At the end of October, the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) took place in Brussels and Sofia. This forum, attended by hundreds of delegates from over 70 countries, provided an opportunity for open discussions on the latest developments in data protection, laws and ethics, in what is an increasingly data-driven society. The ICDPPC was also attended by some of the Big Tech names such as Apple, Google and Facebook, demonstrating the weight increasingly given to data, its use and protection.
Ethics and a “landmark” declaration
In focussing on data ethics, the ICDPPC reflected the current mood of regulators and, indeed, much of the public. Indeed, Andrea Jelinek (Chair of the European Data Protection Board) said at a side event that “Acting ethically is, in my opinion, as important as being compliant with laws when it comes to data protection”.
The European Data Protection Supervisor, Giovanni Buttarelli, spoke on the role of data protection authorities in the governance of digital ethics, highlighting the importance of identifying domestic and international strategies to allow businesses, government authorities and individuals’ rights to privacy and ethical values to evolve with developing technologies. Whilst we have seen the establishment of data protection laws, Buttarelli suggests that we are now shifting towards establishing “sustainable ethics for a digitised society” and that we “urgently” need an ethical consensus when considering the digital sphere.
Sir Tim Berners Lee (Director of the World Wide Web Consortium) gave an address on the subject (specifically in relation to the internet), flagging that whilst protocols and standards may govern the means and conditions of technology use, the social motivations of individuals, laws, policies and therefore ethics, also determine the terms on which technology, and the internet in particular, is used. Consistent with Buttarelli, Berners Lee also highlighted that technology is not a constant and so engagement of policy makers with technologists is very important, especially when working to design the ethical rules that may apply in any situation. AI is one such area of developing technology where privacy, data protection, and ethical considerations converge.
As part of this data ethics agenda, the ICDPPC adopted a Declaration on Ethics and Data Protection in Artificial Intelligence (the Declaration). Described as a “landmark text” by the CNIL, the Declaration aims to: (i) preserve human rights in the development of AI by promoting principles such as fairness, continued attention and vigilance; (ii) promote accountability for the potential effects, and consequences of, artificial intelligence systems; (iii) encourage systems transparency, intelligibility, and responsible development of AI systems by applying principles of privacy by design and by default as well as the exercise of individuals’ rights; and (iv) mitigate unlawful biases and discrimination of AI systems.
The Declaration also establishes a permanent working group, which not only addresses the challenges of AI development but will also be responsible for advancing the general understanding of, and respect for, the Declaration’s underlying principles.
The Declaration text is now open for public consultation until 25 January 2019 and all interested stakeholders are invited to contribute.
A roadmap for the future
The continued relevance of data-related debates was also reflected in the fact that 4 new member authorities and 11 observer organisations joined the annual event.
The ICDPPC looked to the future and member authorities adopted a roadmap for the future of the International Conference, “with a view to strengthen the ICDPPC as a more efficient platform for international cooperation and policy influence, a more diverse, open and transparent network and a more structured and efficient organisation”. Isabelle Falque-Pierrotin, Chair of the ICDPPC Executive Committee declared: “It is also a signal for the world around us: data protection is a central and operational issue in the global digital world being built and the authorities will play their role, that of an ethical and democratic stabilizer of our society.”
Four other resolutions were adopted, regarding e-learning platforms, ICDPPC rules and procedures, a collaboration between data protection authorities and consumer protection and the conference census, together aimed at further enhancing co-operation among data protection authorities.
Those monitoring the impact of Brexit on the UK and its involvement in the data protection world will also be interested to note that the ICDPPC has elected Elizabeth Denham, the UK Information Commissioner, as new Chair of the Executive Committee.