Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”
Hot off the press is Professor Woodrow Hartzog’s new book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (Harvard Univ. Press 2018). This is a fascinating and engaging book about a very important and controversial topic: Should privacy law regulate technological design?
This cartoon depicts the potential future of the Internet of Things. As more and more devices are connected to the Internet, including ones implanted in people’s bodies, increasing thought must be given to the privacy and security implications. The speed of technological development is moving at a far greater pace than the speed of policy thinking regarding privacy and security.
How will the security of new devices be regulated? The market doesn’t seem to be adequately addressing the security of the Internet of Things. Bad security in devices has externalities beyond the users, as devices can be used as part of botnets to attack other targets.
How will privacy be designed into devices? How will notice and choice work? When privacy is “baked in” to a device, do the engineers have a comprehensive understanding of privacy? How will consumers be able to understand and respond to these design choices?
Should there be special considerations for medical devices or any device that is implantable in a person?
We still await satisfactory answers to these questions . . . but the expansion of the Internet of Things isn’t waiting.
Here’s an earlier cartoon I created regarding the Internet of Things:
By Daniel J. Solove
At my annual event, the Privacy+Security Forum, which was held last month, one of the sessions involved privacy and security in fiction. The panelists had some terrific readings suggestions, and I thought I’d share with you the write-up that they generated for their session. The speakers were:
Peter Winn, Assistant U.S. Attorney, U.S. DOJ and Lecturer, University of Washington School of Law
Heather West, Senior Policy Manager & Americas Principal, Mozilla
Kevin Bankston, Director, Open Technology Institute and Co-Director, Cybersecurity Initiative, New America
Joseph Jerome, Policy Counsel at Future of Privacy Forum
By Daniel J. Solove
“We’re building privacy into the architecture from the ground up,” various companies and government entities often say when designing products, programs, and services.