Thursday, 12 March 2009

Is Privacy Possible in the 21st century?

These are my rough notes from the event organised by University of Bristol, where
Andrew Charlesworth (IT&Law) and Nello Christianini (A.I. Dept) gave really engaging talks on both the Legal and Technical perspectives on 21st century privacy.

The talk fitted well with our discussions about metadata, ethics for developers etc. It was really interesting to have the legal perspective too.

Patterns in personal data: we leave trails in transaction space, weblogs and so on.
AOL – can build up picture of us through search terms we use
Google – queries, position, email content, background information, youtube use, calendar, news preferences etc
Today it is possible to segment by past behaviour eg people who brought a pizza and rented a video may buy a beer next. Look at
The USA presidential election used targeted/micro marketing to identify potential voters
What concepts, laws and values should we develop to safeguard ourselves and future generations?

Is privacy a 21st century delusion? – the legal perspective:
What is privacy? Individual vs community objectives is a modern invention, first mentioned in a law journal in USA in 1890, privacy is primarily a twentieth century notion. In the 1950s there was a fear of dossiers, now the fear is data-mining of information about us.
Erik Larson's Law of Data Dynamics, from The Naked Consumer, mentions that in the 1960s, information about birthdays that had been collected by the Dairy Queen chain to give free celebratory milkshakes was used by the draft board in the USA to determine whether young men eligible to fight in Vietnam (i.e. over 18). This is an example of Larson's Second Law – that data will always be used for purposes other than originally intended.
Data protection is NOT the same as privacy protection. The data protection act is out of date, too complex, places too much reliance on individual self-help, is toothless. It was written in the days of mainframes and dumb terminals. The public sector is often exempted. Private sector faces only minor limits. It only covers data identfying a living individual.
Phorm – BT – examines every webpage visited and generates adverts accordingly
Key questions
1.Can governments and corporations achieve legitimate goals withough causing disproportionate harm?
2.Will changes in privacy affect us equally, or continue divisions based on wealth?
3.Will we see backlash against datamining, profiling and clustering and what form might that take? Eg encryption, data pollution, physical/electronic attacks? The government is developing a new database that will contain all our travel details.

Usenet back archives were bought by google and made online and searchable – so anytihng you looked at or wrote to in the 1980s is now public. We need new laws on informational privacy

We need a culture shift.
1.without social/legal restraints the collection and retention of personal data will increase in line with storage capacity
2.there is no 'forgetting' of personal data – no clean slate for juvenile offenders.
3.Governments and businesses will increasingly interact with your 'data shadow'
4.individuals will modify their behaviour either consciously or unconsciously to maintain a favourable data shadow.

Questions from the floor:

On marketing making us homogenous - Andrew more concerned with political homogeneity

Used to rely on totalitarian states being inefficient – is it much harder now?

Importance of using consumer pressure – Companies could market themselves as companies who don't log data, as ecommerce firms have an incentive to be perceived as trustworthy, but if they go bust then there is a financial incentive to sell any data they have.


  1. Thank you Constance for recording this - v.helpful

  2. very very helpful to write my paper. It showed me how to go about getting info I need.