On November 2, 2011, following welcome comments by Federal Institute for Access to Information and Data Protection (“IFAI”) Commissioner Jacqueline Peschard, the 33rd International Conference of Data Protection and Privacy Commissioners opened in Mexico City with an examination of the phenomenon of “big data” as a definer of a new economic era. In a wide-ranging presentation, Kenneth Neil Cukier of the Economist drew into clear relief the possibilities and problems associated with combining vast stores of data and powerful analytics. He highlighted the growing ability to correlate seemingly unrelated data sets to predict behavior, reveal trends, enhance product performance and safety and derive meaning. In his remarks Cukier noted that, in an era of big data, much of the decision-making about data collection and use goes beyond traditional notions of privacy, touching on ethics and free will. Noting that the printing press led to the development of free speech laws, he left open the question of how big data may change the legal landscape.
Cukier’s remarks were followed by a two-part panel including regulators, industry representatives, consumer advocates and academics who addressed two questions posed by moderator Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership: “Now that the world of big data has arrived, how should data protection and privacy regulation change?” and “How do education, prevention and punishment work in this emerging environment?”
Data protection and privacy commissioners on the panel included Jacob Kohnstamm, Head of the Article 29 Working Group; David Vladeck, Director of the Federal Trade Commission’s Division of Consumer Protection; Peter Schaar, German Federal Commissioner for Data Protection and Freedom of Information; and Marie Schroff, Privacy Commissioner of New Zealand. Their responses indicated that regulators will move away from an approach based on rules and reactions to market events, toward one that promotes risk assessment and taking strategic action to affect market behavior. The panelists highlighted the continued need for transparency, privacy by design and negative enforcement. It was noted, however, that the market does not always resolve privacy problems on its own, and that user control of personal information remains a fundamental goal.
In the second part of the panel, Peter Cullen (Microsoft), Christian Pardieu (GE), Maria Carolina Pardo (Baker & McKenzie, Colombia S.A.), Gus Hosein (Privacy International), and Joel Reidenberg (Fordham University) responded to the data protection authorities’ comments and to Richard Thomas’ query regarding changes they would like the data protection and privacy commissioners to make. Their remarks pointed to the need to focus more on use and accountability and less on consent when consent is impractical, and reflected an interest in evaluating the systemic risks posed by big data. Other comments advocated more traditional approaches based on transparency and individuals’ ability to exercise their rights related to data, which would allow data protection authorities to focus on more complex issues where consumer actions cannot be effective. Panelists also offered cautionary remarks about the need to preserve privacy values (such as collection minimization), and to avoid assuming that alternative approaches to protection will be effective.