growth of data through the world. We have more information than ever before. This is despite growing security and incident management budgets.”
Ivana Bartoletti then tackled video surveillance and privacy, noting the huge increase in the use of CCTV cameras in society.
“Many other countries are following suit, with AI being used to power the use of facial recognition technology (FRT),” Gemserv’s Head of Privacy and Data Protection said.
The audience was given examples of the use of surveillance in society today, building a clear picture of the way in which FRT has subtly permeated both the private and public space. With the ICO now planning to investigate the use of FRT by private bodies, many are now questioning what the end to surveillance will be, and what evidence exists that the technology works.
The post #Privacy: Observations from the morning session at European Data Protection Summit Manchester appeared first on PrivSec Report.