[OECDIT] Protecting Privacy
By Jennifer Stoddart
Privacy Commissioner of Canada
In the past decade, the Internet has created an information revolution that has reshaped our lives. The way we think and read, shop and talk, learn and create will never be the same. As an international community, we have only begun to exploit the potential of this global network of networks.
But there are downsides to the Internet economy as well, unforeseen effects that even many experts did not anticipate. The pressures of global economic competition, in a very real sense, have converted every industry into an information industry, and every national economy is struggling to adapt to the digital world. Entire industriesmedia, entertainment, publishing, travelhave had to adapt to this online reality.
The rise of the online consumer has not only created more competition, it has fundamentally altered the way businesses view information. Commercial organizations now feel they are at a serious disadvantage if they don't gather as much data about their clientele and markets as possible. They have powerful incentives to expand and exploit their data holdingsparticularly the personal information of their clients.
These growing stores of personal information are coveted not only by companies, but are also an ideal venue for theft and fraud. Many of the elements that make the Internet such a powerful way to communicate, learn and conduct businessthe openness, anonymity and global reach of the networksalso create potential vulnerabilities. Public research indicates that many people are uneasy about what happens to their personal information when they go online.
Challenge of Insecurity
The net-savvy citizen and consumer is naturally concerned by mounting headlines regarding sophisticated phishing attacks, enormous data breaches and the proliferation of identity theft. People have very legitimate concerns about the security of their personal information. It is no coincidence that as businesses began to exploit the value of personal data, so too did criminals.
Clearly, people need to feel secure when they go online, be it in their capacity as consumers, citizens, workers or students. They need to know their personal information will be protected and their privacy respected. However, it is important to recognize that protecting the privacy of certain groups in our society can be very challenging.
To cite just one significant example, we are now seeing the first truly wired generation of children grow up online. These are young people who have never known a world without Google; they find email ``old fashioned''; and they swap data, such as songs, photos and video, like a previous generation once traded baseball cards or comic books.
Yet for all the comfort this generation shows with technology, they have very clear concerns about their privacy and how to protect themselves onlineagainst cyber-stalking, against shaming, against ID theft, and so on. Governments need to do more to ensure that they hear, understand and address these concerns.
Need for International Cooperation
As the Privacy Commissioner of Canada, I am committed to protecting and promoting the privacy rights of Canadians. But in today's wired world, this national mandate demands a global approach. I firmly believe that protecting privacy, enhancing security and building user confidence are goals that we all must pursue. This cannot be done on a country-by-country basisthe international data flows are too great; the technologies are evolving too rapidly; and the jurisdictional challenges too daunting. The only way to achieve meaningful progress in such a complex environment is to work collectively on privacy and security issues. Internet privacy challenges have emerged on an international scale, and so require global thinking and global solutions.
This is why I believe the upcoming Organization for Economic Cooperation and Development (OECD) Ministerial Meeting on the Future of the Internet Economy is so important. I, along with representatives from other governments, academia, industry and civil society, will participate in this meeting, and it will be an invaluable opportunity for a broad range of stakeholders to explore ways to work together cooperatively.
We also need to focus more on information security. It is increasingly clear that privacy and security are intertwined. The data protection community must be more open to working with non-traditional partners, such as anti-spam organizations and cyber-security and law enforcement authorities. Effective privacy can be a facilitator of the growth of the Internet economy and economic development.
As a wired, global community, we should be striving to achieve a basic level of privacy protection around the world. This does not mean we need to have a single, global standard, or one approach to protecting privacya misconception that can often make discussions between countries about how to best address privacy issues very challenging. Rather, countries should be encouraged to take different approaches to protecting privacy. Each local information environment is socially, culturally, economically and technologically unique. Policy-makers must abandon their comparative, legalistic approach, just as industry leaders must put aside their competitive, technological prejudices. Parochialism can be a significant barrier to the protection of privacy. Results matter more than local and national lawsand achieving these results requires honest, global dialogue.
OECD's Role in Global Privacy Protection
The OECD has played a critically important role in developing global solutions to privacy and security issues. I am honored to have had the opportunity to work with the OECD Working Party on Information Security and Privacy along with colleagues from the Korea Information Security Agency (KISA). The work of this group is pivotal to ensuring that global flows of information, the lifeblood of the Internet economy, are adequately protected. The OECD has made real progress in encouraging cooperation between the different approaches of member countries and in reaching out to other international organizations, such as the Asia Pacific Economic Cooperation (APEC) group. But there remains an urgent need to do more, to expand the discussion even further to other regions and economies.
The setting of the upcoming OECD Ministerial Meeting in Seoul is both appropriate and timely. The Asia-Pacific region, and Korea in particular, is an increasingly important force in the global economy and it is driving much of the innovation in new media and the Internet economy. In addition, Korea and other Asian countries have their own important perspectives on the concept of privacy and the challenges of data protection from which we can all benefit. I am truly looking forward to the debate, discussion and deliberations to come.