Most Read Contributor in New Zealand, September 2016
Privacy, digital identity and digital innovation were
key themes at the recent "Identity Conference" co-hosted
in Wellington by Victoria University, the Department of Internal
Affairs and the Office of the Privacy Commissioner.
The conference, featuring both overseas and local
speakers, brought together a number of interesting perspectives on
the interplay between technological invention, human rights and
regulatory response. We outline the broad scope of the
Protecting privacy in a digital world
The key question for the conference was how to maximise the
benefits and minimise the risks around identity and privacy in our
increasingly digitised and connected ways of living, working,
socialising, shopping, and playing.
Smart use of digital data has huge potential value:
individually focussed services
service integration and ease of access
better policy and product design (based on better information),
limitless scope for technological innovation.
But there is an essential tension between these benefits and
maintaining privacy for our digital identity (which is increasingly
removed from our traditional sense of "self"):
the digital world lacks the visual cues of risk/threat/danger
that stimulate our use of privacy protections in the physical
a lot of data about individuals can be inferred, reverse
engineered and re-identified from apparent anonymity, and
we are losing control over our digital identity (as
A person's frame of reference in relation to privacy may
shift over time. Evidence is emerging that we become less willing
to disclose our digital identity as we gain experience of how our
data, even apparently non-sensitive data, can be used (and
connected, reverse-engineered, etcetera).
However the picture is far from simple as, although we are
unwilling to give up privacy protections, once granted, we are also
unwilling to give up the benefits which can be accessed through
greater disclosure – an inconsistency which suggests that it
is very difficult to capture the value of privacy.
This tension could be managed by introducing an ethical
framework for use of digital data that allows organisations to
unlock the value of the data they hold while maintaining consumer
trust. Such a framework might include such components as:
giving individuals greater control over their own data and how
it is shared - with whom, when and for what purpose
transparency reporting of data disclosure
visceral stimulants to make users more conscious of what they
are sharing online and of the possible later implications for
digital privacy and identity.
Companies could make digital data security a competitive
advantage. Some guidance in framework design is available in the
Privacy by Design principles - user-centric, pro-active, embedded
privacy by default, control to individual, full functionality
potential, end to end security, and transparency.
But no system is perfect:
transparency on how companies use data can be quickly forgotten
when separated out from immediate data collection for even a short
it is impossible to have full privacy/security and full
innovation, so trade-offs will be needed to avoid a win-lose
it is unnecessary to make an absolute choice in favour of
digital privacy or innovation – we can (and should) balance
and tier the emphasis depending on the data involved
it is essential to plan for security failure and to build more
robust networks that can detect and cope with failure, learn,
respond and recover.
The conference papers are now available on line - keynote
here and panel contributors here.
The information in this article is for informative purposes
only and should not be relied on as legal advice. Please contact
Chapman Tripp for advice tailored to your situation.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 12 August 2016, the Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, the Inspection and Quarantine of China (GAQSIQ), and the Standardisation Administration of China (SAC) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the "Guidelines").
On July 21, the Personal Data Protection Commission ("PDPC") imposed a $5,000 fine on Toh-Shi Printing Singapore for its failure to implement proper and adequate verification procedures...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).