A meeting in London to discuss the contours of a use-based model as an approach to data protection is occurring today. Approximately thirty regulators, industry officials, advocates, and academics are participating, including Hogan Lovells Chris Wolf. The meeting is being hosted by the Privacy Projects and is being moderated by Viktor Mayer-Schönberger, Professor of Internet Governance and Regulation at the University of Oxford and Fred Cate from the Center for Applied Cybersecurity Research at Indiana University.
The discussion is centering on how, in addition to the current focus on notice, choice, and purpose specification at time of data collection, use analysis can be used a tool of data protection. There is a focus on the “harms” or “impacts” of information to help guide determinations about uses and use conditions in context. The participants seem to agree a use analysis can serve as means effectively to implement the Fair Information Practice Principles (FIPPS), helping to determine when and how notice, consent, access, etc. can be implemented. Focusing on use in a sense shifts the analysis away from relying predominantly on the protections at the time of collection of data, which makes sense in a world where there are multiple channels of collection of data about people, as well as potential beneficial (and non-risky) uses of data for “Big Data” analytical purposes.
Documents relevant to the discussion include the English translation of the CNIL’s 2012 report, Methodology for Privacy Risk Management and the World Economic Forum’s 2013 report, Unlocking the Value of Personal Data: From Collection to Usage