This week is particularly exciting for the many people at Microsoft who focus on data privacy. Several of us will attend the annual Global Privacy Summit in Washington, D.C., hosted by the International Association of Privacy Professionals (IAPP). It is a week for privacy professionals from around the world to convene and discuss the big topics that industry, civil society and governments work on collectively to advance the state of privacy protections in today’s data-rich world.
Scott Charney, Corporate Vice President of Microsoft’s Trustworthy Computing group, will deliver a keynote address on Thursday that explores both the trust dynamics resulting from ongoing disclosures regarding government data access and the challenges facing commercial data privacy models in a world of increasingly ubiquitous computing.
One of the challenges with the current model is that much of the responsibility for privacy protection rests with individuals who are expected to read and make informed decisions based on the numerous detailed privacy statements of service providers. Research suggests that many do not read the statements and, as such, their expectations may not match the actual practices of data users. Among the ideas we have discussed with other privacy experts is to evolve privacy frameworks by increasing the focus on the uses of the data, more robust risk assessments, more organizational accountability and updated enforcement models. Such a model would focus less dependence on consent for expected uses, and increased emphasis on these elements would help shoulder more of the burden of privacy protection.
It is important to underscore that shifting the focus from a "notice and consent" to a "data use" model does not mean eliminating the concepts of notice and consent. Individual participation and consent remain critical parts of the privacy model. Similarly, increasing data protection’s reliance on use and accountability programs does not mean eliminating all other information principles outlined in the Organisation for Economic Co-operation and Development Guidelines. Rather, this model adds tools to the data protection arsenal that can help cover gaps which are currently difficult to govern.
We are continuing to explore these types of updated models with privacy leaders in Washington, D.C. this week and will be hosting a panel on Wednesday on the topic at the Microsoft Innovation & Policy Center. You can read our latest thinking on the topic in “Evolving Privacy Models”, and hear directly from a diverse group of privacy practitioners from around the world in a new video series, “Privacy Perspectives.”
My colleagues and I look forward to engaging with the global privacy community this week. Privacy continues to capture headlines and mindshare with consumers, industry and government stakeholders around the world, and it is our collective responsibility – and opportunity – to identify a meaningful path for the future of privacy in this new information age.